Solved

Windows Cannot Preform Filter Check for Group Policy Object

Posted on 2007-11-27
14
3,103 Views
Last Modified: 2009-10-08
Hi Guys

We have customer with a small network. The network consists of one SBS2003 domain controller server, one Win2003 member server used as a Terminal Server,  one Win2003 member server used as a Blackberry Enterprise server, and about 30 WinXPP clients. It's all appears to be working just fine except for one small issue on the Terminal Server. The Application event log on the Terminal Server reports the following error every 20mins or so...

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date:  21/11/2007
Time:  4:10:01 PM
User:  NT AUTHORITY\SYSTEM
Computer: TERMINALSERVER1
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1065
Date:  21/11/2007
Time:  4:10:01 PM
User:  NT AUTHORITY\SYSTEM
Computer: TERMINALSERVER1
Description:
Windows cannot perform filter check for Group Policy object CN={20996323-FD81-4FF1-AFF3-8F00FD0DDF83},CN=Policies,CN=System,DC=gd,DC=local. Group Policy processing aborted.

The object in question turns out to be  - The SBS Internet Connection Firewall. When we disable that policy the error is the same but stops at a new object - The SBS Windows Firewall. If we disable that policy it stops at The Windows Vista Policy. If we disable that policy the Terminal Server Application Event log comes back clean! No errors...

So we have 3 policies that cause this error and it is only these 3 that use WMI Filters....? When we crank up the Group Policy Management Console from the Terminal Server it all looks fine except when we select the WMI Filters. A message comes back "Provider Load Failure". You click ok and the message disappears leaving the standard GPMC but nothing to see beneath WMI Filters. If we crank up the GPMC from the SBS2003 server we can click on the WMI Filters without any error message popping up and we can see all the filters beneath. The same is also true from the Blackberry server, WMI Filters are visible and no error messages.  We login to all three servers as administrator.
 
This error isn't adversely affecting anybody (the logs have reported this error for over 2 years now - lol),  but it would be nice for the Terminal Server to be able to run the group policy objects without issues. Any ideas welcome.

Thanks
Mike
0
Comment
Question by:Steve McIntyre
  • 6
  • 6
14 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 20400105
How did you join the Terminal Server to the domain originally?  Did you follow the documentation?  (http://sbsurl.com/sbstss)

Jeff
TechSoEasy
0
 

Author Comment

by:Steve McIntyre
ID: 20400225
Hi Jeff

Thanks for the feed back and link. Hadn't seen that white paper before and noooo, we didn't join the domain quite the way they say. We just joined the Win2003 TS to the domain like you would any old PC.  Log on to the TS with the Win2000 local admin account and Crank up the Network Identification Wizard and request to join the domain using the SBS2003 admin account. Seemed to work fine... Certainly didn't go about creating a unique admin account or join the domain via the Internet Explorer browser... Do you think that's what's caused the issue...? If so, how do we rectify it...?

Thanks
Mike
 
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20400261
Is it a Windows 2000 or 2003 Server?  If Win2K, see http://sbsurl.com/tss2k

But definitely you need to use a unique admin account created by the Add User wizard.

Jeff
TechSoEasy
0
 

Author Comment

by:Steve McIntyre
ID: 20400650
Hi Jeff

Sorry,... It's a Win2003 server configured as a Terminal Server.

It seems odd that we've joined other Win2003 servers to SBS boxes before without noticing this error.

Anyway,.. Still keen to hear a resolution.

Thanks
Mike
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20400654
Are the other Win2003 servers that you've connectred being used as Terminal Servers?

Jeff
TechSoEasy
0
 

Author Comment

by:Steve McIntyre
ID: 20405849
Hi Jeff

No they aren't acting as a Terminal Server. I guess that makes all the difference.

Thanks
Mike
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20408549
Yes, that does make a difference!  :-)
0
 

Author Comment

by:Steve McIntyre
ID: 20408694
Grin - Sooooo what's the fix then...?

Thanks
Mike
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20408876
Remove it and rejoin it properly.

Jeff
TechSoEasy
0
 

Author Comment

by:Steve McIntyre
ID: 20414569
Hi Jeff

Hoping you weren't going to say that - grin... Bummer having to create all those TS user profiles again. Unless you know of some clever way to retain the TS profiles...?

Thanks
Mike
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20415311
Yep... follow "The Easy Way" in http://sbsurl.com/profiles

Jeff
TechSoEasy
0
 

Author Comment

by:Steve McIntyre
ID: 20416958
Thanks Jeff

Some great tips there. Be a while before I get a chance to try them out but I'll be sure to let ya know when I do...

Thanks for all your help.
Mike
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now