Event ID's 1030 & 1058 on W2K3 R1 DC

Posted on 2009-02-23
Medium Priority
Last Modified: 2012-05-06
I have 2 current DC's in 2 sites. I promoted a new additional DC in the main site successfully this morning. I started to note GP policy errors shortly afterwards. As a result I demoted it about 3 hours later so that I could look into the problem. About the time of the promotion I have noticed three occurences of Event Id's 1030 and 1058 on the current dc (W2K3 R1 SP2) for the site.

1030 -

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

1058 -

Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=local. The file must be present at the location <\\domain.local\sysvol\domain.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

I have also noticed that when I try and edit the default domain controllers policy (different policy uid) on the dc I get the attached error. I have checked and the gpt.ini file exists in the path C:\WINDOWS\SYSVOL\domain\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9} GP Edit Error) and C:\WINDOWS\SYSVOL\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9} (Event Viewer error).

There haven't been any occurences of the 1030 or 1058 for about 3 hours but I want to make sure this problem is fixed before I reattempt DC promotion on the new server.

Any help would be greatly appreciated.
Question by:delkent
  • 2

Author Comment

ID: 23711308
Additional error screendump added
LVL 27

Accepted Solution

bluntTony earned 1500 total points
ID: 23711498
I had a similar 1058 error recently. If you've confirmed DNS is functioning properly and that gpt.ini does actually exist in the location specified, check that the TCP/IP NetBIOS Helper service is running. This resolved this issue for me.

The two attached jpgs suggest that maybe the system.adm template is corrupted for the policy. You could try restoring the policy from a backup (redirect SYSVOL restore to an alternate location and restore).

Although if the errors have stopped and group policy is updating correctly, FRS and AD replication are functioning properly, then it may not be necessary...


Author Closing Comment

ID: 31550081
BluntTony - thanks - managed to fix by reapplying admin template to domain controller policy

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question