rwijbenga
asked on
Event 1030 logged every 5 minutes on 2008 PDC
Hi,
We have 2 windows 2008 servers on the same site, both are domain controllers. (1 server is going to be moved later to a different location)
On the PDC we get every 5 minutes event 1030:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
The other server does not have this error.
I have also noticed that on the problem server loading the Active Directory User and Computers mmc takes longer than on the other (good) server.
Any idea where to look? The problem server does not have any other strange event's at this moment.
Here is the output of DCDIAG of the problem server:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SERVER
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Remco\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Remco\SERVER
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER failed test DFSREvent
Starting test: SysVolCheck
......................... SERVER passed test SysVolCheck
Starting test: KccEvent
......................... SERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=w-a,D C=nl
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=w-a,D C=nl
......................... SERVER failed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: Replications
......................... SERVER passed test Replications
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: Services
......................... SERVER passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x00000406
Time Generated: 06/28/2009 13:39:59
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
......................... SERVER failed test SystemLog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : w-a
Starting test: CheckSDRefDom
......................... w-a passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... w-a passed test CrossRefValidation
Running enterprise tests on : w-a.nl
Starting test: LocatorCheck
......................... w-a.nl passed test LocatorCheck
Starting test: Intersite
......................... w-a.nl passed test Intersite
We have 2 windows 2008 servers on the same site, both are domain controllers. (1 server is going to be moved later to a different location)
On the PDC we get every 5 minutes event 1030:
The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
The other server does not have this error.
I have also noticed that on the problem server loading the Active Directory User and Computers mmc takes longer than on the other (good) server.
Any idea where to look? The problem server does not have any other strange event's at this moment.
Here is the output of DCDIAG of the problem server:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SERVER
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Remco\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Remco\SERVER
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER failed test DFSREvent
Starting test: SysVolCheck
......................... SERVER passed test SysVolCheck
Starting test: KccEvent
......................... SERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=w-a,D
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=w-a,D
......................... SERVER failed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: Replications
......................... SERVER passed test Replications
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: Services
......................... SERVER passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x00000406
Time Generated: 06/28/2009 13:39:59
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
......................... SERVER failed test SystemLog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : w-a
Starting test: CheckSDRefDom
......................... w-a passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... w-a passed test CrossRefValidation
Running enterprise tests on : w-a.nl
Starting test: LocatorCheck
......................... w-a.nl passed test LocatorCheck
Starting test: Intersite
......................... w-a.nl passed test Intersite
ASKER
Hi,
I have checked all the options in the link, but no problems there. The syvol share an security setting are good....
DFS is also working correctly according to the DCDIAG output, and other test I did.
I have checked all the options in the link, but no problems there. The syvol share an security setting are good....
DFS is also working correctly according to the DCDIAG output, and other test I did.
You could try to run: dfsutil /purgemupcache
on the DC that report the 1030 event. Also make sure DNS settings on the NIC on both DC is correct.
SG
on the DC that report the 1030 event. Also make sure DNS settings on the NIC on both DC is correct.
SG
Another good link with a lot of troubleshooting steps is here:
http://support.microsoft.c om/kb/8873 03
dfsutil command that SG mentioned is step 8...easy to quickly try it.
Thanks
Mike
http://support.microsoft.c
dfsutil command that SG mentioned is step 8...easy to quickly try it.
Thanks
Mike
ASKER
HI,
I have tried the dfsutil option, but no luck... The dns setting on both nic's are correct. I am going to test the other trouble shooting options from the link above tomorrow.
Thanks.
I have tried the dfsutil option, but no luck... The dns setting on both nic's are correct. I am going to test the other trouble shooting options from the link above tomorrow.
Thanks.
ASKER
Hi,
After testing all the sollutions from the MS link, but no luck.... I am starting to think that this problem has no solution....
The strange thing is I only have this even logged every 5 minutes, normasly this event comes with other events...... ?!?
Any other idea's?
Thanks
After testing all the sollutions from the MS link, but no luck.... I am starting to think that this problem has no solution....
The strange thing is I only have this even logged every 5 minutes, normasly this event comes with other events...... ?!?
Any other idea's?
Thanks
It's not strange that this is logged every 5 minute on the DC since every 5 minute the DC "refresh" their Group Policy.
When you say it takes longer to open ADUC on one of the DC then the other it could be a DNS issue. Are your DC pointing to them self as prefered DNS? (with their IP, not the loopback address)
Do both DC share out their SYSVOL? Run "net share" on both DC.
If both DC are sharing out their SYSVOL they both think that the replication is ok and will notify the netlogon service that it should share out the SYSVOL. You could try to reinitialize the SYSVOL with the Burflag method http://support.microsoft.com/kb/290762.
Also check that both DC have the same amount of policies in their SYSVOL.
SG
When you say it takes longer to open ADUC on one of the DC then the other it could be a DNS issue. Are your DC pointing to them self as prefered DNS? (with their IP, not the loopback address)
Do both DC share out their SYSVOL? Run "net share" on both DC.
If both DC are sharing out their SYSVOL they both think that the replication is ok and will notify the netlogon service that it should share out the SYSVOL. You could try to reinitialize the SYSVOL with the Burflag method http://support.microsoft.com/kb/290762.
Also check that both DC have the same amount of policies in their SYSVOL.
SG
ASKER
Hi,
The DNS is configered on both server's tot use their own DNS service and that of the other server. That should be good.
Sysvol is shared on both servers.
The sysvol contains on both servers the same files and size....
Could someone perhaps provide a directory tree of the policies folder ? So I can check if not files are missing from the default setup.
Thanks
The DNS is configered on both server's tot use their own DNS service and that of the other server. That should be good.
Sysvol is shared on both servers.
The sysvol contains on both servers the same files and size....
Could someone perhaps provide a directory tree of the policies folder ? So I can check if not files are missing from the default setup.
Thanks
ASKER
Hi,
I have noticed that I now have an error when editing the default domain policy, it tells me it can not load the wireless security setting policy.....
Is there anyway to get the default policy's back ? Whe don't use policy's on our network, so there are no settings that could be lost.
Thanks.
I have noticed that I now have an error when editing the default domain policy, it tells me it can not load the wireless security setting policy.....
Is there anyway to get the default policy's back ? Whe don't use policy's on our network, so there are no settings that could be lost.
Thanks.
Look at 3a: http://support.microsoft.com/kb/315457 to see the SYSVOL three.
The "dcgpofix" tool will reset the default domain policy (ddp) and the default domain controller policy (ddcp) back to the state it was when your domain was build. You could choose to "revert" both the DDP and the DDCP or only one of them.
SG
The "dcgpofix" tool will reset the default domain policy (ddp) and the default domain controller policy (ddcp) back to the state it was when your domain was build. You could choose to "revert" both the DDP and the DDCP or only one of them.
SG
ASKER
Been a few days busy with other thing... :)
But an update, I did the dcgpofix, but no luck...
Also I get an error when editing the Default Domain Policy under:
Computer Configuration/Windows Setting/Security Settings
This takes a long time and them comes the following error:
"The Wirelessnetwork policy storage could not be opened. The following error occured: Error 80070031"
Any idea's, my feeling is this is related to the main problem... ?!?
thanks.
But an update, I did the dcgpofix, but no luck...
Also I get an error when editing the Default Domain Policy under:
Computer Configuration/Windows Setting/Security Settings
This takes a long time and them comes the following error:
"The Wirelessnetwork policy storage could not be opened. The following error occured: Error 80070031"
Any idea's, my feeling is this is related to the main problem... ?!?
thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am curious if you find the solution !
Ok,
I found the problem, but unfortunately I don't have an explanation of why this would happen. So here goes..
I have a Juniper GW, and an ISA 2006 server. I have the Juniper set as my DG on this server, but still use the ISA firewall client. If I disable the FW client this error goes away, and everything else operates normally.
The reason why I thought it was a windows update, originally, was because windows update was not working without the FW client on. I figured that out the same day I installed all those updates.
this is a very specific scenario, hopefully it applies to you as well.
Please post if it does, very curious now..
I found the problem, but unfortunately I don't have an explanation of why this would happen. So here goes..
I have a Juniper GW, and an ISA 2006 server. I have the Juniper set as my DG on this server, but still use the ISA firewall client. If I disable the FW client this error goes away, and everything else operates normally.
The reason why I thought it was a windows update, originally, was because windows update was not working without the FW client on. I figured that out the same day I installed all those updates.
this is a very specific scenario, hopefully it applies to you as well.
Please post if it does, very curious now..
ASKER
No usable answers
http://www.chicagotech.net/troubleshooting/event1058.htm