Group Policy Settings Aborted because the system cannot find the path specified

Posted on 2008-11-03
Last Modified: 2010-04-21
We are getting a ton of events logged in the event viewer of our terminal servers and desktops.  The desktops are getting the following event ID numbers:

Event ID # 1058
Windows cannot access the file gpt.ini for GPO cn={A26D1679-F3B6-4014-815A-D920FB11DD60},cn=policies,cn=system,DC=MyDomain,DC=Local. The file must be present at the location <\\MyDomain.Local\sysvol\\Policies\{A26D1679-F3B6-4014-815A-D920FB11DD60}\gpt.ini>. (The system cannot find the path specified. ). Group Policy processing aborted.

Event ID # 1030
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

When I try to browse to the sysvol folder from the desktops by dns name (for example \\mydomain.local\sysvol), I get a sysvol folder without the correct files in it.  When I do it by IP Address of either one of my domain controllers (for example \\\sysvol), the files show up correctly.

I have tried to flush dns, reboot, ping the domain name, etc... Everything seems to come out ok except I still continue to recieve the errors.  I even tried deleting and recreating GPO's and that temporarily resolved it but then it continued.

On the Terminal Servers I am getting the Following Evend ID numbers:

Event ID # 1053
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event ID # 1000
Could not execute the following script myscript.bat. The system cannot find the file specified.

The Sysvol folder appears to be showing up correctly on the Terminal Servers by both the domain and ip address.  So I am not sure why I am getting the above errors.  I have tried flushing the DNS, rebooting, registering DNS.

A little more about our enviornment
-(2) Domain Conotrollers are on Microsoft Windows 2003 SP2, they also run the DNS and DHCP.
-Terminal Servers are on Microsoft Windows 2003 Enterprise Edition
-Workstations are on Microsoft Windwos XP Pro SP3

Question by:TimHowell
    LVL 35

    Expert Comment

    by:Joseph Daly
    Shot in the dark here but have you tried forcing an AD replication?

    Author Comment

    I had tried replicating with no luck.  It appears that only new group policies are not showing up.  It is a very weird problem because we only have two domain controllers and when I go to them each individually they both have all of the information.  But when I use the domain name I dont get them.  I am using the same user, same machine, etc&  So that tells me that it should not be a permission problem or file problem.  The only other thing I may have to add is that we are running DFS, but I dont think that has any relations to the sysvol information.
    LVL 38

    Expert Comment

    Pls check your FRS event logs for any events in the 13000's. Errors 13508 and 13565, may elude to journal wrap.

    If in journal wrap, you will probably have to use the burflag method to reset your replication set. However, journal wrap is 99.99% of the time caused by DNS problems. So, it might be best to run netdiag and DCdiag to check for any DNS discrepancies prior to running the burflags to reset your replication set.

    Author Comment

    Thanks for the reply.  There was nothing in the FRS event log.  I have run both netdiag /fix and dcdiag /fix.  Any other ideas?
    LVL 38

    Expert Comment

    Then go to the command prompt and type:
    DFSutil /purgemupcache

    Author Comment

    I ran it on one of the domain controllers and it complete succesfully but the issue is still persists.  Do I need to run the command on other machines?  Thank you,
    LVL 38

    Expert Comment

    Do you see any errors on DNS in event logs or through a DCdiag report?

    Author Comment

    OK, so after messing with it a little more it looks like one of the domain controllers does have old information, at least a couple policies.  I went through all the steps of Reconnecting a Domain Controller after a long term disconnection from this article without any luck.  I did notice an error in the DNS event log but I am not exactly sure what it means.

    Event ID # 4515

    The zone was previously loaded from the directory partition MicrosoftDNS but another copy of the zone has been found in directory partition The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible.
    If an administrator has moved this zone from one directory partition to another this may be a harmless transient condition. In this case, no action is necessary. The deletion of the original copy of the zone should soon replicate to this server.
    If there are two copies of this zone in two different directory partitions but this is not a transient caused by a zone move operation then one of these copies should be deleted as soon as possible to resolve this conflict.
    To change the replication scope of an application directory partition containing DNS zones and for more details on storing DNS zones in the application directory partitions, please see Help and Support.

    For more information, see Help and Support Center at
    LVL 38

    Expert Comment

    Oh, there it is:

    You know this seems to be happenning more and more often. It sounds like the forward or reverse lookup zones are a stub zone of itself.

    Last time I ran into this, we had to remove the forward lookup zone and rebuild if from scratch. Check for the stub zone.

    Author Comment

    It only seems to be happening on one of my domain controllers.  I am thinking about demoting it and bringing it back online because it is an older machine anyway.  We did a domain rename last year, I wonder if that could be part of the original issue.  Since I have taken that domain controller off line the errors have gone away.

    Do you think that the demotion/dcpromo will resolve the issue?  I am not sure about how to check for a stub zone.  I will do some research.  I have scheduled some down time for this evening.

    Thank you for all of your assistance.  
    LVL 38

    Accepted Solution

    No, it sounds like you have metadata of that old demotion. Maybe DNS, FRS or AD metadata. Have you considered looking into a metadata cleanup.

    Prior to demoting, I would consider fixing DNS. So, if AD integrated make it not so, Then, remove the DNS service or remove the FWD lookup zone by going into server management. It sounds like you may have a forward lookup zone that is a stub zone of itself.

    Author Closing Comment

    I ended up getting with Microsoft support because this issue became critical and they were able to resolve it.  There were a lot of different  steps as highlighted below and also have the KB articles.

    PROBLEM: -->>FRS replication issue, sysvol was not shared

    RESOLUTION: -->>One dc was not replicating since week and a half
    -->>Tried adding and demoting problem server, did not help
    -->>Domain was huttotx.Gov
    -->>DC was mitisdc1 and dc1
    -->>Mitisdc1 was PDC
    -->>Sysvol was shared and had 54 policies
    -->>Received event ids as 1925, 4515,13555, 13552.
    -->>Had dfs configured
    -->>Ran dfsutil/pktinfo
    -->>Ran net stop dns & net stop netlogon & net stop ntfrs & ipconfig /flushdns & ipconfig /registerdns & net start dns & net start netlogon & net start ntfrs & netdiag /fix & repadmin /syncall /d /e & repadmin /kcc & dfsutil /purgemupcache &  net stop kdc & net start kdc & gpupdate /force & w32tm /resync
    -->>Got no time data available for resync
    -->>Type was NT5DS changed to NTP, announce flag to 5, maxpos and neg poll to 3600, special poll interval to 900.
    -->>Sysvol was shared on mitisdc1 but was unshared on dc1
    -->>We were able to ping domain from both servers and also access shares.
    -->>Changed binding order on dc1
    -->>Policies and scripts were absent
    -->>Did a d2 on dc1, failed
    -->>Took backup of policies and scripts on mitisdc1
    -->>Did a d4 on mitisdc1 and d2 on dc1 on cumulative set.
    -->>It took some time for policies to propagate down to dc1 as they were 54 in number
    -->>Sysvol got shared
    -->>Now we received event id 1925, added maxpacket size
    -->>Restarted the server
    -->>We received event id 4151
    -->>Deleted duplicate zone

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now