Userevn Problems

I'm getting 2 errors in my event log. I get a set of 2 that occur approximately once an hour.
Event ID: 1058
Source: Userevn
Type: Error
User: SELHS/Administrator

Windows cannot access the frile gpt.ini for GPO CN=[0324c4e7-e065-4281-b6b0-97f1db6dc35f],CN=policies,DC=selhs,dc=org.
The file must be present at the location <//\sysvol\\policies\[0324c4e7-e065-4281-b6b0-97f1db6dc35f]\gpt.ini>. (The specified user does not exist.) Group Policy processing aborted

Event ID: 1030
Type: Error

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

What is the cause and solution to this error?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
One possible cause is incorrectly configured DNS. Verify with an ' ipconfig  /all '  at the command line that your workstations point only to your DNS server an not to your ISP's DNS servers. The ISP's DNS servers should be added to your DNS server's Forwarders list.

If that is not the case, try running Microsoft's network test tool  netdiag.exe  It is available from the Windows Resource Kit or you can download from:
It will test numerous DNS, name resolution, and GP functions and report on each.

selhsAuthor Commented:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.SELHS.000>cd\



    Computer Name: BDC
    DNS Host Name:
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
    List of installed hotfixes :

Netcard queries test . . . . . . . : Passed

Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . :
        IP Address . . . . . . . . :
        Subnet Mask. . . . . . . . :
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . :

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed

Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
    The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Passed
    Secure channel for domain 'SELHS' is to '\\'.

Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Kerberos does not have a ticket for host/

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
    No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    Service status  is: Started
    Service startup is: Automatic
    IPSec service is available, but no policy is assigned or active
    Note: run "ipseccmd /?" for more detailed information

The command completed successfully

Here are my results. Everything appears to pass do you see anything out of the ordinary?
selhsAuthor Commented:
Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Kerberos does not have a ticket for host/

How can this be fixed I should've stated?
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Rob WilliamsCommented:
The kerberose test failure is not likely a problem. There is actually a "glitch" in the netdiag utility that often returns this. However if in doubt there are specific tools to test this. Have look at the following articles which explains the problem and where to find the other tools. I'll do a little digging in the mean time.
Rob WilliamsCommented:
Have you seen the link below? Seems there can be a lot of issues causing that combination of errors. Rather than posting it all here have a look:

One thing I did notice is someone found MS patch KB899587 caused the problem. I notice you also have that patch installed on this system.
selhsAuthor Commented:
I removed the patch and did a few other adjustments and nothing. I'm wondering if i'm having a DNS problem. I have the Baseline Analyzer that I run on my server. It can't seem to resolve IP address's when it does a network scan. This use to work up until December. However I can ping by name. Is there something i'm missing in my DNS forwarders?
Rob WilliamsCommented:
can you resolve a name using at a command line?
nslookup  YourServerName

If not rather than forwarders it may be reverse lookup zones.
Though Reverse Lookup zones are not normally necessary it may be the issue. If you don't have any you can create by right clicking  on the reverse look up zones folder choose new, primary zone and enter the first three octets of your subnet such as 192.168.123  Choose all defaults and it will create the zone (reverses the IP) . Assuming you have dynamic updates enabled (you likely do) it will build the list of computers over the next hour. If you want to manual add the server or others to speed things up right click in the right hand window and add a new ptr record by entering the IP and ComputerName of the device.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
selhsAuthor Commented:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\administrator.SELHS>nslookup domainserv
*** Can't find server name for address Non-existent domain
*** Default servers are not available
Server:  UnKnown


Rob WilliamsCommented:
Adding a reverse lookup zone for your domain should repair at least the above.
selhsAuthor Commented:
Nope still getting the same error and the reverse lookup looks correct. It added all the IP address's on my network
Rob WilliamsCommented:
Did it at least repair the nslookup results ?

I am about out of suggestions. I just uploaded DCDiag to the same location:
You could try running either from the domain controller with simply DCDiag or from a workstation using
  dcdiag  /n:YourDomain.suffix
Not sure if there is a difference in the test if run on either. Results may be of some help.
Rob WilliamsCommented:
Thanks selhs,
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.