Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

GPO access denied.

Posted on 2009-07-06
3
Medium Priority
?
767 Views
Last Modified: 2012-05-07
I add new server to the domain. don't know what happen, but now on all exist server, I got error when tried to modify GPO.

 "You do not have permission to perform this operation", Access denied.

I can now only able to access GPO using new server.  I used administrator login to all DC.

HELP>>
0
Comment
Question by:ajeab
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24790034
You need to first go through the logs on those DCs and also run dcdiag and see what sort of errors you are getting on those DCs that are having this problem.
So all you did was just promote a new box and nothing else?
Thanks
Mike
0
 
LVL 6

Author Comment

by:ajeab
ID: 24790110

      Starting test: NetLogons
         [EXCHANGE] An net use or LsaPolicy operation failed with error 5, Acces
s is denied..
         ......................... SERVER failed test NetLogons
     
      Starting test: MachineAccount
         Could not open pipe with [SERVER]:failed with 5: Access is denied.
         Could not get NetBIOSDomainName
         Failed can not test for HOST SPN
         Failed can not test for HOST SPN
         * Missing SPN :(null)
         * Missing SPN :(null)
         ......................... SERVER failed test MachineAccount
      Starting test: Services
         Could not open Remote ipc to [SERVER]:failed with 5: Access is denied
.
         ......................... SERVER failed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER passed test ObjectsReplicated
      Starting test: frssysvol
         [SERVER ] An net use or LsaPolicy operation failed with error 5, Acces
s is denied..
         ......................... SERVER failed test frssysvol
      Starting test: frsevent
         ......................... SERVER failed test frsevent
      Starting test: kccevent
         Failed to enumerate event log records, error Access is denied.
         ......................... SERVER failed test kccevent
      Starting test: systemlog
         Failed to enumerate event log records, error Access is denied.
         ......................... SERVER failed test systemlog

DCDiag show these errors.
I add the server to domain. (not as ADC yet) then I start having problem.  so I tried to add new server as ADC. the new server added OK to the domain but I still having the same problem.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1500 total points
ID: 24795046
Check out this article
http://support.microsoft.com/kb/839499
You cannot open file shares or Group Policy snap-ins when you disable SMB signing for the Workstation or Server service on a domain controller
Are you also seeing those 1030 and 1058 events in your logs?
Thanks
Mike
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question