ConSolIT
asked on
1030 1058 error "policy cn number not the same"
2x2003 Server DC's, all updates! A whole lotta PC's and laptops all XP Pro based all current updates applied at present.
I'm at wits end. You are all my last hope before I call MS support and wasting 245 to fix the problem!
We had a major AD crash a about 2 months ago. Microsoft came in and got everything up and running again.
Of course, thats all they did. They didn't clean up the rest of the mess.
Problem: Group Policy is not replicating to any device. Only our old policy is still in effect. New rules and changes are not taking effect.
Sysvol share security settings is setup correctly.
Have tried gpupdate /sync /force... yada yada yada...
DFS is always running. Service is at 100%
I have reconneted pc's to the domain. No use.
Even new PC's jsut joining the domain are giving the error message. WTF
Our GPO cn policy numbers are different than what all the PC's and non DC servers are looking for.
The DC's have the new cn ploicies in the SYSVOL share; there are 5 listed in the sysvol share.
{1CAA2356-FACC-4526-8381-0
{03E7C6C6-2AC7-4A8B-860B-A
{6AC1786C-016F-11D2-945F-0
{31B2F340-016D-11D2-945F-0
{B1F5910B-DEFE-4125-8DCC-C
XP clients and other servers are looking for:
Windows cannot access the file gpt.ini for GPO cn={00578E06-F823-4153-A00
As you can see everythign is lokking for GPO cn={00578E06-F823-4153-A00
Is there a way resolve this problem.
How can I get all devices to update themselves and look at the new policy location?
If I need to create a script and force it out to all the cleints I'm down!!
Need more info?
I'm at wits end. You are all my last hope before I call MS support and wasting 245 to fix the problem!
We had a major AD crash a about 2 months ago. Microsoft came in and got everything up and running again.
Of course, thats all they did. They didn't clean up the rest of the mess.
Problem: Group Policy is not replicating to any device. Only our old policy is still in effect. New rules and changes are not taking effect.
Sysvol share security settings is setup correctly.
Have tried gpupdate /sync /force... yada yada yada...
DFS is always running. Service is at 100%
I have reconneted pc's to the domain. No use.
Even new PC's jsut joining the domain are giving the error message. WTF
Our GPO cn policy numbers are different than what all the PC's and non DC servers are looking for.
The DC's have the new cn ploicies in the SYSVOL share; there are 5 listed in the sysvol share.
{1CAA2356-FACC-4526-8381-0
{03E7C6C6-2AC7-4A8B-860B-A
{6AC1786C-016F-11D2-945F-0
{31B2F340-016D-11D2-945F-0
{B1F5910B-DEFE-4125-8DCC-C
XP clients and other servers are looking for:
Windows cannot access the file gpt.ini for GPO cn={00578E06-F823-4153-A00
As you can see everythign is lokking for GPO cn={00578E06-F823-4153-A00
Is there a way resolve this problem.
How can I get all devices to update themselves and look at the new policy location?
If I need to create a script and force it out to all the cleints I'm down!!
Need more info?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>"found some wrong IP's listed in the Interfaces tab. Cleaned that out adn only applied the 10.0.6.1 & 10.0.6.4"
After that you should do a reboot, or at a command line run the following to clean out any name caches:
nbtstat -c (note 'c' is case sensitive)
ipconfig /flushdns
After that you should do a reboot, or at a command line run the following to clean out any name caches:
nbtstat -c (note 'c' is case sensitive)
ipconfig /flushdns
ASKER
All has failed...
I will try your recomendations Jay as soon as I get time.
This issue has ben lowered on my priority task list.
I will try your recomendations Jay as soon as I get time.
This issue has ben lowered on my priority task list.
alright mate
I would recommend a point split between the participants here, even if a 'B' grade. There are some good suggestions here, that do resolve issues with those particular errors in many situations, however we did not hear the results of trying these options. ConSolIT, even pointed out that it helped him/her to locate some configuration errors, even before trying all suggestions.
Just my 2¢
--Rob
Just my 2¢
--Rob
ASKER
Cleaned that out adn only applied the 10.0.6.1 & 10.0.6.4. The two internal dns servers for fault.
Zone transfering is enabled between the two. I not sure this is necassary but it is enabled.