Windows Cannot Preform Filter Check for Group Policy Object
Hi Guys
We have customer with a small network. The network consists of one SBS2003 domain controller server, one Win2003 member server used as a Terminal Server, one Win2003 member server used as a Blackberry Enterprise server, and about 30 WinXPP clients. It's all appears to be working just fine except for one small issue on the Terminal Server. The Application event log on the Terminal Server reports the following error every 20mins or so...
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 21/11/2007
Time: 4:10:01 PM
User: NT AUTHORITY\SYSTEM
Computer: TERMINALSERVER1
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1065
Date: 21/11/2007
Time: 4:10:01 PM
User: NT AUTHORITY\SYSTEM
Computer: TERMINALSERVER1
Description:
Windows cannot perform filter check for Group Policy object CN={20996323-FD81-4FF1-AFF
The object in question turns out to be - The SBS Internet Connection Firewall. When we disable that policy the error is the same but stops at a new object - The SBS Windows Firewall. If we disable that policy it stops at The Windows Vista Policy. If we disable that policy the Terminal Server Application Event log comes back clean! No errors...
So we have 3 policies that cause this error and it is only these 3 that use WMI Filters....? When we crank up the Group Policy Management Console from the Terminal Server it all looks fine except when we select the WMI Filters. A message comes back "Provider Load Failure". You click ok and the message disappears leaving the standard GPMC but nothing to see beneath WMI Filters. If we crank up the GPMC from the SBS2003 server we can click on the WMI Filters without any error message popping up and we can see all the filters beneath. The same is also true from the Blackberry server, WMI Filters are visible and no error messages. We login to all three servers as administrator.
This error isn't adversely affecting anybody (the logs have reported this error for over 2 years now - lol), but it would be nice for the Terminal Server to be able to run the group policy objects without issues. Any ideas welcome.
Thanks
Mike
We have customer with a small network. The network consists of one SBS2003 domain controller server, one Win2003 member server used as a Terminal Server, one Win2003 member server used as a Blackberry Enterprise server, and about 30 WinXPP clients. It's all appears to be working just fine except for one small issue on the Terminal Server. The Application event log on the Terminal Server reports the following error every 20mins or so...
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 21/11/2007
Time: 4:10:01 PM
User: NT AUTHORITY\SYSTEM
Computer: TERMINALSERVER1
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1065
Date: 21/11/2007
Time: 4:10:01 PM
User: NT AUTHORITY\SYSTEM
Computer: TERMINALSERVER1
Description:
Windows cannot perform filter check for Group Policy object CN={20996323-FD81-4FF1-AFF
The object in question turns out to be - The SBS Internet Connection Firewall. When we disable that policy the error is the same but stops at a new object - The SBS Windows Firewall. If we disable that policy it stops at The Windows Vista Policy. If we disable that policy the Terminal Server Application Event log comes back clean! No errors...
So we have 3 policies that cause this error and it is only these 3 that use WMI Filters....? When we crank up the Group Policy Management Console from the Terminal Server it all looks fine except when we select the WMI Filters. A message comes back "Provider Load Failure". You click ok and the message disappears leaving the standard GPMC but nothing to see beneath WMI Filters. If we crank up the GPMC from the SBS2003 server we can click on the WMI Filters without any error message popping up and we can see all the filters beneath. The same is also true from the Blackberry server, WMI Filters are visible and no error messages. We login to all three servers as administrator.
This error isn't adversely affecting anybody (the logs have reported this error for over 2 years now - lol), but it would be nice for the Terminal Server to be able to run the group policy objects without issues. Any ideas welcome.
Thanks
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is it a Windows 2000 or 2003 Server? If Win2K, see http://sbsurl.com/tss2k
But definitely you need to use a unique admin account created by the Add User wizard.
Jeff
TechSoEasy
But definitely you need to use a unique admin account created by the Add User wizard.
Jeff
TechSoEasy
ASKER
Hi Jeff
Sorry,... It's a Win2003 server configured as a Terminal Server.
It seems odd that we've joined other Win2003 servers to SBS boxes before without noticing this error.
Anyway,.. Still keen to hear a resolution.
Thanks
Mike
Sorry,... It's a Win2003 server configured as a Terminal Server.
It seems odd that we've joined other Win2003 servers to SBS boxes before without noticing this error.
Anyway,.. Still keen to hear a resolution.
Thanks
Mike
Are the other Win2003 servers that you've connectred being used as Terminal Servers?
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
Hi Jeff
No they aren't acting as a Terminal Server. I guess that makes all the difference.
Thanks
Mike
No they aren't acting as a Terminal Server. I guess that makes all the difference.
Thanks
Mike
Yes, that does make a difference! :-)
ASKER
Grin - Sooooo what's the fix then...?
Thanks
Mike
Thanks
Mike
Remove it and rejoin it properly.
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
Hi Jeff
Hoping you weren't going to say that - grin... Bummer having to create all those TS user profiles again. Unless you know of some clever way to retain the TS profiles...?
Thanks
Mike
Hoping you weren't going to say that - grin... Bummer having to create all those TS user profiles again. Unless you know of some clever way to retain the TS profiles...?
Thanks
Mike
ASKER
Thanks Jeff
Some great tips there. Be a while before I get a chance to try them out but I'll be sure to let ya know when I do...
Thanks for all your help.
Mike
Some great tips there. Be a while before I get a chance to try them out but I'll be sure to let ya know when I do...
Thanks for all your help.
Mike
ASKER
Thanks for the feed back and link. Hadn't seen that white paper before and noooo, we didn't join the domain quite the way they say. We just joined the Win2003 TS to the domain like you would any old PC. Log on to the TS with the Win2000 local admin account and Crank up the Network Identification Wizard and request to join the domain using the SBS2003 admin account. Seemed to work fine... Certainly didn't go about creating a unique admin account or join the domain via the Internet Explorer browser... Do you think that's what's caused the issue...? If so, how do we rectify it...?
Thanks
Mike