Tech or Treat! Write an article about your scariest tech disaster to win gadgets!Learn more


Windows cannot access the file gpt.ini for GPO

Posted on 2008-06-10
Medium Priority
Last Modified: 2013-12-04
Hi there,
In my application log I am constantly receiving this error:

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1058
Date:            10/06/2008
Time:            3:54:24 PM
User:            NT AUTHORITY\SYSTEM
Computer:                   SBSSYD01
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=selectfunds,DC=local. The file must be present at the location <\\selectfunds.local\sysvol\selectfunds.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at

I have just reinstalled Active Directory on our Disaster Recovery Server and am now receiving this error every 5 mins. I think it has to do with GPO and permissions.  I've checked that the Administrator has access to the SYSVOL share however if i try to go to \\selectfunds.local from the command prompt i receive access denied so i can't access the gpt.ini file via that path but i can access this share fine on our live server (note: This problem is happening to our disaster recovery server which is an exact replica of our live server).  So i'm thinking its a permission or corrupt registry setting somewhere.  Does anyone have any ideas?  Thanks
Question by:nina007
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1

Assisted Solution

richammond earned 600 total points
ID: 21749112
make sure you have DFS enabled or check your IP settings. Also, if using 2 or more NICs, disable them all but one on that server. Make sure that NIC has a static DNS server and disable netbios. Hope this helps

Expert Comment

ID: 21749386
What do you mean by "exact replica"?
Is it just an image of the production server?

Are these events generated on a client machine connecting to the DR server, or the DR server itself?


Expert Comment

ID: 21749416
How have you restored the DR Server?
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.


Author Comment

ID: 21749501
Ok so i have an HP ML150 server as my DR server which is an exact replica in that i've restored the C:\ drive and the system state and all data.  I used Veritas Backup exec 10.d to restore this data. It is different hardware but it's an image of our production server in regards to software.

richammond can you please tell me what DFS is. I have 2 NICs - one for internal access and one for external.  Why do i need to disable all but 1 NIC as i used both.
The errors are generated on the server itself when i connect to it via terminal services.

I restored the DR server but restoring the system state and C:\ drive on windows 2003 SBS.  I had an inital problem after i restore the data as my DR server did not have SP1 installed but the backup tapes i used were from windows 2003 SBS SP1.  I've overcome my inital boot-up probs and have re-installed SP1 on the server. see for more info on my inital probs.  But these have been resolved. I'm just constantly getting the error as listed above every 5 mins or so in my log file.


Author Comment

ID: 21749515
Also i am running windows 2003 SBS SP1, not Windows 2003 SBSR2.

Expert Comment

ID: 21749576
DFS client/server services are listed in start>run>services.msc. Check to see if those services have started. See if starting them clears the errors. However, DFS on an SBS box might be the least of your worries.

Also, check to see if the time is correct on the server. I know it's a single DC but it can't hurt.

richammond was mentioning the dual NIC interfaces as SBS/DNS can often be affected with multi-homed servers. Are you using both for a specific purpose (RRAS, NAT, etc)? If so, temporarily disable one and see how that helps.


Assisted Solution

SkiptonBS earned 150 total points
ID: 21749993
Ensure that your LAN nic is the higher in priority than the WAN nic.

Start>Settings>Network Connections

Click Advanced menu and Advanced Settings.

Also confirm that the same NTFS permissions are set the same as your production environment.

Author Comment

ID: 21750212
HI guys, thanks for your help so far. I checked my settings against the production server and the only difference was that i had enabled Netbios over TCP/IP on the WINS tab within my internal NIC settings. I changed this to be default: use NETBIOS setting from DHCP server and i think this has fixed this problem as i am not seeing these errors in the event log. Thanks for suggesting to check NetBios settings. However I'm having a few more probs.... my lsass.exe service in task manager is using over 25% of CPU and my server is running very slowly.  

Also, every 30 secs an error log is generated from the application log saying:
Event ID: 1000
Source: Windows Share Point Services 2.0
#50070: Unable to connect to te database STS_Config on SBSSYD01\Sharepoint.  Check the database connection information and make sure the server is running.

I am going to restore my SQL sharepoint database again and see if i can get this to fix my error. Any ideas on why lsass.exe is using up so much CPU???

Accepted Solution

Dovinshka earned 750 total points
ID: 21750257
lsass.exe is responsible for logon/authentication. This can quite possibly be caused by a corrupt Sharepoint config/install. Check your event logs under security and see if there are any requests/failures that are higher than normal.

You can also download Process Monitor to see exactly what is happening in the background. You can find Process Monitor here -


Author Comment

ID: 21750567
oops i celebrated too error message is back in the logs. It was just hard to see with all the sharepoint errors. Do you think if i restore my sharepoint databases this could resolve these errors?  What else can you suggest to fix my original error 1058, cannot access file gpt.ini

Author Comment

ID: 21758620
After i restored my Sharepoint database and restarted my errors have stopped appearing.  Thanks for your help.

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

648 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question