Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Win2003R2 Standard Edition Group Policy Inconsistant Error

Posted on 2007-07-25
7
Medium Priority
?
659 Views
Last Modified: 2012-05-05
Problem:
Inconsistant group policy errors
May skip 1 to 2 days before error appears again!
*****************************************************************************************************************************
New Dell Server as of 07-2007
Windows 2003 R2 Standard Edition
All updates applied!
*****************
Roles Installed
*****************
 (Multihomed)   Two Nics
 (Internet Public IP No firewall for now)    
 (intranet) Privite IP  192.168.2.x
Domain Controller(Active Directory)
File Server
Print Server
Application Server
Terminal Server
 WIll have RRAS installed @ later Date!
DHCP Server
DNS Server
************************************************************************************
*****NOTICE Difference:Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1058
Date:            7/18/2007
Time:            11:25:31 PM
User:            NT AUTHORITY\SYSTEM
Computer:      SAGO
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Crystal,DC=plantationinn,DC=com. The file must be present at the location <\\Crystal.plantationinn.com\sysvol\Crystal.plantationinn.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

**************************************************************************

*****Notice  Difference:The format of the specified network name is invalid

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1058
Date:            7/18/2007
Time:            11:20:29 PM
User:            NT AUTHORITY\SYSTEM
Computer:      SAGO
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Crystal,DC=plantationinn,DC=com. The file must be present at the location <\\Crystal.plantationinn.com\sysvol\Crystal.plantationinn.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The format of the specified network name is invalid. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
*********************************************************************************************************************
Then I get applied successfully message
*************************************************
Also can do gpupdate /force with success 9 times out 10

Event Type:      Information
Event Source:      SceCli
Event Category:      None
Event ID:      1704
Date:            7/18/2007
Time:            11:50:39 PM
User:            N/A
Computer:      SAGO
Description:
Security policy in the Group policy objects has been applied successfully.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


*****************************************************************************************************************************
****************************************************        DCDIAG Test          *******************************************
D:\Program Files\Support Tools>dcdiag
Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SAGO
      Starting test: Connectivity
         ......................... SAGO passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SAGO
      Starting test: Replications
         ......................... SAGO passed test Replications
      Starting test: NCSecDesc
         ......................... SAGO passed test NCSecDesc
      Starting test: NetLogons
         ......................... SAGO passed test NetLogons
      Starting test: Advertising
         ......................... SAGO passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SAGO passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SAGO passed test RidManager
      Starting test: MachineAccount
         ......................... SAGO passed test MachineAccount
      Starting test: Services
            IsmServ Service is stopped on [SAGO]
         ......................... SAGO failed test Services
      Starting test: ObjectsReplicated
         ......................... SAGO passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SAGO passed test frssysvol
      Starting test: frsevent
         ......................... SAGO passed test frsevent
      Starting test: kccevent
         ......................... SAGO passed test kccevent
      Starting test: systemlog
         ......................... SAGO passed test systemlog
      Starting test: VerifyReferences
         ......................... SAGO passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : Crystal
      Starting test: CrossRefValidation
         ......................... Crystal passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Crystal passed test CheckSDRefDom

   Running enterprise tests on : Crystal.xxxxxxxxxxxxx.com
      Starting test: Intersite
         ......................... Crystal.xxxxxxxxxx.com passed test Intersi
te
      Starting test: FsmoCheck
         ......................... Crystal.xxxxxxxxxxxxxx.com passed test FsmoChe
ck

D:\Program Files\Support Tools>

D:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SAGO
      Starting test: Connectivity
         ......................... SAGO passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SAGO
      Starting test: Replications
         ......................... SAGO passed test Replications
      Starting test: NCSecDesc
         ......................... SAGO passed test NCSecDesc
      Starting test: NetLogons
         ......................... SAGO passed test NetLogons
      Starting test: Advertising
         ......................... SAGO passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SAGO passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SAGO passed test RidManager
      Starting test: MachineAccount
         ......................... SAGO passed test MachineAccount
      Starting test: Services
            IsmServ Service is stopped on [SAGO]
         ......................... SAGO failed test Services
      Starting test: ObjectsReplicated
         ......................... SAGO passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SAGO passed test frssysvol
      Starting test: frsevent
         ......................... SAGO passed test frsevent
      Starting test: kccevent
         ......................... SAGO passed test kccevent
      Starting test: systemlog
         ......................... SAGO passed test systemlog
      Starting test: VerifyReferences
         ......................... SAGO passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : Crystal
      Starting test: CrossRefValidation
         ......................... Crystal passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Crystal passed test CheckSDRefDom

   Running enterprise tests on : Crystal.xxxxxxxxxxxxx.com
      Starting test: Intersite
         ......................... Crystal.xxxxxxxxxxxxxx.com passed test Intersi
te
      Starting test: FsmoCheck
         ......................... Crystal.xxxxxxxxxxx.com passed test FsmoChe
ck

D:\Program Files\Support Tools>
************************************************************************************************************************
*************************************************  NETDIAG TEST   *************************************************
D:\Program Files\Support Tools>netdiag

.....................................

    Computer Name: SAGO
    DNS Host Name: SAGO.Crystal.xxxxxxxxxxxxxxx.com
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 7, GenuineIntel
    List of installed hotfixes :
        KB924667-v2
        KB925398_WMP64
        KB925902
        KB926122
        KB927891
        KB929123
        KB930178
        KB931784
        KB931836
        KB932168
        KB933566
        KB933566-IE7
        KB933854
        KB935839
        KB935840
        KB935966
        KB936357
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : SAGO
        IP Address . . . . . . . . : 192.168.2.6
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.2.254
        Dns Servers. . . . . . . . : 127.0.0.1
                                     192.168.2.6


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : SAGO
        IP Address . . . . . . . . : XX.XX.XX.XX (Internet Public IP) (Multihomed)
        Subnet Mask. . . . . . . . : 255.255.255.248
        Default Gateway. . . . . . : XX.XX.XX.XX
        NetBIOS over Tcpip . . . . : Disabled
        Dns Servers. . . . . . . . : 127.0.0.1


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Skipped
            NetBT is disabled on this interface. [Test skipped]

        WINS service test. . . . . : Skipped
            NetBT is disable on this interface. [Test skipped].


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{0D4F8940-019A-47D0-9D72-FB8F4E79BB81}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1' a
nd other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.2.6'
 and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{0D4F8940-019A-47D0-9D72-FB8F4E79BB81}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{0D4F8940-019A-47D0-9D72-FB8F4E79BB81}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

D:\Program Files\Support Tools>

0
Comment
Question by:eckertpc
  • 4
  • 3
7 Comments
 
LVL 19

Expert Comment

by:weellio
ID: 19571341
http://support.microsoft.com/kb/908370 - do you have dfs? if so maybe this will help

or this
http://www.experts-exchange.com/Networking/Q_21034618.html

or this
http://support.microsoft.com/kb/935918
"Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied."
CAUSE
This issue may occur if you have used the FQDNs of the domain controllers of the domain forest to create trust relationships between domain controllers in Active Directory Domains and Trusts.
RESOLUTION
To resolve this issue, remove the domain controller entries from Active Directory Domains and Trusts. To do this, follow these steps:1. Click Start, type domain.msc, and then click OK to open Active Directory Domains and Trusts.
2. In the console tree, right-click the domain that contains the trust entries that you want to remove, and then click Properties.
3. Click the Trusts tab, click the trust entry for a domain controller that you want to remove, and then click Remove.
4. Follow the instructions on the screen to remove the trust entry for the domain.  
5. Repeat steps 3 and 4 for other domain controller trust entries.
6. Click OK to close the domain properties dialog box.
7. Exit Active Directory Domains and Trusts.
8. Restart all the domain controllers for which you removed the trust entries.
0
 

Author Comment

by:eckertpc
ID: 19576574
In addition, I can run gpupdate /force manualy with success
Also no problems from the clients as well, about 40 mixed clients most windows xp
This error is from the server only, no gp errors from client computers.
0
 

Author Comment

by:eckertpc
ID: 19620014
DCDIAG show no errors!
NetDiag show no errors!
NO DFS installed
New server, never was setup with a trust relationship!
No errors from XP clients!
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 19

Expert Comment

by:weellio
ID: 19622194
hmm,

have you tried to isolate the nics to make sure they were not dropping packets? just run one nic at a time for a few days?
0
 
LVL 19

Accepted Solution

by:
weellio earned 1500 total points
ID: 19622201
foudn this on the net


Cannot edit a Domain Group Policy Object because the SBS is running on a multihomed computer  Case Study
Event ID: 1030 and 1058

Situations: 1. When the client selected the Edit of Default Domain Policy on a Windows SBS 2003, he received these message: Failed to open the Group Policy Object. You may not have appropriate rights and Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.

2. In the Event Viewer listed Event ID: 1030 - Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this and Event ID:     1058 - Windows cannot access the file gpt.ini for GPO.

Troubleshooting: 1. Verified File and Printer Sharing for Microsoft Networks is enabled on the domain controller.

2. Verified the TCP/IP NetBIOS Helper service is enabled.

3. The server was running on a multihomed computer and the server registered both IP addresses in the DNS.

Resolution: disabled one NIC and cleaned the DNS records. Installed the SP1 for Windows 2003.

0
 

Author Comment

by:eckertpc
ID: 19622495
weellio,
Have already tested the nics with the broadcom Advanced Control Suite 2
Ran Diagnostics several times. no error reported!

can edit the gp without any errors!
TCP/IP NetBios Helper service is enabled and running!
Both nics are regestered in dns!

One nic (Private IP) has file and printer sharing selected/tcpip/microsoft networks
The other nic (Public IP) only has TCP/IP selected.
***********************************
This must a Microsoft bug!
Latested event log info:
8-2-07 12:29:39 AM   1058 Error
8-2-07 12:29:39 AM   1030 Error
8-2-07 12:34:40 AM   1058 Error
8-2-07 12:34:40 AM   1030 Error
8-2-07   1:09:25 AM   1704 Success
8-2-07   2:40:01 AM   1704 Success
8-2-07   2:41:11 AM   1704 Success
8-2-07   6:46:24 PM    1704 Success
Last event logged 6:46 PM Currect time is 11:55 PM 08-02-07
 12 Hours with no error
I will update when the next error is logged.
0
 
LVL 19

Expert Comment

by:weellio
ID: 19629198
maybe?

Check Trusts, if there is a REALM trust with another DC on the same domain.  Remove it.  Reboot servers.

http://www.experts-exchange.com/OS/Miscellaneous/Q_21205363.html
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question