?
Solved

USERENV Evt 1101 & 1030 errors - User unable to maintain mappings

Posted on 2006-04-13
15
Medium Priority
?
1,390 Views
Last Modified: 2012-05-05
I have a client in a 2000 native domain structure with an XP Professional PC getting the following error:

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1030
Date:            4/12/2006
Time:            8:20:53 AM
User:            S-1-5-21-861567501-1425521274-1801674531-1654
Computer:      Todd
Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.


                     +

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1101
Date:            4/12/2006
Time:            8:20:53 AM
User:            S-1-5-21-861567501-1425521274-1801674531-1654
Computer:      Todd
Description:
Windows cannot access the the object OU=DEVILLED,OU=EASTEREGGS,DC=DEVILLED,DC=EASTEREGGS,DC=com in Active Directory. The access to the object may be denied. Group Policy processing aborted.

Notice the SID in the User field.  He is losing his mappings every day when logging in.  Any ideas?


0
Comment
Question by:mentisgroup
  • 6
  • 5
  • 3
  • +1
15 Comments
 
LVL 5

Expert Comment

by:Intense_Angel
ID: 16448161
The SID is not defined.  The computer is trying to use an account that cannot be found/translated on the domain.  Somewhere on the pc it has an account that cannot be verified with your domain that it is trying to use.  Usually you see these things when a computer was moved from one domain to another, or a user from a trusted domain is on the computer and now the trust has been broken.
0
 

Author Comment

by:mentisgroup
ID: 16448185
OK.  What do I need to do to resolve?  This user has been in place with the same PC for years now but just started happening.  
0
 
LVL 13

Expert Comment

by:haim96
ID: 16448234
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:Intense_Angel
ID: 16448249
Try turning off SMB signing first then we can go from there...

Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
Right-click the Domain Controllers organizational unit, and then click Properties.
Click the Group Policies tab.
Click Default Domain Controllers Policy, and then click Edit.
Go to the following location:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
If any of the following policy settings are set to Enabled, double click the setting, click to select the Define this policy setting check box, click Disabled, and then click OK.

NOTE: By default, only one setting is set to Enabled.
Digitally sign client communication (always)
Digitally sign client communication (when possible)
Digitally sign server communication (always)
Digitally sign server communication (when possible)


Close Group Policy editor, click OK, and then quit Active Directory Users and Computers.

By default, Group Policy settings are refreshed on domain controllers every five minutes. To force the policy settings to be refreshed on Windows XP immediately, run the following command:
gpupdate
After the settings are applied, restart Windows XP.
0
 
LVL 5

Accepted Solution

by:
Intense_Angel earned 2000 total points
ID: 16448316
0
 
LVL 13

Expert Comment

by:haim96
ID: 16448343
this is just copy/paste from the technet article  
that i already posted  :)
0
 

Author Comment

by:mentisgroup
ID: 16448860
I checked the link to M$ re the security settings, all was in place already - no changes were made.  I then tried the SMB signing option but none were defined  - again no changes were made.  
Anything else?
0
 
LVL 13

Expert Comment

by:haim96
ID: 16449004
is the problem exist on other users on this machine ?
if not, try to delete the user and create him again.
(don't forget to back his stuff ... )
if not,check the same user on other machine. this will help you to find out
if you have problem with the user or with the machine.
0
 

Author Comment

by:mentisgroup
ID: 16449046
This is only occuring with just one user.  
0
 
LVL 13

Expert Comment

by:haim96
ID: 16449070
in only one machine ? this is importent to isulate the problem.
0
 
LVL 13

Expert Comment

by:haim96
ID: 16449123
logon as admin on the local machine.
backup the user's local profile and then delete the local and roaming profile from the server .
(if he got one,you can backup the roaming profile too,just to be sure...)
then logon again with the user, make sure that new profile was created, check if the problem exist.
0
 

Author Comment

by:mentisgroup
ID: 16449126
I sent him an email to see if he can do just that.  Thanks for your assistance!!!
0
 

Author Comment

by:mentisgroup
ID: 16501097
OK......since running gpupdate last week on his PC he has not needed to remap his drives.  But looking on other PCs, every machine on the domain is getting that same error (1101 & 1030).  
0
 
LVL 13

Expert Comment

by:haim96
ID: 16572613
@ @
  ~

0
 

Expert Comment

by:secuteamers
ID: 37551366
The solution for me was to add the "authenticated users" group at the domain level and grant these "read" rights... I suggest you check this at each level of the AD structure of the failing GPO. Good luck!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question