Solved

1030 1058 error "policy cn number not the same"

Posted on 2006-07-14
9
284 Views
Last Modified: 2010-03-18
2x2003 Server DC's, all updates! A whole lotta PC's and laptops all XP Pro based all current updates applied at present.

I'm at wits end. You are all my last hope before I call MS support and wasting 245 to fix the problem!

We had a major AD crash a about 2 months ago. Microsoft came in and got everything up and running again.
Of course, thats all they did. They didn't clean up the rest of the mess.

Problem: Group Policy is not replicating to any device. Only our old policy is still in effect. New rules and changes are not taking effect.

Sysvol share security settings is setup correctly.
Have tried gpupdate /sync /force... yada yada yada...
DFS is always running. Service is at 100%
I have reconneted pc's to the domain. No use.
Even new PC's jsut joining the domain are  giving the error message. WTF

Our GPO cn policy numbers are different than what all the PC's and non DC servers are looking for.
 
The DC's have the new cn ploicies in the SYSVOL share; there are 5 listed in the sysvol share.
{1CAA2356-FACC-4526-8381-0AAACF0270A2}
{03E7C6C6-2AC7-4A8B-860B-A10D76B717E1}
{6AC1786C-016F-11D2-945F-00C04fB984F9}
{31B2F340-016D-11D2-945F-00C04FB984F9}
{B1F5910B-DEFE-4125-8DCC-C323FF797ABE}

XP clients and other servers are looking for:
Windows cannot access the file gpt.ini for GPO cn={00578E06-F823-4153-A008-116A8C858599},cn=policies,cn=system,DC=Consol,DC=local. The file must be present at the location <\\Consol.local\SysVol\Consol.local\Policies\{00578E06-F823-4153-A008-116A8C858599}\gpt.ini>. (The system cannot find the path specified. ). Group Policy processing aborted.

As you can see everythign is lokking for GPO cn={00578E06-F823-4153-A008-116A8C858599}. This is happening network wide. The added traffic for the GPO policy file is causing lag.

Is there a way resolve this problem.
How can I get all devices to update themselves and look at the new policy location?
If I need to create a script and force it out to all the cleints I'm down!!

Need more info?
0
Comment
Question by:ConSolIT
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 13

Assisted Solution

by:Kini pradeep
Kini pradeep earned 100 total points
ID: 17111337
1. check whether both the Dc's are replicating fine (use AD sites& services or Replmon to force and check) if they do then check whether Files in the sysvol replicate, you can try creating a test notepad file.

2. stop and start the FRS service on both DC's, any errors reported ?
3. what other errors reported in the FRS event logs.
if Files in sysvol donot replicate can you download and run Frsdiag ?
check Article ID : 842804
have you checked whether the policy actually exists on both the DC's, by the path specified in the events
eg: \\Consol.local\SysVol\Consol.local\Policies\{00578E06-F823-4153-A008-116A8C858599}\gpt.ini

0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 150 total points
ID: 17111354
A couple of thoughts:
In the past a combination of 1030 and 1058 has indicated a DNS configuration problem, but this seems different. However, make sure your workstations and servers point only to your internal DNS server/s, make sure they are correct, and check the DNS console to make sure there are no duplicate host records showing multiple IP's for the same host.

Also, have you seen the following articles.
http://support.microsoft.com/?kbid=842804
http://support.microsoft.com/kb/314494/EN-US/
0
 
LVL 2

Author Comment

by:ConSolIT
ID: 17112149
I went through DNS I found some wrong IP's listed in the Interfaces tab.
Cleaned that out adn only applied the 10.0.6.1 & 10.0.6.4. The two internal dns servers for fault.
Zone transfering is enabled between the two. I not sure this is necassary but it is enabled.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 250 total points
ID: 17112776
often it is problems with your group policies themselves

http://support.microsoft.com/?kbid=887303
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17115966
>>"found some wrong IP's listed in the Interfaces tab. Cleaned that out adn only applied the 10.0.6.1 & 10.0.6.4"
After that you should do a reboot, or at a command line run the following to clean out any name caches:
nbtstat  -c   (note 'c' is case sensitive)
ipconfig /flushdns
0
 
LVL 2

Author Comment

by:ConSolIT
ID: 17202451
All has failed...
I will try your recomendations Jay as soon as I get time.
This issue has ben lowered on my priority task list.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17206205
alright mate
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17351377
I would recommend a point split between the participants here, even if a 'B' grade. There are some good suggestions here, that do resolve issues with those particular errors in many situations, however we did not hear the results of trying these options. ConSolIT, even pointed out that it helped him/her to locate some configuration errors, even before trying all suggestions.
Just my 2¢
--Rob
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to fix the time service on domain controller 6 54
C# Get Networked Computers (SQL Servers) 2 56
Configure File History in Windows 10 Pro 13 99
Setting up a VPN 60 142
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Resolve DNS query failed errors for Exchange
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question