Solved

1030 1058 error "policy cn number not the same"

Posted on 2006-07-14
9
287 Views
Last Modified: 2010-03-18
2x2003 Server DC's, all updates! A whole lotta PC's and laptops all XP Pro based all current updates applied at present.

I'm at wits end. You are all my last hope before I call MS support and wasting 245 to fix the problem!

We had a major AD crash a about 2 months ago. Microsoft came in and got everything up and running again.
Of course, thats all they did. They didn't clean up the rest of the mess.

Problem: Group Policy is not replicating to any device. Only our old policy is still in effect. New rules and changes are not taking effect.

Sysvol share security settings is setup correctly.
Have tried gpupdate /sync /force... yada yada yada...
DFS is always running. Service is at 100%
I have reconneted pc's to the domain. No use.
Even new PC's jsut joining the domain are  giving the error message. WTF

Our GPO cn policy numbers are different than what all the PC's and non DC servers are looking for.
 
The DC's have the new cn ploicies in the SYSVOL share; there are 5 listed in the sysvol share.
{1CAA2356-FACC-4526-8381-0AAACF0270A2}
{03E7C6C6-2AC7-4A8B-860B-A10D76B717E1}
{6AC1786C-016F-11D2-945F-00C04fB984F9}
{31B2F340-016D-11D2-945F-00C04FB984F9}
{B1F5910B-DEFE-4125-8DCC-C323FF797ABE}

XP clients and other servers are looking for:
Windows cannot access the file gpt.ini for GPO cn={00578E06-F823-4153-A008-116A8C858599},cn=policies,cn=system,DC=Consol,DC=local. The file must be present at the location <\\Consol.local\SysVol\Consol.local\Policies\{00578E06-F823-4153-A008-116A8C858599}\gpt.ini>. (The system cannot find the path specified. ). Group Policy processing aborted.

As you can see everythign is lokking for GPO cn={00578E06-F823-4153-A008-116A8C858599}. This is happening network wide. The added traffic for the GPO policy file is causing lag.

Is there a way resolve this problem.
How can I get all devices to update themselves and look at the new policy location?
If I need to create a script and force it out to all the cleints I'm down!!

Need more info?
0
Comment
Question by:ConSolIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 13

Assisted Solution

by:Kini pradeep
Kini pradeep earned 100 total points
ID: 17111337
1. check whether both the Dc's are replicating fine (use AD sites& services or Replmon to force and check) if they do then check whether Files in the sysvol replicate, you can try creating a test notepad file.

2. stop and start the FRS service on both DC's, any errors reported ?
3. what other errors reported in the FRS event logs.
if Files in sysvol donot replicate can you download and run Frsdiag ?
check Article ID : 842804
have you checked whether the policy actually exists on both the DC's, by the path specified in the events
eg: \\Consol.local\SysVol\Consol.local\Policies\{00578E06-F823-4153-A008-116A8C858599}\gpt.ini

0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 150 total points
ID: 17111354
A couple of thoughts:
In the past a combination of 1030 and 1058 has indicated a DNS configuration problem, but this seems different. However, make sure your workstations and servers point only to your internal DNS server/s, make sure they are correct, and check the DNS console to make sure there are no duplicate host records showing multiple IP's for the same host.

Also, have you seen the following articles.
http://support.microsoft.com/?kbid=842804
http://support.microsoft.com/kb/314494/EN-US/
0
 
LVL 2

Author Comment

by:ConSolIT
ID: 17112149
I went through DNS I found some wrong IP's listed in the Interfaces tab.
Cleaned that out adn only applied the 10.0.6.1 & 10.0.6.4. The two internal dns servers for fault.
Zone transfering is enabled between the two. I not sure this is necassary but it is enabled.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 250 total points
ID: 17112776
often it is problems with your group policies themselves

http://support.microsoft.com/?kbid=887303
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17115966
>>"found some wrong IP's listed in the Interfaces tab. Cleaned that out adn only applied the 10.0.6.1 & 10.0.6.4"
After that you should do a reboot, or at a command line run the following to clean out any name caches:
nbtstat  -c   (note 'c' is case sensitive)
ipconfig /flushdns
0
 
LVL 2

Author Comment

by:ConSolIT
ID: 17202451
All has failed...
I will try your recomendations Jay as soon as I get time.
This issue has ben lowered on my priority task list.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17206205
alright mate
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17351377
I would recommend a point split between the participants here, even if a 'B' grade. There are some good suggestions here, that do resolve issues with those particular errors in many situations, however we did not hear the results of trying these options. ConSolIT, even pointed out that it helped him/her to locate some configuration errors, even before trying all suggestions.
Just my 2¢
--Rob
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question