jflynt
asked on
Access is denied when editing group policy on windows 2003 server running exchange 2003
i am attempting to edit an existing group policy. i have never done this and need to make a few minor changes. i am an administrator of the system with full rights. i am using the group policy object editor. i attempt to make a change to the policy and i get Access is denied/failed to save \\domain\***\gpttmpl.inf make sure you have right permissions. I have permissions as best i can tell and i am not sure about shares? can someone help me out concerning what may be causing this and how to check shares, including what particular file? folder? etc to check.
ASKER
i verified this but still states access is denied/failed to save. do these shares take place immediately or do i have to reboot or anything? etc???
It should work immediately (if that was the issue).
Open up DSA.msc.
Change the View to Advanced.
Drill into System\Policies.
Find the GUID that represents the GPO (it should match the folder name in sysvol).
Right click it and check the Properties>Security.
My bet is the Domain Admins and/or Administrators group is not listed. Add whatever is missing (you can check permissions against another policy).
Open up DSA.msc.
Change the View to Advanced.
Drill into System\Policies.
Find the GUID that represents the GPO (it should match the folder name in sysvol).
Right click it and check the Properties>Security.
My bet is the Domain Admins and/or Administrators group is not listed. Add whatever is missing (you can check permissions against another policy).
ASKER
if this should take effect immediately, it is not working. i still get access is denied/failed to save. make sure you have rights to this object. i am at a total loss on this one. i am logged into server through terminal services, this shouldnt cause any problems should it? i really appreciate your help.
How did the Security entries appear on the policy in ADUC?
If you can't add the correct entries, then you'll need to take ownership of the folder, rewrite ownership on subfolders and files then make the necessary adjustments. Remember to put the Administrators group as owner when your done.
For a TS connection run (from the Run box): mstsc -console
Log in normally - you'll be on the console session.
If you can't add the correct entries, then you'll need to take ownership of the folder, rewrite ownership on subfolders and files then make the necessary adjustments. Remember to put the Administrators group as owner when your done.
For a TS connection run (from the Run box): mstsc -console
Log in normally - you'll be on the console session.
ASKER
the security entries were correct as you stated above. the adminstrators group is the owner. i am using the console run of TS. i checked shares, security entries and everything you have mentioned twice but still it will not let me save. i could create a new GP with no problem but cannot apply anything inside that group. i am just bumfuddled.
Do you have Exchange in the domain?
If not, then do this:
1) Use GPMC and backup this GPO.
2) If it's the Default Domain policy then run DCGPOFIX.exe /domain - goto step 5. If not, proceed to step 3 and 4.
3) Delete the policy and allow time for replication.
4) Recreate it (with a slightly different name).
5) Restore the backup (if there's anything in there worth saving rather than resetting manually).
If not, then do this:
1) Use GPMC and backup this GPO.
2) If it's the Default Domain policy then run DCGPOFIX.exe /domain - goto step 5. If not, proceed to step 3 and 4.
3) Delete the policy and allow time for replication.
4) Recreate it (with a slightly different name).
5) Restore the backup (if there's anything in there worth saving rather than resetting manually).
ASKER
Exchange is on this server and this is a domain controller, the PDC. Incidently, the default policy isnt linked or enforced, if that matters. should i proceed with what you suggest? How often is replication? it doesnt appear to me that the default is actually doing anything on the server? what would happen if i just start over fresh is there a procedure for that? i appreciate your help and guidance. This problem has just whipped me. also, today on dcdiag i get a failed due to changes made to the sysvol regarding security? i dont see anything wrong.
ASKER
also, since i changed sysvol last night i am getting errors on dcdiag. is this a problem?
C:\Documents and Settings\Administrator>dcd iag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\EX CH2K3
Starting test: Connectivity
......................... EXCH2K3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\EX CH2K3
Starting test: Replications
......................... EXCH2K3 passed test Replications
Starting test: NCSecDesc
......................... EXCH2K3 passed test NCSecDesc
Starting test: NetLogons
......................... EXCH2K3 passed test NetLogons
Starting test: Advertising
......................... EXCH2K3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... EXCH2K3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... EXCH2K3 passed test RidManager
Starting test: MachineAccount
......................... EXCH2K3 passed test MachineAccount
Starting test: Services
......................... EXCH2K3 passed test Services
Starting test: ObjectsReplicated
......................... EXCH2K3 passed test ObjectsReplicated
Starting test: frssysvol
......................... EXCH2K3 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... EXCH2K3 failed test frsevent
Starting test: kccevent
......................... EXCH2K3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:38:41
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:38:48
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:38:52
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:38:53
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:38:55
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:38:58
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:39:00
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
......................... EXCH2K3 failed test systemlog
Starting test: VerifyReferences
......................... EXCH2K3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : tiftcounty
Starting test: CrossRefValidation
......................... tiftcounty passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... tiftcounty passed test CheckSDRefDom
Running enterprise tests on : tiftcounty.org
Starting test: Intersite
......................... tiftcounty.org passed test Intersite
Starting test: FsmoCheck
......................... tiftcounty.org passed test FsmoCheck
C:\Documents and Settings\Administrator>dcd
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\EX
Starting test: Connectivity
......................... EXCH2K3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\EX
Starting test: Replications
......................... EXCH2K3 passed test Replications
Starting test: NCSecDesc
......................... EXCH2K3 passed test NCSecDesc
Starting test: NetLogons
......................... EXCH2K3 passed test NetLogons
Starting test: Advertising
......................... EXCH2K3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... EXCH2K3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... EXCH2K3 passed test RidManager
Starting test: MachineAccount
......................... EXCH2K3 passed test MachineAccount
Starting test: Services
......................... EXCH2K3 passed test Services
Starting test: ObjectsReplicated
......................... EXCH2K3 passed test ObjectsReplicated
Starting test: frssysvol
......................... EXCH2K3 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... EXCH2K3 failed test frsevent
Starting test: kccevent
......................... EXCH2K3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:38:41
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:38:48
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:38:52
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:38:53
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:38:55
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:38:58
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000005
Time Generated: 10/05/2007 09:39:00
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
......................... EXCH2K3 failed test systemlog
Starting test: VerifyReferences
......................... EXCH2K3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : tiftcounty
Starting test: CrossRefValidation
......................... tiftcounty passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... tiftcounty passed test CheckSDRefDom
Running enterprise tests on : tiftcounty.org
Starting test: Intersite
......................... tiftcounty.org passed test Intersite
Starting test: FsmoCheck
......................... tiftcounty.org passed test FsmoCheck
Check the time on the server - it appears it's not correct.
Ensure the time, time zone and daylight savings settings are correct on all your servers and workstations.
Let me know.
Ensure the time, time zone and daylight savings settings are correct on all your servers and workstations.
Let me know.
ASKER
checked all servers and time was right except for this server, it showed 1:00AM at the time it was 9:00AM. it appears to be correct now by checking would you suggest proceeding with what you recommended above?
Wait for awhile before you change anything now.
Attempt to run DCDIAG again, then try to make your changes to that GPO.
Let me know.
Attempt to run DCDIAG again, then try to make your changes to that GPO.
Let me know.
ASKER
i just ran dcdiag and still getting the same as above wiht respect to the failed frseven
ASKER
also ran the group policy check and got this response. this makes me MORE lost. what is the difference between default domain controllers policy and default domain policy. am i mixing something up?
Incorrect permissions on Default Domain Controllers Policy Domain Controller: Default GPO's Check
Enterprise Domain Controllers does not have Read permission on Default Domain Controllers Policy
Incorrect permissions on Default Domain Controllers Policy Domain Controller: Default GPO's Check
Enterprise Domain Controllers does not have apply permission on Default Domain Controllers Policy
Incorrect permissions on Default Domain Policy Domain Controller: Default GPO's Check
EXCH2K3$ does not have Apply Group Policy permission on Default Domain Policy
Incorrect permissions on Default Domain Controllers Policy Domain Controller: Default GPO's Check
Enterprise Domain Controllers does not have Read permission on Default Domain Controllers Policy
Incorrect permissions on Default Domain Controllers Policy Domain Controller: Default GPO's Check
Enterprise Domain Controllers does not have apply permission on Default Domain Controllers Policy
Incorrect permissions on Default Domain Policy Domain Controller: Default GPO's Check
EXCH2K3$ does not have Apply Group Policy permission on Default Domain Policy
ASKER
i also evidently by some means dont have access. i tried to look over backing up the GPo and i dont have an option for backup? i have gone over and over everything as best i know how to do. I had another person look and nothing. Everything you suggested was covered. Dont have a clue what is blocking my access. if anymore ideas i will try anything.
Default Domain Controller policy affects the DCs locally.
Default Domain Policy affects all computer accounts in the domain.
Find the Default Domain Controller Policy and add the Enterprise Domain Controllers group with Read pemission.
Find the Default Domain Policy and add the EXCH2K3$ account with Apply group policy.
Default Domain Policy affects all computer accounts in the domain.
Find the Default Domain Controller Policy and add the Enterprise Domain Controllers group with Read pemission.
Find the Default Domain Policy and add the EXCH2K3$ account with Apply group policy.
ASKER
i cannot locate a EXCH2K3$ account?
ASKER
i got those corrected and i still cannot save. i ran a gpotool and this is what came out. i see the errors on two servers and i am not sure about this being the problem or how to correct. thanks for your help. I am giving you the points either way for sticking with me.
EAGLEAD-2.tiftcounty.org
eaglead_1.tiftcounty.org
archive.tiftcounty.org
finance.tiftcounty.org
Searching for policies...
Found 3 policies
========================== ========== ========== ========== ====
Policy {31B2F340-016D-11D2-945F-0 0C04FB984F 9}
Friendly name: Default Domain Policy
Error: Version mismatch on EAGLEAD-2.tiftcounty.org, DS=4456483, sysvol=3014691
Details:
-------------------------- ---------- ---------- ---------- ----
DC: EXCH2K3.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:54:46 AM
DS version: 68(user) 35(machine)
Sysvol version: 68(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C- 0000F80808 61}{88E729 D6-BDC1-11 D1-BD2A-00 C04FB9603F }][{3060E8 D0-7020-11 D2-842D-00 C04FA372D4 }{3060E8CE -7020-1
1D2-842D-00C04FA372D4}][{3 5378EAC-68 3F-11D2-A8 9A-00C04FB BCFA2}{0F6 B957E-509E -11D1-A7CC -0000F8757 1E3}{53D6A B1D-2488-1 1D1-A28C-0 0C04FB94F1 7}][{A2E30 F80-
D7DE-11D2-BBDE-00C04F86AE3 B}{FC71582 3-C5FB-11D 1-9EEF-00A 0C90347FF} ][{B1BE8D7 2-6EAC-11D 2-A4EA-00C 04F79F83A} {53D6AB1D- 2488-11D1- A28C-00C04 FB94F17}]
Machine extensions: [{35378EAC-683F-11D2-A89A- 00C04FBBCF A2}{0F6B95 7D-509E-11 D1-A7CC-00 00F87571E3 }{53D6AB1B -2488-11D1 -A28C-00C0 4FB94F17}] [{827D319E -6EA
C-11D2-A4EA-00C04F79F83A}{ 803E14A0-B 4FB-11D0-A 0D0-00A0C9 0F574B}][{ B1BE8D72-6 EAC-11D2-A 4EA-00C04F 79F83A}{53 D6AB1B-248 8-11D1-A28 C-00C04FB9 4F17}]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: EXCH2K3FO.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:55:22 AM
DS version: 68(user) 35(machine)
Sysvol version: 68(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C- 0000F80808 61}{88E729 D6-BDC1-11 D1-BD2A-00 C04FB9603F }][{3060E8 D0-7020-11 D2-842D-00 C04FA372D4 }{3060E8CE -7020-1
1D2-842D-00C04FA372D4}][{3 5378EAC-68 3F-11D2-A8 9A-00C04FB BCFA2}{0F6 B957E-509E -11D1-A7CC -0000F8757 1E3}{53D6A B1D-2488-1 1D1-A28C-0 0C04FB94F1 7}][{A2E30 F80-
D7DE-11D2-BBDE-00C04F86AE3 B}{FC71582 3-C5FB-11D 1-9EEF-00A 0C90347FF} ][{B1BE8D7 2-6EAC-11D 2-A4EA-00C 04F79F83A} {53D6AB1D- 2488-11D1- A28C-00C04 FB94F17}]
Machine extensions: [{35378EAC-683F-11D2-A89A- 00C04FBBCF A2}{0F6B95 7D-509E-11 D1-A7CC-00 00F87571E3 }{53D6AB1B -2488-11D1 -A28C-00C0 4FB94F17}] [{827D319E -6EA
C-11D2-A4EA-00C04F79F83A}{ 803E14A0-B 4FB-11D0-A 0D0-00A0C9 0F574B}][{ B1BE8D72-6 EAC-11D2-A 4EA-00C04F 79F83A}{53 D6AB1B-248 8-11D1-A28 C-00C04FB9 4F17}]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: recreation.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:55:06 AM
DS version: 68(user) 35(machine)
Sysvol version: 68(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C- 0000F80808 61}{88E729 D6-BDC1-11 D1-BD2A-00 C04FB9603F }][{3060E8 D0-7020-11 D2-842D-00 C04FA372D4 }{3060E8CE -7020-1
1D2-842D-00C04FA372D4}][{3 5378EAC-68 3F-11D2-A8 9A-00C04FB BCFA2}{0F6 B957E-509E -11D1-A7CC -0000F8757 1E3}{53D6A B1D-2488-1 1D1-A28C-0 0C04FB94F1 7}][{A2E30 F80-
D7DE-11D2-BBDE-00C04F86AE3 B}{FC71582 3-C5FB-11D 1-9EEF-00A 0C90347FF} ][{B1BE8D7 2-6EAC-11D 2-A4EA-00C 04F79F83A} {53D6AB1D- 2488-11D1- A28C-00C04 FB94F17}]
Machine extensions: [{35378EAC-683F-11D2-A89A- 00C04FBBCF A2}{0F6B95 7D-509E-11 D1-A7CC-00 00F87571E3 }{53D6AB1B -2488-11D1 -A28C-00C0 4FB94F17}] [{827D319E -6EA
C-11D2-A4EA-00C04F79F83A}{ 803E14A0-B 4FB-11D0-A 0D0-00A0C9 0F574B}][{ B1BE8D72-6 EAC-11D2-A 4EA-00C04F 79F83A}{53 D6AB1B-248 8-11D1-A28 C-00C04FB9 4F17}]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: EAGLEAD-2.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:56:01 AM
DS version: 68(user) 35(machine)
Sysvol version: 46(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C- 0000F80808 61}{88E729 D6-BDC1-11 D1-BD2A-00 C04FB9603F }][{3060E8 D0-7020-11 D2-842D-00 C04FA372D4 }{3060E8CE -7020-1
1D2-842D-00C04FA372D4}][{3 5378EAC-68 3F-11D2-A8 9A-00C04FB BCFA2}{0F6 B957E-509E -11D1-A7CC -0000F8757 1E3}{53D6A B1D-2488-1 1D1-A28C-0 0C04FB94F1 7}][{A2E30 F80-
D7DE-11D2-BBDE-00C04F86AE3 B}{FC71582 3-C5FB-11D 1-9EEF-00A 0C90347FF} ][{B1BE8D7 2-6EAC-11D 2-A4EA-00C 04F79F83A} {53D6AB1D- 2488-11D1- A28C-00C04 FB94F17}]
Machine extensions: [{35378EAC-683F-11D2-A89A- 00C04FBBCF A2}{0F6B95 7D-509E-11 D1-A7CC-00 00F87571E3 }{53D6AB1B -2488-11D1 -A28C-00C0 4FB94F17}] [{827D319E -6EA
C-11D2-A4EA-00C04F79F83A}{ 803E14A0-B 4FB-11D0-A 0D0-00A0C9 0F574B}][{ B1BE8D72-6 EAC-11D2-A 4EA-00C04F 79F83A}{53 D6AB1B-248 8-11D1-A28 C-00C04FB9 4F17}]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: eaglead_1.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:54:50 AM
DS version: 68(user) 35(machine)
Sysvol version: 68(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C- 0000F80808 61}{88E729 D6-BDC1-11 D1-BD2A-00 C04FB9603F }][{3060E8 D0-7020-11 D2-842D-00 C04FA372D4 }{3060E8CE -7020-1
1D2-842D-00C04FA372D4}][{3 5378EAC-68 3F-11D2-A8 9A-00C04FB BCFA2}{0F6 B957E-509E -11D1-A7CC -0000F8757 1E3}{53D6A B1D-2488-1 1D1-A28C-0 0C04FB94F1 7}][{A2E30 F80-
D7DE-11D2-BBDE-00C04F86AE3 B}{FC71582 3-C5FB-11D 1-9EEF-00A 0C90347FF} ][{B1BE8D7 2-6EAC-11D 2-A4EA-00C 04F79F83A} {53D6AB1D- 2488-11D1- A28C-00C04 FB94F17}]
Machine extensions: [{35378EAC-683F-11D2-A89A- 00C04FBBCF A2}{0F6B95 7D-509E-11 D1-A7CC-00 00F87571E3 }{53D6AB1B -2488-11D1 -A28C-00C0 4FB94F17}] [{827D319E -6EA
C-11D2-A4EA-00C04F79F83A}{ 803E14A0-B 4FB-11D0-A 0D0-00A0C9 0F574B}][{ B1BE8D72-6 EAC-11D2-A 4EA-00C04F 79F83A}{53 D6AB1B-248 8-11D1-A28 C-00C04FB9 4F17}]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: archive.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:55:10 AM
DS version: 68(user) 35(machine)
Sysvol version: 68(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C- 0000F80808 61}{88E729 D6-BDC1-11 D1-BD2A-00 C04FB9603F }][{3060E8 D0-7020-11 D2-842D-00 C04FA372D4 }{3060E8CE -7020-1
1D2-842D-00C04FA372D4}][{3 5378EAC-68 3F-11D2-A8 9A-00C04FB BCFA2}{0F6 B957E-509E -11D1-A7CC -0000F8757 1E3}{53D6A B1D-2488-1 1D1-A28C-0 0C04FB94F1 7}][{A2E30 F80-
D7DE-11D2-BBDE-00C04F86AE3 B}{FC71582 3-C5FB-11D 1-9EEF-00A 0C90347FF} ][{B1BE8D7 2-6EAC-11D 2-A4EA-00C 04F79F83A} {53D6AB1D- 2488-11D1- A28C-00C04 FB94F17}]
Machine extensions: [{35378EAC-683F-11D2-A89A- 00C04FBBCF A2}{0F6B95 7D-509E-11 D1-A7CC-00 00F87571E3 }{53D6AB1B -2488-11D1 -A28C-00C0 4FB94F17}] [{827D319E -6EA
C-11D2-A4EA-00C04F79F83A}{ 803E14A0-B 4FB-11D0-A 0D0-00A0C9 0F574B}][{ B1BE8D72-6 EAC-11D2-A 4EA-00C04F 79F83A}{53 D6AB1B-248 8-11D1-A28 C-00C04FB9 4F17}]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: finance.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:55:01 AM
DS version: 68(user) 35(machine)
Sysvol version: 68(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C- 0000F80808 61}{88E729 D6-BDC1-11 D1-BD2A-00 C04FB9603F }][{3060E8 D0-7020-11 D2-842D-00 C04FA372D4 }{3060E8CE -7020-1
1D2-842D-00C04FA372D4}][{3 5378EAC-68 3F-11D2-A8 9A-00C04FB BCFA2}{0F6 B957E-509E -11D1-A7CC -0000F8757 1E3}{53D6A B1D-2488-1 1D1-A28C-0 0C04FB94F1 7}][{A2E30 F80-
D7DE-11D2-BBDE-00C04F86AE3 B}{FC71582 3-C5FB-11D 1-9EEF-00A 0C90347FF} ][{B1BE8D7 2-6EAC-11D 2-A4EA-00C 04F79F83A} {53D6AB1D- 2488-11D1- A28C-00C04 FB94F17}]
Machine extensions: [{35378EAC-683F-11D2-A89A- 00C04FBBCF A2}{0F6B95 7D-509E-11 D1-A7CC-00 00F87571E3 }{53D6AB1B -2488-11D1 -A28C-00C0 4FB94F17}] [{827D319E -6EA
C-11D2-A4EA-00C04F79F83A}{ 803E14A0-B 4FB-11D0-A 0D0-00A0C9 0F574B}][{ B1BE8D72-6 EAC-11D2-A 4EA-00C04F 79F83A}{53 D6AB1B-248 8-11D1-A28 C-00C04FB9 4F17}]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
========================== ========== ========== ========== ====
Policy {6AC1786C-016F-11D2-945F-0 0C04FB984F 9}
Friendly name: Default Domain Controllers Policy
Error: Version mismatch on EAGLEAD-2.tiftcounty.org, DS=58, sysvol=44
Details:
-------------------------- ---------- ---------- ---------- ----
DC: EXCH2K3.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:52:58 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 58(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA- 00C04F79F8 3A}{803E14 A0-B4FB-11 D0-A0D0-00 A0C90F574B }]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: EXCH2K3FO.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:53:30 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 58(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA- 00C04F79F8 3A}{803E14 A0-B4FB-11 D0-A0D0-00 A0C90F574B }]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: recreation.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:53:19 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 58(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA- 00C04F79F8 3A}{803E14 A0-B4FB-11 D0-A0D0-00 A0C90F574B }]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: EAGLEAD-2.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:53:27 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 44(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA- 00C04F79F8 3A}{803E14 A0-B4FB-11 D0-A0D0-00 A0C90F574B }]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: eaglead_1.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:53:16 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 58(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA- 00C04F79F8 3A}{803E14 A0-B4FB-11 D0-A0D0-00 A0C90F574B }]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: archive.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:53:22 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 58(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA- 00C04F79F8 3A}{803E14 A0-B4FB-11 D0-A0D0-00 A0C90F574B }]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: finance.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:53:13 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 58(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA- 00C04F79F8 3A}{803E14 A0-B4FB-11 D0-A0D0-00 A0C90F574B }]
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
========================== ========== ========== ========== ====
Policy {720C544F-8836-4DF8-B3C7-B 99D533E015 E}
Friendly name: New Group Policy Object
Error: EXCH2K3.tiftcounty.org - EAGLEAD-2.tiftcounty.org sysvol mismatch
Error: EXCH2K3.tiftcounty.org - finance.tiftcounty.org sysvol mismatch
Details:
-------------------------- ---------- ---------- ---------- ----
DC: EXCH2K3.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:35:57 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: EXCH2K3FO.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:33:23 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: recreation.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:36:17 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: EAGLEAD-2.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:33:29 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: eaglead_1.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:36:08 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: archive.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:36:14 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
-------------------------- ---------- ---------- ---------- ----
DC: finance.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:33:08 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
-------------------------- ---------- ---------- ---------- ----
========================== ========== ========== ========== ====
Errors found
C:\Documents and Settings\Administrator>
EAGLEAD-2.tiftcounty.org
eaglead_1.tiftcounty.org
archive.tiftcounty.org
finance.tiftcounty.org
Searching for policies...
Found 3 policies
==========================
Policy {31B2F340-016D-11D2-945F-0
Friendly name: Default Domain Policy
Error: Version mismatch on EAGLEAD-2.tiftcounty.org, DS=4456483, sysvol=3014691
Details:
--------------------------
DC: EXCH2K3.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:54:46 AM
DS version: 68(user) 35(machine)
Sysvol version: 68(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C-
1D2-842D-00C04FA372D4}][{3
D7DE-11D2-BBDE-00C04F86AE3
Machine extensions: [{35378EAC-683F-11D2-A89A-
C-11D2-A4EA-00C04F79F83A}{
Functionality version: 2
--------------------------
--------------------------
DC: EXCH2K3FO.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:55:22 AM
DS version: 68(user) 35(machine)
Sysvol version: 68(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C-
1D2-842D-00C04FA372D4}][{3
D7DE-11D2-BBDE-00C04F86AE3
Machine extensions: [{35378EAC-683F-11D2-A89A-
C-11D2-A4EA-00C04F79F83A}{
Functionality version: 2
--------------------------
--------------------------
DC: recreation.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:55:06 AM
DS version: 68(user) 35(machine)
Sysvol version: 68(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C-
1D2-842D-00C04FA372D4}][{3
D7DE-11D2-BBDE-00C04F86AE3
Machine extensions: [{35378EAC-683F-11D2-A89A-
C-11D2-A4EA-00C04F79F83A}{
Functionality version: 2
--------------------------
--------------------------
DC: EAGLEAD-2.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:56:01 AM
DS version: 68(user) 35(machine)
Sysvol version: 46(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C-
1D2-842D-00C04FA372D4}][{3
D7DE-11D2-BBDE-00C04F86AE3
Machine extensions: [{35378EAC-683F-11D2-A89A-
C-11D2-A4EA-00C04F79F83A}{
Functionality version: 2
--------------------------
--------------------------
DC: eaglead_1.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:54:50 AM
DS version: 68(user) 35(machine)
Sysvol version: 68(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C-
1D2-842D-00C04FA372D4}][{3
D7DE-11D2-BBDE-00C04F86AE3
Machine extensions: [{35378EAC-683F-11D2-A89A-
C-11D2-A4EA-00C04F79F83A}{
Functionality version: 2
--------------------------
--------------------------
DC: archive.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:55:10 AM
DS version: 68(user) 35(machine)
Sysvol version: 68(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C-
1D2-842D-00C04FA372D4}][{3
D7DE-11D2-BBDE-00C04F86AE3
Machine extensions: [{35378EAC-683F-11D2-A89A-
C-11D2-A4EA-00C04F79F83A}{
Functionality version: 2
--------------------------
--------------------------
DC: finance.tiftcounty.org
Friendly name: Default Domain Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:55:01 AM
DS version: 68(user) 35(machine)
Sysvol version: 68(user) 35(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: [{25537BA6-77A8-11D2-9B6C-
1D2-842D-00C04FA372D4}][{3
D7DE-11D2-BBDE-00C04F86AE3
Machine extensions: [{35378EAC-683F-11D2-A89A-
C-11D2-A4EA-00C04F79F83A}{
Functionality version: 2
--------------------------
==========================
Policy {6AC1786C-016F-11D2-945F-0
Friendly name: Default Domain Controllers Policy
Error: Version mismatch on EAGLEAD-2.tiftcounty.org, DS=58, sysvol=44
Details:
--------------------------
DC: EXCH2K3.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:52:58 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 58(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA-
Functionality version: 2
--------------------------
--------------------------
DC: EXCH2K3FO.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:53:30 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 58(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA-
Functionality version: 2
--------------------------
--------------------------
DC: recreation.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:53:19 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 58(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA-
Functionality version: 2
--------------------------
--------------------------
DC: EAGLEAD-2.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:53:27 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 44(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA-
Functionality version: 2
--------------------------
--------------------------
DC: eaglead_1.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:53:16 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 58(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA-
Functionality version: 2
--------------------------
--------------------------
DC: archive.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:53:22 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 58(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA-
Functionality version: 2
--------------------------
--------------------------
DC: finance.tiftcounty.org
Friendly name: Default Domain Controllers Policy
Created: 3/15/2006 1:15:37 PM
Changed: 10/7/2007 2:53:13 AM
DS version: 0(user) 58(machine)
Sysvol version: 0(user) 58(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: [{827D319E-6EAC-11D2-A4EA-
Functionality version: 2
--------------------------
==========================
Policy {720C544F-8836-4DF8-B3C7-B
Friendly name: New Group Policy Object
Error: EXCH2K3.tiftcounty.org - EAGLEAD-2.tiftcounty.org sysvol mismatch
Error: EXCH2K3.tiftcounty.org - finance.tiftcounty.org sysvol mismatch
Details:
--------------------------
DC: EXCH2K3.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:35:57 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
--------------------------
--------------------------
DC: EXCH2K3FO.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:33:23 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
--------------------------
--------------------------
DC: recreation.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:36:17 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
--------------------------
--------------------------
DC: EAGLEAD-2.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:33:29 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
--------------------------
--------------------------
DC: eaglead_1.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:36:08 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
--------------------------
--------------------------
DC: archive.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:36:14 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
--------------------------
--------------------------
DC: finance.tiftcounty.org
Friendly name: New Group Policy Object
Created: 4/26/2006 11:14:49 PM
Changed: 10/5/2007 3:33:08 AM
DS version: 0(user) 0(machine)
Sysvol version: 0(user) 0(machine)
Flags: 0 (user side enabled; machine side enabled)
User extensions: not found
Machine extensions: not found
Functionality version: 2
--------------------------
==========================
Errors found
C:\Documents and Settings\Administrator>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i have gone over everything with a fine tooth comb and everything is in order as suggested by you and what i have read. i didnt install this system and have not had to alter the policy so i am not sure if this existed or has cropped up so to speak. i am not sure what to do at this point but i cannot backup the Domain Controller Group Policy due to an "invalid pointer" but i have backed up the Domain Group Policy. There is nothing of value in the DGP but a good bit of entry used on the DCGP. any last thoughts? i wanted to thank you for your time since i have recieved no other help from any other site. Thanks!
Try running DCDIAG /fix and NETDIAG /fix.
I'd have to see this now to be of further use - we've covered everything I can think of without me trolling around the server myself.
I'd have to see this now to be of further use - we've covered everything I can think of without me trolling around the server myself.
ASKER
here it is. seems everything is correct i just cannot save changes to edits on default policies.
C:\>dcdiag /fix
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\EX CH2K3
Starting test: Connectivity
......................... EXCH2K3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\EX CH2K3
Starting test: Replications
......................... EXCH2K3 passed test Replications
Starting test: NCSecDesc
......................... EXCH2K3 passed test NCSecDesc
Starting test: NetLogons
......................... EXCH2K3 passed test NetLogons
Starting test: Advertising
......................... EXCH2K3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... EXCH2K3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... EXCH2K3 passed test RidManager
Starting test: MachineAccount
......................... EXCH2K3 passed test MachineAccount
Starting test: Services
......................... EXCH2K3 passed test Services
Starting test: ObjectsReplicated
......................... EXCH2K3 passed test ObjectsReplicated
Starting test: frssysvol
......................... EXCH2K3 passed test frssysvol
Starting test: frsevent
......................... EXCH2K3 passed test frsevent
Starting test: kccevent
......................... EXCH2K3 passed test kccevent
Starting test: systemlog
......................... EXCH2K3 passed test systemlog
Starting test: VerifyReferences
......................... EXCH2K3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : tiftcounty
Starting test: CrossRefValidation
......................... tiftcounty passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... tiftcounty passed test CheckSDRefDom
Running enterprise tests on : tiftcounty.org
Starting test: Intersite
......................... tiftcounty.org passed test Intersite
Starting test: FsmoCheck
......................... tiftcounty.org passed test FsmoCheck
C:\>netdiag /fix
.......................... ..........
Computer Name: EXCH2K3
DNS Host Name: EXCH2K3.tiftcounty.org
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB921503
KB925398_WMP64
KB925902
KB926122
KB927891
KB928090-IE7
KB929123
KB929969
KB930178
KB931768-IE7
KB931784
KB931836
KB932168
KB933360
KB933566-IE7
KB933854
KB935839
KB935840
KB935966
KB936021
KB936357
KB936782
KB937143-IE7
KB938127-IE7
KB940122
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : TIFT LAN PRIMARY
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : EXCH2K3.tiftcounty.org
IP Address . . . . . . . . : 172.16.0.23
Subnet Mask. . . . . . . . : 255.255.240.0
Default Gateway. . . . . . : 172.16.0.1
Dns Servers. . . . . . . . : 172.16.0.23
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{3498DB73-AB23 -4CAB-AAD4 -4072BB03A E7B}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Failed
[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '172.16.0.23' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{3498DB73-AB23 -4CAB-AAD4 -4072BB03A E7B}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{3498DB73-AB23 -4CAB-AAD4 -4072BB03A E7B}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\>
C:\>dcdiag /fix
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\EX
Starting test: Connectivity
......................... EXCH2K3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\EX
Starting test: Replications
......................... EXCH2K3 passed test Replications
Starting test: NCSecDesc
......................... EXCH2K3 passed test NCSecDesc
Starting test: NetLogons
......................... EXCH2K3 passed test NetLogons
Starting test: Advertising
......................... EXCH2K3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... EXCH2K3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... EXCH2K3 passed test RidManager
Starting test: MachineAccount
......................... EXCH2K3 passed test MachineAccount
Starting test: Services
......................... EXCH2K3 passed test Services
Starting test: ObjectsReplicated
......................... EXCH2K3 passed test ObjectsReplicated
Starting test: frssysvol
......................... EXCH2K3 passed test frssysvol
Starting test: frsevent
......................... EXCH2K3 passed test frsevent
Starting test: kccevent
......................... EXCH2K3 passed test kccevent
Starting test: systemlog
......................... EXCH2K3 passed test systemlog
Starting test: VerifyReferences
......................... EXCH2K3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : tiftcounty
Starting test: CrossRefValidation
......................... tiftcounty passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... tiftcounty passed test CheckSDRefDom
Running enterprise tests on : tiftcounty.org
Starting test: Intersite
......................... tiftcounty.org passed test Intersite
Starting test: FsmoCheck
......................... tiftcounty.org passed test FsmoCheck
C:\>netdiag /fix
..........................
Computer Name: EXCH2K3
DNS Host Name: EXCH2K3.tiftcounty.org
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB921503
KB925398_WMP64
KB925902
KB926122
KB927891
KB928090-IE7
KB929123
KB929969
KB930178
KB931768-IE7
KB931784
KB931836
KB932168
KB933360
KB933566-IE7
KB933854
KB935839
KB935840
KB935966
KB936021
KB936357
KB936782
KB937143-IE7
KB938127-IE7
KB940122
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : TIFT LAN PRIMARY
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : EXCH2K3.tiftcounty.org
IP Address . . . . . . . . : 172.16.0.23
Subnet Mask. . . . . . . . : 255.255.240.0
Default Gateway. . . . . . : 172.16.0.1
Dns Servers. . . . . . . . : 172.16.0.23
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{3498DB73-AB23
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Failed
[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '172.16.0.23' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{3498DB73-AB23
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{3498DB73-AB23
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\>
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Those errors tell me that you have 2 NICs in this server and the LAN-facing NIC is not at the top of the binding order.
Place this inside NIC at the top of the binding order and reboot.
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Those errors tell me that you have 2 NICs in this server and the LAN-facing NIC is not at the top of the binding order.
Place this inside NIC at the top of the binding order and reboot.
ASKER
binding order looks correet. one off is 1 one on is 0? does 0 not count?
ASKER
i have that corrected. i was thinking of something else. it was not in first place as you indicated. i am to the point if you want to look i will let you. i had no errors except for one server on gpotool and now all of the servers show a mismatch on the domain controller policy and still only the one of domain policy. both policies are linked as i assume they should be and nothing has changed to my knowledge. i can look at gpo i can add and delete gpo but i cannot save changes to any gpo. do i need to call microsoft or just start over.
I can take a look tonight.
If you'd prefer, you can call MS PSS - it's $249 for one incident and they'll work it to completion.
I wouldn't start over - this should be fixable.
If you'd prefer, you can call MS PSS - it's $249 for one incident and they'll work it to completion.
I wouldn't start over - this should be fixable.
ASKER
i wanted to thank you for your time. i understand how valuable someones time is and i want you to know i appreciate this. It seems lately the little problems take all the time but thats the nature of the beast. Thank you.
ASKER
Just FYI. Microsoft couldnt fix this either. They ended up demoting the machine, transfering the PDC functions to another machine and only after promoting this machine back were we able to edit GPO. He worked on it for two days and 15 hours before giving up. Thanks!
I'm glad to hear they were as stumped as I was.
Also glad to hear it's fixed.
Also glad to hear it's fixed.
Open up the properties of it.
Under Sharing tab, select the Permission button.
Administrators have Full Control
Authenticated Users has Read.
The NTFS permissions on this folder:
All inherited from the parent (C:\Windows\SYSVOL)
Administrators and SYSTEM (Full Control)
Authenticated Users & Server Operators - Read and Execute, List folder contents, Read.
Creator Owner - Full Contol (Subfolders and Files only).