Event ID 1030, 1065 on server 2003 standard

rliptrot
rliptrot used Ask the Experts™
on
My client has a new Server 2003 standard connected to SBS2003 as a client.  As of 2 days ago when logging onto the new server, all admin accounts on the server no longer have any permissions to install software, change network settings etc?  Basically any admin account when logged onto the server is not an admin account anymore? even the domain admin?  
Event id 1030 and 1065 are found in event viewer and I have tried many suggestions found on various forums but to no avail.  All other client machines connecting to the SBS server have no issues only the server 2003 standard has this issue, it is the new accounts server and was due to go live tomorrow any help would be greatly appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Can you provide the details to the 2 events? SOurce? Addl text? Warnings?

Anyway, try to re-join the server to the domain. Check if the local administrator account is member of the administrators group on the server. The Domain Admins should be member as well.

Check your SBS 2003 for group policies affecting the member server. Run gpmc.msc on the SBS and create a resulting set of policies for the member server. Esp. check for "user rights assignments".

Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014
Commented:
Well 1030 is common to Group Policies not being applied... it's the 1065 that stands out as unique.  This is only caused by a corruption of the "framedyn.dll" file located in c:\windows\system32\wbem.

If you've updated the server to SP1, then there's a copy of that file in C:\windows\ServicePackFiles\i386 that you can just copy into the wbem directory to replace the corrupt one.

You should just be able to log off and back on to see if that fixes the problem.

Jeff
TechSoEasy
Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

Commented:
One other thing... make sure that %SystemRoot%\System32\Wbem is listed in your PATH Environment setting.

(You can easily check by typing PATH at a command prompt).

If it's not, type the following at a command prompt to add it to the path:

%SystemRoot%\System32\Wbem %PATH%

Jeff
TechSoEasy

CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Author

Commented:
Ok, thanks for the advice so far.  I have replaced the framedyn.dll and the Event id 1065 has now gone away.  The 1030 error is still in place and I still have no administrator rights on the server?  I disconnected the server from the domain and still had the same issue? rejoined the domain and no change.

Anything else it could be linked to, I have been through the group policies and can't see anything problematic.  I have noticed however that the firewall on the client server says it is corrupt and I cant get access to any property pages because of the original problem, no privelages!  Its the standard windows firewall, could this be a cause and how the hell can I uninstall it? cant see it in add/remove windows components.

Thanks again for your help so far.
Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

Commented:
Well, wait a minute... in an SBS environment, you need to add an additional server in a specific manner.  Please follow the steps outlined in this paper:  http://sbsurl.com/addserver

And regarding the firewall... are you saying this is occuring on the SBS?  If so, are there error events occuring in addition to 1030?  (such as 1058?).  Are you trying to make the new server a domain controller?  

Jeff
TechSoEasy

Author

Commented:
The errors are appearing on the client server which runs server 2003 standard R2 SP1, it has been working fine connected to the SBS2003 server (DC) until 2 days ago.  There have been no changes made to the servers in the last week.  In the event log of the client server i am receiving the 1030 error but no other errors?  The client server is running SAP so it only need to be a client and nothing more, so no I dont want it to be a DC and havent configured it to act as one, roles on the client server are file server and application server, it runs SQL 2005.

Is that any clearer, apologies if my details seem a bit vague :(

Author

Commented:
Bah, just ran gpupdate on the client and got the 1065 error back!  also ran gpresult and here is the log if it helps

C:\Documents and Settings\Administrator.ISM>gpresult

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 31/05/2007 at 11:07:49


RSOP data for ISM\administrator on ACCTS-SERVER : Logging Mode
---------------------------------------------------------------

OS Type:                     Microsoft(R) Windows(R) Server 2003, Standard Editi
on
OS Configuration:            Member Server
OS Version:                  5.2.3790
Terminal Server Mode:        Remote Administration
Site Name:                   Default-First-Site-Name
Roaming Profile:
Local Profile:               C:\Documents and Settings\Administrator.ISM
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
    CN=ACCTS-SERVER,CN=Computers,DC=ISM,DC=local
    Last time Group Policy was applied: 31/05/2007 at 11:06:21
    Group Policy was applied from:      ism-server.ISM.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        ISM
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Small Business Server Client Computer
        Small Business Server Remote Assistance Policy
        Small Business Server Lockout Policy
        Small Business Server Domain Password Policy
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Windows Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PostSP2

        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        Domain Computers


USER SETTINGS
--------------
    CN=Administrator,CN=Users,DC=ISM,DC=local
    Last time Group Policy was applied: 31/05/2007 at 11:06:21
    Group Policy was applied from:      ism-server.ISM.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        ISM
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Small Business Server Client Computer
            Filtering:  Not Applied (Empty)

        Small Business Server Lockout Policy
            Filtering:  Disabled (GPO)

        Small Business Server Domain Password Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Remote Assistance Policy
            Filtering:  Disabled (GPO)

        Local Group Policy
            Filtering:  Not Applied (Empty)

        Small Business Server Windows Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PostSP2

        Small Business Server Internet Connection Firewall
            Filtering:  Denied (WMI Filter)
            WMI Filter: PreSP2

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        Debugger Users
        BUILTIN\Users
        BUILTIN\Administrators
        REMOTE INTERACTIVE LOGON
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Domain Admins
        Exchange Services
        Exchange Domain Servers
        Group Policy Creator Owners
        Enterprise Admins
        Schema Admins
        SBS Mobile Users
        SBS Report Users
        Exchange Enterprise Servers

C:\Documents and Settings\Administrator.ISM>

Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

Commented:
Well, you apparently did not follow the paper I linked above to properly add this server.  You've placed it in a wrong OU in AD.  SBS"s AD is preconfigured and the structure cannot be modified.  Member Servers must be in the following OU:

ISM.local\MyBusiness\Computers\SBSServers

(all workstations must be in ISM.local\MyBusiness\Computers\SBSComputers and all users must be in ISM.local\MyBusiness\Users\SBSUsers).

So, that's a major part of your problem.

SBS-based networks cannot be managed the same as stand-alone Server 2003-based networks.  You need to follow the design parameters of SBS if you want things to work properly.

Jeff
TechSoEasy

Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

Commented:
FYI, had you used the "Set up Server Computers" wizard in the SBS's Server Management Console, the server would have been placed in the proper OU automatically.  You should ALWAYS add new devices using the SBS's wizards... not directly in AD.

Jeff
TechSoEasy

Author

Commented:
Thanks for your help on this matter, I found the problem to be a corrupted WMI.  Repaired the WMI and then repaired other compents that had been affected by the problem, all is now present and correct.
Jeffrey Kane - TechSoEasyPrincipal Consultant
Most Valuable Expert 2016
Top Expert 2014

Commented:
That may very well be the case... but your servers are still in the wrong OU if you left them in the ISM.local\Computers OU.

Jeff
TechSoEasy

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial