ANOTHER Windows cannot access the file gpt.ini for GPO case...
Okay - I'm having the same problem which is well dcumented here:
https://www.experts-exchange.com/questions/21587377/Windows-cannot-access-the-file-gpt-ini-for-GPO.html
The Fix by Marc Nivens: "Open ADU&C, right click on the domain controllers OU, properties. Go to the policy tab, highlight the domain controller security policy and click permission. Grant the Enterprise Domain Controllers and Authenticated Users groups "apply group policy" permissions. Then run gpupdate and see if the error returns".
I get as far as: "Open ADU&C"... right click on the domain controllers OU, properties (where?)
I don't see either of my two DC's listed in the list under the "Computers" folder in order ...
https://www.experts-exchange.com/questions/21587377/Windows-cannot-access-the-file-gpt-ini-for-GPO.html
The Fix by Marc Nivens: "Open ADU&C, right click on the domain controllers OU, properties. Go to the policy tab, highlight the domain controller security policy and click permission. Grant the Enterprise Domain Controllers and Authenticated Users groups "apply group policy" permissions. Then run gpupdate and see if the error returns".
I get as far as: "Open ADU&C"... right click on the domain controllers OU, properties (where?)
I don't see either of my two DC's listed in the list under the "Computers" folder in order ...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks again. I was uncouraged until:
3. In the Registry Editor window, locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\
4. In the right details pane, double-click DisableDFS.
There is no "DisableDFS" key in my details pane under the "Mup" directory...
I checked the path twice...
figures...
?
3. In the Registry Editor window, locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\
4. In the right details pane, double-click DisableDFS.
There is no "DisableDFS" key in my details pane under the "Mup" directory...
I checked the path twice...
figures...
?
See if this works.
https://www.experts-exchange.com/questions/21205363/GPO-Access-Issue-1058-and-1030-Event-ID-Please-help.html
FIX:
Check Trusts, if there is a REALM trust with another DC on the same domain. Remove it. Reboot servers. It will work. If it doesn't and you have tried every other KB or article from above, call Microsoft.
https://www.experts-exchange.com/questions/21205363/GPO-Access-Issue-1058-and-1030-Event-ID-Please-help.html
FIX:
Check Trusts, if there is a REALM trust with another DC on the same domain. Remove it. Reboot servers. It will work. If it doesn't and you have tried every other KB or article from above, call Microsoft.
Your DNS and AD is working fine, right? Have you restart the netlogon service?
ASKER
Yes - as far as I can tell. I just did the start/stop. Stand by...
ASKER
Looks like they're still coming...
A reboot later maybe?
A reboot later maybe?
When did these errors start happening? Did you change anything or updates? Do you have SP1 installed? If you do don't worry about the hotfix but still do the dfsutil.
To resolve event id 1030 and 1058 immediately, contact Microsoft to obtain
the hotfix (the hotfix is free - knowledge base 842804).
As workaround open the command prompt type dfsutil /PurgeMupCache, and then
press ENTER.
To resolve event id 1030 and 1058 immediately, contact Microsoft to obtain
the hotfix (the hotfix is free - knowledge base 842804).
As workaround open the command prompt type dfsutil /PurgeMupCache, and then
press ENTER.
Are you getting any other errors?
ASKER
No other errors. SP1 is installed. They appear to have started as a result of one of two things. There was a power outage in the reginal area tday. Our servers are UPS supported but I powered them down smoothly and restarted them all.
Or (least likely)
It may have been trigerred when I created a new photo library in Sharepoint on the server. The timing directly coincided with this...
"for what ever reason the "dfsutil" command isn't recognized on this machine. I have become pretty furstrated at this point and will pickj up here tomorrow. I suppose I'll just have a mailbox full of error messages. You will be on the points list as soon as I can resolve this. I appreciate al your help! Will probably go for the Microsoft hotfix...
Or (least likely)
It may have been trigerred when I created a new photo library in Sharepoint on the server. The timing directly coincided with this...
"for what ever reason the "dfsutil" command isn't recognized on this machine. I have become pretty furstrated at this point and will pickj up here tomorrow. I suppose I'll just have a mailbox full of error messages. You will be on the points list as soon as I can resolve this. I appreciate al your help! Will probably go for the Microsoft hotfix...
ASKER
Here's the current error:
EVENT # 19639
EVENT LOG Application
EVENT TYPE Error
SOURCE Userenv
EVENT ID 1058
USERNAME NT AUTHORITY\SYSTEM
COMPUTERNAME BUSINESSSERVER
TIME 6/23/2008 4:35:02 PM
MESSAGE Windows cannot access the file gpt.ini for GPO CN=31B2F340-016D-11D2-945F
EVENT # 19639
EVENT LOG Application
EVENT TYPE Error
SOURCE Userenv
EVENT ID 1058
USERNAME NT AUTHORITY\SYSTEM
COMPUTERNAME BUSINESSSERVER
TIME 6/23/2008 4:35:02 PM
MESSAGE Windows cannot access the file gpt.ini for GPO CN=31B2F340-016D-11D2-945F
dfsutli is here
http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en
There are tons of solutions for these errors. Also, if you have SP1 then the hotfix won't apply to you. Is file and printer sharing on? Is SYSVOL still sharing? Try to type \\127.0.0.1 in the run box on the DC to see if the SYSVOL is showing as a share and if you can access the folder without any errors.
http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en
There are tons of solutions for these errors. Also, if you have SP1 then the hotfix won't apply to you. Is file and printer sharing on? Is SYSVOL still sharing? Try to type \\127.0.0.1 in the run box on the DC to see if the SYSVOL is showing as a share and if you can access the folder without any errors.
Netbios is a non-routable protocol. GPOs are populated in the SYSVOL record and distributed out to clients and servers using Netbios broadcasts. By non-routable, this means it will not go over a VPN connection, through a firewall, or across NIAT.
If you have a route to go over, then you should use WINS as the transporter. A quick and very easy test for routing problems is to go into MY NETWORK PLACES and see if the server with the SYSVOL SHARE, that holds the GPO you are trying to get, is listed. Since the browser service will also not work, (because it uses Netbios broadcasts), you shouldn't see the server in MY NETWORK PLACES.
Netbios broadcasts are done on a local lan. Enabling Netbios over TCP/IP is the protocol and WINS is the transport to remote comptuers. An example:
Clients and servers site 1 all using netbios over TCP/IP____WINS connection between the servers____ Servers and clients at site 2 all using netbios over TCP/IP
An alternative fix to the transport is to use DNS for Distributive File shares (DFS). DFS is used to populate a list of shares and GPOs in sysvol that is shared out to the lan, like group policy objects. It is similar to Apple talk in that respect.
If the inability to route Netbios is your problem, there are two fixes to this:
FIX 1) So, here is what you do. You can configure WINS. Below, is an article on how to configure WINS for the Master browser service. All you want is a transport through the VPN tunnel.
http://www.microsoft.com/resources/documentation/windowsnt/4/server/reskit/en-us/net/chptr3.mspx?mfr=true
Alternative fix: Fix 2) An alternative fix is to use DNS as the transport for DFS:
http://support.microsoft.com/kb/244380
PLEASE NOTE: Please look at the key ports used by Windows 2003 anything using ports 137, for WINS and Netbios datagram ports 138 and 139 are effected if you do not use WINS. If all you are after is DFS, then you could use DNS. So, there are drawbacks to using DNS.
If you have a route to go over, then you should use WINS as the transporter. A quick and very easy test for routing problems is to go into MY NETWORK PLACES and see if the server with the SYSVOL SHARE, that holds the GPO you are trying to get, is listed. Since the browser service will also not work, (because it uses Netbios broadcasts), you shouldn't see the server in MY NETWORK PLACES.
Netbios broadcasts are done on a local lan. Enabling Netbios over TCP/IP is the protocol and WINS is the transport to remote comptuers. An example:
Clients and servers site 1 all using netbios over TCP/IP____WINS connection between the servers____ Servers and clients at site 2 all using netbios over TCP/IP
An alternative fix to the transport is to use DNS for Distributive File shares (DFS). DFS is used to populate a list of shares and GPOs in sysvol that is shared out to the lan, like group policy objects. It is similar to Apple talk in that respect.
If the inability to route Netbios is your problem, there are two fixes to this:
FIX 1) So, here is what you do. You can configure WINS. Below, is an article on how to configure WINS for the Master browser service. All you want is a transport through the VPN tunnel.
http://www.microsoft.com/resources/documentation/windowsnt/4/server/reskit/en-us/net/chptr3.mspx?mfr=true
Alternative fix: Fix 2) An alternative fix is to use DNS as the transport for DFS:
http://support.microsoft.com/kb/244380
PLEASE NOTE: Please look at the key ports used by Windows 2003 anything using ports 137, for WINS and Netbios datagram ports 138 and 139 are effected if you do not use WINS. If all you are after is DFS, then you could use DNS. So, there are drawbacks to using DNS.
ASKER
dariusg: File and Printer sharing is on. It's a file and print server. Ssvol is showing as a share. Not sure what you mean when you ask if I can access it but I can open it without any problems.
ChiefIT: that all went a little over my head. In fix one, VPN is mentioned but the server is in no way associated with our VPS service here (other than outside clients access it through VPN). Is that the intended message? I can tell you that WINS is enabled on the machine and actually points to itself for the IP. Interestingly, every time I close the WINS Tab and go to close TCP/IP properties, I get a multiple gateways warning...
ChiefIT: that all went a little over my head. In fix one, VPN is mentioned but the server is in no way associated with our VPS service here (other than outside clients access it through VPN). Is that the intended message? I can tell you that WINS is enabled on the machine and actually points to itself for the IP. Interestingly, every time I close the WINS Tab and go to close TCP/IP properties, I get a multiple gateways warning...
Check out the last comments and illistration I made on this post and see if that clarifies things.
https://www.experts-exchange.com/questions/23507742/Lots-of-Event-1053-Errors.html?cid=238&anchorAnswerId=21866098#a21866098
https://www.experts-exchange.com/questions/23507742/Lots-of-Event-1053-Errors.html?cid=238&anchorAnswerId=21866098#a21866098
Have you ran the dfsutil /PurgeMupCache?
ASKER
Thanks
ASKER
Stil getting the error though...
Windows cannot access the file gpt.ini for GPO CN=31B2F340-016D-11D2-945F
Event ID 1030 in the System Even Log: Windows cannot query for the list of Group Policy Objects. Check the event log for possible messages previusly logged by the policy egine that describes the reason for this"...
?