Userevn Problems

I'm getting 2 errors in my event log. I get a set of 2 that occur approximately once an hour.
Event ID: 1058
Source: Userevn
Type: Error
User: SELHS/Administrator

Windows cannot access the frile gpt.ini for GPO CN=[0324c4e7-e065-4281-b6b0-97f1db6dc35f],CN=policies,DC=selhs,dc=org.
The file must be present at the location <//selhs.org\sysvol\selhs.org\policies\[0324c4e7-e065-4281-b6b0-97f1db6dc35f]\gpt.ini>. (The specified user does not exist.) Group Policy processing aborted

Event ID: 1030
Source:Userevn
Type: Error
User:SELHS/administrator

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

What is the cause and solution to this error?
selhsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
One possible cause is incorrectly configured DNS. Verify with an ' ipconfig  /all '  at the command line that your workstations point only to your DNS server an not to your ISP's DNS servers. The ISP's DNS servers should be added to your DNS server's Forwarders list.

If that is not the case, try running Microsoft's network test tool  netdiag.exe  It is available from the Windows Resource Kit or you can download from:
http://www3.ns.sympatico.ca/malagash/Downloads/Net/netdiag.exe
It will test numerous DNS, name resolution, and GP functions and report on each.

0
selhsAuthor Commented:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.SELHS.000>cd\

C:\>netdiag

....................................

    Computer Name: BDC
    DNS Host Name: bdc.selhs.org
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
    List of installed hotfixes :
        KB883939
        KB890046
        KB893756
        KB896358
        KB896422
        KB896424
        KB896428
        KB898715
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB905414
        KB905915
        KB908519
        KB910437
        KB911564
        KB911927
        KB912919
        KB913446
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : bdc.selhs.org
        IP Address . . . . . . . . : 10.0.0.209
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.0.0.1
        Dns Servers. . . . . . . . : 10.0.0.12


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{2A6A2A3F-EC58-4B2D-93C1-91689CD7ED47}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{2A6A2A3F-EC58-4B2D-93C1-91689CD7ED47}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{2A6A2A3F-EC58-4B2D-93C1-91689CD7ED47}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
    Secure channel for domain 'SELHS' is to '\\domainserv.selhs.org'.


Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Kerberos does not have a ticket for host/bdc.selhs.org.


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    Service status  is: Started
    Service startup is: Automatic
    IPSec service is available, but no policy is assigned or active
    Note: run "ipseccmd /?" for more detailed information


The command completed successfully

Here are my results. Everything appears to pass do you see anything out of the ordinary?
0
selhsAuthor Commented:
Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Kerberos does not have a ticket for host/bdc.selhs.org.

How can this be fixed I should've stated?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Rob WilliamsCommented:
The kerberose test failure is not likely a problem. There is actually a "glitch" in the netdiag utility that often returns this. However if in doubt there are specific tools to test this. Have look at the following articles which explains the problem and where to find the other tools. I'll do a little digging in the mean time.
http://support.microsoft.com/?kbid=870692
http://www.jsifaq.com/SUBQ/tip8300/rh8319.htm
0
Rob WilliamsCommented:
Have you seen the link below? Seems there can be a lot of issues causing that combination of errors. Rather than posting it all here have a look:
http://www.eventid.net/display.asp?eventid=1058&eventno=1752&source=Userenv&phase=1

One thing I did notice is someone found MS patch KB899587 caused the problem. I notice you also have that patch installed on this system.
0
selhsAuthor Commented:
I removed the patch and did a few other adjustments and nothing. I'm wondering if i'm having a DNS problem. I have the Baseline Analyzer that I run on my server. It can't seem to resolve IP address's when it does a network scan. This use to work up until December. However I can ping by name. Is there something i'm missing in my DNS forwarders?
0
Rob WilliamsCommented:
can you resolve a name using at a command line?
nslookup  YourServerName

If not rather than forwarders it may be reverse lookup zones.
Though Reverse Lookup zones are not normally necessary it may be the issue. If you don't have any you can create by right clicking  on the reverse look up zones folder choose new, primary zone and enter the first three octets of your subnet such as 192.168.123  Choose all defaults and it will create the zone (reverses the IP) . Assuming you have dynamic updates enabled (you likely do) it will build the list of computers over the next hour. If you want to manual add the server or others to speed things up right click in the right hand window and add a new ptr record by entering the IP and ComputerName of the device.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
selhsAuthor Commented:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\administrator.SELHS>nslookup domainserv
*** Can't find server name for address 10.0.0.12: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  10.0.0.12

Name:    domainserv.selhs.org
Address:  10.0.0.12


0
Rob WilliamsCommented:
Adding a reverse lookup zone for your domain should repair at least the above.
0
selhsAuthor Commented:
Nope still getting the same error and the reverse lookup looks correct. It added all the IP address's on my network
0
Rob WilliamsCommented:
Did it at least repair the nslookup results ?

I am about out of suggestions. I just uploaded DCDiag to the same location:
http://www3.ns.sympatico.ca/malagash/Downloads/DC/
You could try running either from the domain controller with simply DCDiag or from a workstation using
  dcdiag  /n:YourDomain.suffix
Not sure if there is a difference in the test if run on either. Results may be of some help.
0
Rob WilliamsCommented:
Thanks selhs,
--Rob
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.