Solved

Group Policy error message appearing on all workstation and servers in the domain

Posted on 2008-06-09
7
2,031 Views
Last Modified: 2012-06-27
Group Policies seem to be working and domain controllers are replicating (GPOtool.exe), but workstations and servers are showing the event ID 1085 error whenever Group Policies refresh.  
Would love to get rid of this error.  The Userenv log indicates that the error occurs when processing the Default Domain Policy (see below).  In addition, the log lists that the RSOP entry point cannot be found for any of the .dll files.  I re-registered the .dll files on my workstation.  All but appmgmts.dll can be registerded (error is that no entry point can be found).  Below is a portion of the Userenv log that indicates the actual error message.  Any help or pointers in the right direction in terms of troubleshooting this nagging issue would be most appreciated.   USERENV(254.880) 11:50:53:886 ProcessGPOs: -----------------------
USERENV(254.a90) 11:50:53:886 ProcessGPOs: Processing extension Scripts
USERENV(254.880) 11:50:53:886 ReadStatus: Read Extension's Previous status successfully.
USERENV(254.a90) 11:50:53:901 CompareGPOLists:  The lists are the same.
USERENV(254.880) 11:50:53:901 CompareGPOLists:  Different entries found.
USERENV(254.a90) 11:50:53:901 CheckGPOs: No GPO changes but called in force refresh flag or extension Scripts needs to run force refresh in foreground processing
USERENV(254.880) 11:50:53:901 ProcessGPOList: Entering for extension Scripts
USERENV(254.a90) 11:50:53:917 ProcessGPOList: Entering for extension Scripts
USERENV(254.880) 11:50:53:933 LogExtSessionStatus: Successfully logged Extension Session data
USERENV(254.a90) 11:50:53:948 LogExtSessionStatus: Successfully logged Extension Session data
USERENV(254.880) 11:50:54:042 ProcessGPOList: Extension Scripts returned 0x2.
USERENV(254.880) 11:50:54:058 ProcessGPOList: Extension Scripts was able to log data. RsopStatus = 0x0, dwRet = 2, Clearing the dirty bit
USERENV(254.880) 11:50:54:073 ProcessGPOs: Extension Scripts ProcessGroupPolicy failed, status 0x2.
0
Comment
Question by:GilardiCo
  • 4
  • 3
7 Comments
 

Author Comment

by:GilardiCo
ID: 21746305
An additional comment on my issue:   Running the RSOP I am getting an error message on the computer configuration summary under component status.  It is saying that a script is failing - The system cannot find the file.  I currently have only 1 script running on the computer side of things that changes the local admin user name.  I have deleted this policy and still get the error message.  Placed all my scripts in the Netlogon folder.  Rights to access the scripts seem to be ok.  Is my issue at the local policy level relative to client-side extensions?
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 21758951
0
 

Author Comment

by:GilardiCo
ID: 21762292
Dan, many thanks for the article.  In reading it, I decided to do a thorough check of all our group policies as they are set up physically on our Domain Controller. One thing I noticed is is that in my default domain policy in the User configuration section there is a Script.ini file (with nothing in it).  I think this is because at one time we had a script running in the default domain policy and decided to remove that script and create a separate policy for it.  Since there is no longer any script configured for the default domain policy would this empty script.ini file possibly be the culprit for the error messages we are getting?  If so, should I remove the script.ini file since there is no script that it is associated with it?  Any further advice at this point would be most helpful.
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 21768244
Hi
I checked our sysvol but I can't find any script.ini file. So before to delete anything search on Microsoft site the GPMC( if you don't have already). In the Program files\GPMC folder you will see some good scripts. The first you need to use is BackupAllGPO.
Then you can play with, because there you have RestoreGPO for undo.
Anyway sometime backupAllGPO folowed by RestoreAllGPO can do miracle.
Just try it.

DaN
0
 

Author Comment

by:GilardiCo
ID: 21774611
Thx Dan.  I backed up my GPO's and removed the empty scripts.ini file from the Default Domain Policy.  No changes to report unfortunately.
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 21777603
If you have a good backup now you can delete all policys, and then recreate. Or restore from backup
0
 

Accepted Solution

by:
GilardiCo earned 0 total points
ID: 22388670
The fix for the issue turned out to be reinstalling a script in the default domain policy computer configuration startup section that I had previously removed and put in a separate GPO.  Am guessing that I initially made changes in the GPOs without waiting enough time for replication between domain controllers to occur. For whatever reason, it turned out that the Default Domain Policy was looking for that script even though it had been removed.  Case closed.
0

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now