[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3042
  • Last Modified:

Group Policy "NULL SID" issue.

After joining workstations to the domain and rebooting sometimes group policies aren't being applied.  Gpresult shows the computer is a member of "NULL SID" instead of the normal groups.  The machines ARE being imaged, they ARE being sysprepped, and I did try and run newsid just in case to see what happens.  When it was run and rebooted all seemed fine in gpresult and "NULL SID" was gone.  After a couple of reboots it was back.  Any/all help is appreciated.  Thanks in advance.
0
IBS_Tech
Asked:
IBS_Tech
  • 7
  • 4
1 Solution
 
bloodymalth5Commented:
Have you checked to make sure that DNS is pointing in the correct place?
Look at
http://www.experts-exchange.com/OS/Miscellaneous/Q_21571907.html
0
 
IBS_TechAuthor Commented:
These two errors are showing up in event log every 5 minutes on one of the DCs.

Event message 1
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: date
Time: time
Type: Error
User: NT AUTHORITY\SYSTEM
Computer: servername
Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

Event message 2
Event Source: Userenv
Event Category: None
Event ID: 1097
Date: date
Time: time
Type: Error
User: NT AUTHORITY\SYSTEM
Computer: servername
Description: Windows cannot find the machine account. The Local Security Authority cannot be contacted.

I already saw the following article and none of the things listed are true.

http://support.microsoft.com/kb/832215 
0
 
IBS_TechAuthor Commented:
bloodymalth5:  Yes DNS is pointing to the correct place.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
bloodymalth5Commented:
IBS Tech,

Have you tried deleting and setting up the computer account in AD?  

Also have you tried to unjoin the domain, and rejoin the domain?

Thanks!
0
 
IBS_TechAuthor Commented:
Keep in mind this is a domain controller....I can't just disjoin and rejoin the domain and I really can't just take it down to dcpromo it.
0
 
IBS_TechAuthor Commented:
When re-reading the responses it seems you were refering to the workstation.  I have rejoined it to the domain several times.  This does not fix the issue.
0
 
bloodymalth5Commented:
Sorry for the delay.  I have been out of town.

So you are saying the server itself says thats its missing its own SID?

Also run a sfc.exe /scannow at the command prompt.  

Is the name of the server setup correctly under AD Users and computer under the domain controller OU ?
0
 
IBS_TechAuthor Commented:
I think the problem may be the DC that is most often contacted.  That server is listing userenv errors saying it can't find the computername on the domain...and it's a DC.  The client is the machine that lists "null sid" on a gpresult.
0
 
bloodymalth5Commented:
ok thanks for the update.

Look at this here
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=7561

Usually this is just informational, and it not really something that needs attention, just annoying.  It shows you how to fix it via this link
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=0069

Let me know!
0
 
IBS_TechAuthor Commented:
I saw that.  The issue appears to be the DC.  I demoted it and it appears OK, for now.  Thanks for all the help though.
0
 
IBS_TechAuthor Commented:
I'll award you the points since you were most helpful ;)
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now