Group Policy / AD Errors

Windows Server 2003 AD Controller
XP Clients on Domain

We have started to get the below errors in the application and system log of our clients DC's event Viewer. Are they something to be worried about:

Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=********,DC=local. The file must be present at the location <\\***********.local\sysvol\**********.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server ********$.  The target name used was cifs/*******.*********.local. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named  machine accounts in the target realm (*********.LOCAL), and the client realm.   Please contact your system administrator.



Who is Participating?
check your replication...

in worst case you will need to do a D2/D4 on the domain.. we had this a while back....

Is sysvol shared on the dc in question?  Open Computer Management (right click on My computer and pick Manage) - Look at System Tools - Shared Folders - Shares.  

If it is not shared look at the File Replication System Event log.  Do you see any errors or warnings?  The easiest thing to do here is to restart the File Replication Service, then watch the events that pop up in the event log.  You are looking for the event 13516 which basically states that the DC has completed file replication, which is the last thing that needs to happen for it to be a true domain controller, and sysvol is now shared.

If you get an event that states that replication is occurring slowly or could not be completed and will try again later, then look for a connectivity problem between that DC and others.  Specifically look for RPC problems.  Ping might work, but setting a mapped drive might have problems, or might appear to be excrutiatingly slow.  In which case you have to fix the connectivity problem.

That 3rd error looks like a naming conflict.  Did somone put up a server with the same name, or change the IP address and move the computer?
why don't you install the resource kit and run replmon. there you can see your replication.

also run dcdiag to see if there are any errors.
Hope that you got to the bottom of it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.