Solved

W2k3 DC Errors 1030/1058 USERENV

Posted on 2007-03-29
5
796 Views
Last Modified: 2008-05-31
I recently added a 2k3 dc to my domain and trasfered all fsmo roles to it.  Soon after I noticed that I was unable to edit GPOs or access the sysvol directory from the server.  Although I am able to access the sysvol on the problem dc from another server, and I am able to edit GPOs from any other DC.  I also noticed two errors every five minutes in the application log.  Any and all help would be greatly appreciated.

Errors 1030 and 1058 from source USERENV

1030:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

1058:
Windows cannot access the file gpt.ini for GPO CN={577C96CC-EEBC-446B-8A17-635CE940D535},CN=Policies,CN=System,DC=mycompany,DC=net. The file must be present at the location <\\mycompany.net\SysVol\mycompany.net\Policies\{577C96CC-EEBC-446B-8A17-635CE940D535}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

Below is a copy of a dcdiag that I ran.  The replication errors are from a DC that we took offline for maintenace.

DCDIAG:
D:\Program Files\Support Tools>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\PDC
      Starting test: Connectivity
         ......................... PDC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\PDC
      Starting test: Replications
         [Replications Check,PDC] A recent replication attempt failed:
            From BDC to PDC
            Naming Context: CN=Schema,CN=Configuration,DC=mycompany,DC=net
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2007-03-23 08:53:17.
            The last success occurred at 2007-03-22 06:52:14.
            26 failures have occurred since the last success.
            [BDC] DsBindWithSpnEx() failed with error 1722,
            The RPC server is unavailable..
            The source remains down. Please check the machine.
         [Replications Check,PDC] A recent replication attempt failed:
            From BDC to PDC
            Naming Context: CN=Configuration,DC=mycompany,DC=net
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2007-03-23 08:52:56.
            The last success occurred at 2007-03-22 06:52:13.
            26 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,PDC] A recent replication attempt failed:
            From BDC to PDC
            Naming Context: DC=mycompany,DC=net
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2007-03-23 08:52:35.
            The last success occurred at 2007-03-22 06:52:14.
            26 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,PDC] A recent replication attempt failed:
            From BDC to PDC
            Naming Context: DC=ForestDnsZones,DC=mycompany,DC=net
            The replication generated an error (1256):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
            The failure occurred at 2007-03-23 08:52:35.
            The last success occurred at 2007-03-22 06:52:14.
            26 failures have occurred since the last success.
         [Replications Check,PDC] A recent replication attempt failed:
            From BDC to PDC
            Naming Context: DC=DomainDnsZones,DC=mycompany,DC=net
            The replication generated an error (1256):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
            The failure occurred at 2007-03-23 08:52:35.
            The last success occurred at 2007-03-22 06:52:14.
            26 failures have occurred since the last success.
         REPLICATION-RECEIVED LATENCY WARNING
         PDC:  Current time is 2007-03-23 09:17:19.
            DC=ForestDnsZones,DC=mycompany,DC=net
               Last replication recieved from BDC at 2007-03-22 06:52:14.
            DC=DomainDnsZones,DC=mycompany,DC=net
               Last replication recieved from BDC at 2007-03-22 06:52:14.
         ......................... PDC passed test Replications
      Starting test: NCSecDesc
         ......................... PDC passed test NCSecDesc
      Starting test: NetLogons
         [PDC] An net use or LsaPolicy operation failed with error 5, Acc
ess is denied..
         ......................... PDC failed test NetLogons
      Starting test: Advertising
         ......................... PDC passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... PDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... PDC passed test RidManager
      Starting test: MachineAccount
         Could not open pipe with [PDC]:failed with 5: Access is denied.
         Could not get NetBIOSDomainName
         Failed can not test for HOST SPN
         Failed can not test for HOST SPN
         * Missing SPN :(null)
         * Missing SPN :(null)
         ......................... PDC failed test MachineAccount
      Starting test: Services
         Could not open Remote ipc to [PDC]:failed with 5: Access is deni
ed.
         ......................... PDC failed test Services
      Starting test: ObjectsReplicated
         ......................... PDC passed test ObjectsReplicated
      Starting test: frssysvol
         [PDC] An net use or LsaPolicy operation failed with error 5, Acc
ess is denied..
         ......................... PDC failed test frssysvol
      Starting test: frsevent
         ......................... PDC failed test frsevent
      Starting test: kccevent
         Failed to enumerate event log records, error Access is denied.
         ......................... PDC failed test kccevent
      Starting test: systemlog
         Failed to enumerate event log records, error Access is denied.
         ......................... PDC failed test systemlog
      Starting test: VerifyReferences
         ......................... PDC passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : mycompany
      Starting test: CrossRefValidation
         ......................... mycompany passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... mycompany passed test CheckSDRefDom

   Running enterprise tests on : mycompany.net
      Starting test: Intersite
         ......................... mycompany.net passed test Intersite
      Starting test: FsmoCheck
         ......................... mycompany.net passed test FsmoCheck

0
Comment
Question by:AzagThothe
  • 2
5 Comments
 
LVL 13

Expert Comment

by:strongline
ID: 18819075
try below to reset secure channel with itself.
netdom resetpwd /server:IPofDC ......(do NOT stop KDC and do not use server name)
0
 

Author Comment

by:AzagThothe
ID: 18879197
This turned out to be a SMB signing issue on the server.  I made a change to the following registry entry to fix the problem:

hklm\system\ccs\services\lanmanworkstation\parameters\enablesecuritysignature = 1
0
 
LVL 13

Expert Comment

by:strongline
ID: 18879724
well done.
i am curious that how that be changed, though. The smb signing is enabled (but not required) by default.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19300235
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show, step by step, how to integrate R code into a R Sweave document
Learn about cloud computing and its benefits for small business owners.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now