Event ID's 1030 & 1058 on W2K3 R1 DC

Posted on 2009-02-23
Last Modified: 2012-05-06
I have 2 current DC's in 2 sites. I promoted a new additional DC in the main site successfully this morning. I started to note GP policy errors shortly afterwards. As a result I demoted it about 3 hours later so that I could look into the problem. About the time of the promotion I have noticed three occurences of Event Id's 1030 and 1058 on the current dc (W2K3 R1 SP2) for the site.

1030 -

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

1058 -

Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=local. The file must be present at the location <\\domain.local\sysvol\domain.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

I have also noticed that when I try and edit the default domain controllers policy (different policy uid) on the dc I get the attached error. I have checked and the gpt.ini file exists in the path C:\WINDOWS\SYSVOL\domain\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9} GP Edit Error) and C:\WINDOWS\SYSVOL\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9} (Event Viewer error).

There haven't been any occurences of the 1030 or 1058 for about 3 hours but I want to make sure this problem is fixed before I reattempt DC promotion on the new server.

Any help would be greatly appreciated.
Question by:delkent

    Author Comment

    Additional error screendump added
    LVL 27

    Accepted Solution

    I had a similar 1058 error recently. If you've confirmed DNS is functioning properly and that gpt.ini does actually exist in the location specified, check that the TCP/IP NetBIOS Helper service is running. This resolved this issue for me.

    The two attached jpgs suggest that maybe the system.adm template is corrupted for the policy. You could try restoring the policy from a backup (redirect SYSVOL restore to an alternate location and restore).

    Although if the errors have stopped and group policy is updating correctly, FRS and AD replication are functioning properly, then it may not be necessary...


    Author Closing Comment

    BluntTony - thanks - managed to fix by reapplying admin template to domain controller policy

    Featured Post

    Courses: Start Training Online With Pros, Today

    Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

    Join & Write a Comment

    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now