EventID 1058 and 1030 every 5 minutes on 1 of 2 Windows 2003 DCs
I've done a ton of searches, and nothing seems to really fix my issue here....I've got 1058 and 1030 EventIDs popping up every 5 minutes on one of my two Windows 2003 DC's only. It seems that all users are getting the Group Policy applied, but it's making me paranoid and I'd like to get this resolved ASAP. Here are the exact two errors as they appear in the Application log on the one server (DC name is "adc2").
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Tis not well documented, but Netman is right:
Usually this is caused by you registering your DNS with the server, but it hasn't replicated out to other servers on the network. What you end up with is a pretty clear DCdiag and Netdiag report, but you are unable to connect to other servers in the domain.
This link explains:
https://www.experts-exchange.com/questions/22935596/EventID-1030-1058.html
Usually this is caused by you registering your DNS with the server, but it hasn't replicated out to other servers on the network. What you end up with is a pretty clear DCdiag and Netdiag report, but you are unable to connect to other servers in the domain.
This link explains:
https://www.experts-exchange.com/questions/22935596/EventID-1030-1058.html
ASKER
DNS looks right. Both DCs are DNS servers, both point to themselves and each other, clients all get both servers via DHCP. There are A records on both servers for each other, and each of the two servers is listed as its own SOA. Regarding the other link....Are the permissions below what this guy HAD, or are they the way the permissions SHOUD be? Thanks...
The problem was Share and NTFS permissions were not set properly for the SYSVOL Share:
Permissions for C:\
NTFS Permissions
Administrators = full control
Creator owner = none checked, but special permissions checked and greyed out
Everyone = none checked, but special permissions checked and greyed out
System = Full Control
Domain\Users = Read & Execute, List Folder contents, Read
Permissions for C:\Windows\Sysvol
Share
Do not share this folder
NTFS
Administrators = full control
Authenticated Users = Read & Execute, List Folder Contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read
System = Full Control
Permissions for C:\Windows\Sysvol\Sysvol
Share
Share this folder
Maximum Allowed
Administrators = full control
Authenticated Users = Full Control
Everyone = Read
NTFS
Administrators = Full Control, greyed out (inherited)
Authenticated Users = Read & Execute, List Folder contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read, (greyed out)
System = Full Control, greyed out (inherited)
After I have set the proper file permissions I ran the following from command prompt
secedit /configure /cfg %windir%\repair\secsetup.i
<enter>
Gpupdate
<enter>
reboot
After I rebooted, the problem was resolved
The problem was Share and NTFS permissions were not set properly for the SYSVOL Share:
Permissions for C:\
NTFS Permissions
Administrators = full control
Creator owner = none checked, but special permissions checked and greyed out
Everyone = none checked, but special permissions checked and greyed out
System = Full Control
Domain\Users = Read & Execute, List Folder contents, Read
Permissions for C:\Windows\Sysvol
Share
Do not share this folder
NTFS
Administrators = full control
Authenticated Users = Read & Execute, List Folder Contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read
System = Full Control
Permissions for C:\Windows\Sysvol\Sysvol
Share
Share this folder
Maximum Allowed
Administrators = full control
Authenticated Users = Full Control
Everyone = Read
NTFS
Administrators = Full Control, greyed out (inherited)
Authenticated Users = Read & Execute, List Folder contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read, (greyed out)
System = Full Control, greyed out (inherited)
After I have set the proper file permissions I ran the following from command prompt
secedit /configure /cfg %windir%\repair\secsetup.i
<enter>
Gpupdate
<enter>
reboot
After I rebooted, the problem was resolved
ASKER
Just went over all the permissions on both of my DCs and they are set exactly like above....
I made a couple suggestions on the following post:
https://www.experts-exchange.com/questions/22935596/EventID-1030-1058.html
Sounds like the author of that post followed the directions of this comment and acreditted it to the DNS fix:
""This appears to be a known problem in MS. Here is a KB article explaining the issue.
http://support.microsoft.com/kb/314494""
https://www.experts-exchange.com/questions/22935596/EventID-1030-1058.html
Sounds like the author of that post followed the directions of this comment and acreditted it to the DNS fix:
""This appears to be a known problem in MS. Here is a KB article explaining the issue.
http://support.microsoft.com/kb/314494""
ASKER
I've seen that, but it's showing on my 2003 Server (DC), and the article says:
APPLIES TO
" Microsoft Windows XP Professional Edition
" Microsoft Windows XP Tablet PC Edition
APPLIES TO
" Microsoft Windows XP Professional Edition
" Microsoft Windows XP Tablet PC Edition
ASKER
On the MS link that fixed the problem you are referring to, it says to modify this registry entry, which is absent (not even listed) from the registry on the DC:
In the right details pane, double-click DisableDFS
In the right details pane, double-click DisableDFS
Yep, that's it
So, it looks like you're good and solved it yourself??
So, it looks like you're good and solved it yourself??
Read this before you modify anything...
http://support.microsoft.com/kb/839499/en-us
SMB signing is likely the issue.
http://support.microsoft.com/kb/839499/en-us
SMB signing is likely the issue.
ASKER
So far so good.....It's been over 18 hours with no 1030's or 1058's. Looks like maybe the PurgeMupCache did the trick.
ASKER
Looks like this may have been caused by booting up that server after some updates when the other DC was not available....that's what I'm thinking right now.
+ 1 for "dfsutil /purgemupcache"
Worked for me.
Worked for me.
https://www.experts-exchange.com/questions/21594134/Group-Policies-Access-Denied-Event-1058-Event-1030-Windows-2003.html