Solved

Event 1030 logged every 5 minutes on 2008 PDC

Posted on 2009-06-28
15
608 Views
Last Modified: 2013-12-02
Hi,

We have 2 windows 2008 servers on the same site, both are domain controllers. (1 server is going to be moved later to a different location)

On the PDC we get every 5 minutes event 1030:

The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

The other server does not have this error.

I have also noticed that on the problem server loading the Active Directory User and Computers mmc takes longer than on the other (good) server.

Any idea where to look? The problem server does not have any other strange event's at this moment.

Here is the output of DCDIAG of the problem server:


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = SERVER

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Remco\SERVER

      Starting test: Connectivity

         ......................... SERVER passed test Connectivity



Doing primary tests

   
   Testing server: Remco\SERVER

      Starting test: Advertising

         ......................... SERVER passed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SERVER passed test FrsEvent

      Starting test: DFSREvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... SERVER failed test DFSREvent

      Starting test: SysVolCheck

         ......................... SERVER passed test SysVolCheck

      Starting test: KccEvent

         ......................... SERVER passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... SERVER passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... SERVER passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=w-a,DC=nl
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=w-a,DC=nl
         ......................... SERVER failed test NCSecDesc

      Starting test: NetLogons

         ......................... SERVER passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... SERVER passed test ObjectsReplicated

      Starting test: Replications

         ......................... SERVER passed test Replications

      Starting test: RidManager

         ......................... SERVER passed test RidManager

      Starting test: Services

         ......................... SERVER passed test Services

      Starting test: SystemLog

         An Error Event occurred.  EventID: 0x00000406

            Time Generated: 06/28/2009   13:39:59

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error

            0x3afc)        

         ......................... SERVER failed test SystemLog

      Starting test: VerifyReferences

         ......................... SERVER passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : w-a

      Starting test: CheckSDRefDom

         ......................... w-a passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... w-a passed test CrossRefValidation

   
   Running enterprise tests on : w-a.nl

      Starting test: LocatorCheck

         ......................... w-a.nl passed test LocatorCheck

      Starting test: Intersite

         ......................... w-a.nl passed test Intersite

0
Comment
Question by:rwijbenga
  • 8
  • 3
  • 2
  • +2
15 Comments
 
LVL 30

Expert Comment

by:renazonse
ID: 24731865
this isn't an uncommon problem...run through the steps in this article :
http://www.chicagotech.net/troubleshooting/event1058.htm

0
 

Author Comment

by:rwijbenga
ID: 24731911
Hi,

I have checked all the options in the link, but no problems there. The syvol share an security setting are good....

DFS is also working correctly according to the DCDIAG output, and other test I did.


0
 
LVL 21

Expert Comment

by:snusgubben
ID: 24732067
You could try to run: dfsutil /purgemupcache

on the DC that report the 1030 event. Also make sure DNS settings on the NIC on both DC is correct.

SG
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24732102
Another good link with a lot of troubleshooting steps is here:
http://support.microsoft.com/kb/887303
dfsutil command that SG mentioned is step 8...easy to quickly try it.
Thanks
Mike
0
 

Author Comment

by:rwijbenga
ID: 24732631
HI,

I have tried the dfsutil option, but no luck... The dns setting on both nic's are correct. I am going to test the other trouble shooting options from the link above tomorrow.

Thanks.
0
 

Author Comment

by:rwijbenga
ID: 24739170
Hi,

After testing all the sollutions from the MS link, but no luck.... I am starting to think that this problem has no solution....

The strange thing is I only have this even logged every 5 minutes, normasly this event comes with other events...... ?!?

Any other idea's?

Thanks
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 24740394
It's not strange that this is logged every 5 minute on the DC since every 5 minute the DC "refresh" their Group Policy.

When you say it takes longer to open ADUC on one of the DC then the other it could be a DNS issue. Are your DC pointing to them self as prefered DNS? (with their IP, not the loopback address)

Do both DC share out their SYSVOL? Run "net share" on both DC.

If both DC are sharing out their SYSVOL they both think that the replication is ok and will notify the netlogon service that it should share out the SYSVOL. You could try to reinitialize the SYSVOL with the Burflag method http://support.microsoft.com/kb/290762.

Also check that both DC have the same amount of policies in their SYSVOL.


SG
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:rwijbenga
ID: 24754367
Hi,

The DNS is configered on both server's tot use their own DNS service and that of the other server. That should be good.

Sysvol is shared on both servers.

The sysvol contains on both servers the same files and size....

Could someone perhaps provide a directory tree of the policies folder ? So I can check if not files are missing from the default setup.


Thanks
0
 

Author Comment

by:rwijbenga
ID: 24762947
Hi,

I have noticed that I now have an error when editing the default domain policy, it tells me it can not load the wireless security setting policy.....

Is there anyway to get the default policy's back ? Whe don't use policy's on our network, so there are no settings that could be lost.


Thanks.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 24763572
Look at 3a: http://support.microsoft.com/kb/315457 to see the SYSVOL three.

The "dcgpofix" tool will reset the default domain policy (ddp) and the default domain controller policy (ddcp) back to the state it was when your domain was build. You could choose to "revert" both the DDP and the DDCP or only one of them.


SG
0
 

Author Comment

by:rwijbenga
ID: 24821786
Been a few days busy with other thing... :)

But an update, I did the dcgpofix, but no luck...

Also I get an error when editing the Default Domain Policy under:

Computer Configuration/Windows Setting/Security Settings

This takes a long time and them comes the following error:

"The Wirelessnetwork policy storage could not be opened. The following error occured: Error 80070031"

Any idea's, my feeling is this is related to the main problem... ?!?

thanks.
0
 

Accepted Solution

by:
amirson earned 500 total points
ID: 25561829
I have the exact same simptoms with only one DC. This should eliminate some possibilities as far as having two domain controllers.

I am getting both, the recurring 1030 Event and "The wirelessnetwork policy storage .... " while opening the above mentioned section of the Default Domain Policy.

This started right after I installed several Windows Updates.  At this point, I am trying to determine which update caused this. attached is a list of updates done that day. Will post findings.
Updates.JPG
0
 

Author Comment

by:rwijbenga
ID: 25595441
I am curious if you find the solution !
0
 

Expert Comment

by:amirson
ID: 25625920
Ok,
I found the problem, but unfortunately I don't have an explanation of why this would happen. So here goes..
I have a Juniper GW, and an ISA 2006 server. I have the Juniper set as my DG on this server, but still use the ISA firewall client.  If I disable the FW client this error goes away, and everything else operates normally.

The reason why I thought it was a windows update, originally, was because windows update was not working without the FW client on.  I figured that out the same day I installed all those updates.
 
this is a very specific scenario, hopefully it applies to you as well.

Please post if it does, very curious now..
0
 

Author Closing Comment

by:rwijbenga
ID: 31597711
No usable answers
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now