Solved

W2k3 DC Errors 1030/1058 USERENV

Posted on 2007-03-29
5
802 Views
Last Modified: 2008-05-31
I recently added a 2k3 dc to my domain and trasfered all fsmo roles to it.  Soon after I noticed that I was unable to edit GPOs or access the sysvol directory from the server.  Although I am able to access the sysvol on the problem dc from another server, and I am able to edit GPOs from any other DC.  I also noticed two errors every five minutes in the application log.  Any and all help would be greatly appreciated.

Errors 1030 and 1058 from source USERENV

1030:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

1058:
Windows cannot access the file gpt.ini for GPO CN={577C96CC-EEBC-446B-8A17-635CE940D535},CN=Policies,CN=System,DC=mycompany,DC=net. The file must be present at the location <\\mycompany.net\SysVol\mycompany.net\Policies\{577C96CC-EEBC-446B-8A17-635CE940D535}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

Below is a copy of a dcdiag that I ran.  The replication errors are from a DC that we took offline for maintenace.

DCDIAG:
D:\Program Files\Support Tools>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\PDC
      Starting test: Connectivity
         ......................... PDC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\PDC
      Starting test: Replications
         [Replications Check,PDC] A recent replication attempt failed:
            From BDC to PDC
            Naming Context: CN=Schema,CN=Configuration,DC=mycompany,DC=net
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2007-03-23 08:53:17.
            The last success occurred at 2007-03-22 06:52:14.
            26 failures have occurred since the last success.
            [BDC] DsBindWithSpnEx() failed with error 1722,
            The RPC server is unavailable..
            The source remains down. Please check the machine.
         [Replications Check,PDC] A recent replication attempt failed:
            From BDC to PDC
            Naming Context: CN=Configuration,DC=mycompany,DC=net
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2007-03-23 08:52:56.
            The last success occurred at 2007-03-22 06:52:13.
            26 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,PDC] A recent replication attempt failed:
            From BDC to PDC
            Naming Context: DC=mycompany,DC=net
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2007-03-23 08:52:35.
            The last success occurred at 2007-03-22 06:52:14.
            26 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,PDC] A recent replication attempt failed:
            From BDC to PDC
            Naming Context: DC=ForestDnsZones,DC=mycompany,DC=net
            The replication generated an error (1256):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
            The failure occurred at 2007-03-23 08:52:35.
            The last success occurred at 2007-03-22 06:52:14.
            26 failures have occurred since the last success.
         [Replications Check,PDC] A recent replication attempt failed:
            From BDC to PDC
            Naming Context: DC=DomainDnsZones,DC=mycompany,DC=net
            The replication generated an error (1256):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
            The failure occurred at 2007-03-23 08:52:35.
            The last success occurred at 2007-03-22 06:52:14.
            26 failures have occurred since the last success.
         REPLICATION-RECEIVED LATENCY WARNING
         PDC:  Current time is 2007-03-23 09:17:19.
            DC=ForestDnsZones,DC=mycompany,DC=net
               Last replication recieved from BDC at 2007-03-22 06:52:14.
            DC=DomainDnsZones,DC=mycompany,DC=net
               Last replication recieved from BDC at 2007-03-22 06:52:14.
         ......................... PDC passed test Replications
      Starting test: NCSecDesc
         ......................... PDC passed test NCSecDesc
      Starting test: NetLogons
         [PDC] An net use or LsaPolicy operation failed with error 5, Acc
ess is denied..
         ......................... PDC failed test NetLogons
      Starting test: Advertising
         ......................... PDC passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... PDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... PDC passed test RidManager
      Starting test: MachineAccount
         Could not open pipe with [PDC]:failed with 5: Access is denied.
         Could not get NetBIOSDomainName
         Failed can not test for HOST SPN
         Failed can not test for HOST SPN
         * Missing SPN :(null)
         * Missing SPN :(null)
         ......................... PDC failed test MachineAccount
      Starting test: Services
         Could not open Remote ipc to [PDC]:failed with 5: Access is deni
ed.
         ......................... PDC failed test Services
      Starting test: ObjectsReplicated
         ......................... PDC passed test ObjectsReplicated
      Starting test: frssysvol
         [PDC] An net use or LsaPolicy operation failed with error 5, Acc
ess is denied..
         ......................... PDC failed test frssysvol
      Starting test: frsevent
         ......................... PDC failed test frsevent
      Starting test: kccevent
         Failed to enumerate event log records, error Access is denied.
         ......................... PDC failed test kccevent
      Starting test: systemlog
         Failed to enumerate event log records, error Access is denied.
         ......................... PDC failed test systemlog
      Starting test: VerifyReferences
         ......................... PDC passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : mycompany
      Starting test: CrossRefValidation
         ......................... mycompany passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... mycompany passed test CheckSDRefDom

   Running enterprise tests on : mycompany.net
      Starting test: Intersite
         ......................... mycompany.net passed test Intersite
      Starting test: FsmoCheck
         ......................... mycompany.net passed test FsmoCheck

0
Comment
Question by:AzagThothe
  • 2
5 Comments
 
LVL 13

Expert Comment

by:strongline
ID: 18819075
try below to reset secure channel with itself.
netdom resetpwd /server:IPofDC ......(do NOT stop KDC and do not use server name)
0
 

Author Comment

by:AzagThothe
ID: 18879197
This turned out to be a SMB signing issue on the server.  I made a change to the following registry entry to fix the problem:

hklm\system\ccs\services\lanmanworkstation\parameters\enablesecuritysignature = 1
0
 
LVL 13

Expert Comment

by:strongline
ID: 18879724
well done.
i am curious that how that be changed, though. The smb signing is enabled (but not required) by default.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19300235
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question