Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Default Domain Policy missing

Avatar of Sean Doolan
Sean DoolanFlag for Ireland asked on
Windows Server 2003Active DirectoryMicrosoft Server OS
16 Comments1 Solution3597 ViewsLast Modified:
I am having an issue at a site I support and need some advise.

Site:
1 * Win 2K SP4 Server Standard DC running dhcp/dns/File & print
1 * Server 2003 Standard running Exchange 2003 Standard
6 * Member Servers running Win 2000 server or Win 2003 standard.
30 XP clients

Last week I went to install a new server 2003 R2  SP2 server to become the new
DC running dhcp/dns/File & print.

On the existing Win 2K Standard DC I ran from the Win 2003 R2 cd2
adprep /forestprep
adprep /domainprep

On the new 2003 R2 server
I added it as a member server to the domain and then I ran a Dcpromo on it and all seems to run fine.
On the new dc the Sysvol and the Netlogon folders were automatically created and shared and I can see the login scripts are in them.

I am getting an issue on the new 2003 Dc in the event log every 5 minutes.
Event ID: 1058
“Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Athlone,DC=local. The file must be present at the location <\\Athlone.local\sysvol\Athlone.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The system cannot find the path specified. ). Group Policy processing aborted.”

Looking from both servers at the Sysvol\sysvol\athlone.local\policies folder I do not see a folder called 31B2F340-016D-11D2-945F-00C04FB984F9, I do see another folder called A0CA9A6E-1944-46E7-4124178B1C9F.
When I go onto active directory on either DC I can access the GPO I have on the users OU but when I try to access the Domain Controllers – Default Domain Controllers  Policy to edit it I get an error “Failed to open the group policy object. You may not have the appropiate rights,the system cannot find the path specified.

Also when I try to access the Default Domain Policy I get the same errors.

I ran DCDIAG on the 2K DC and it comes back all fine.

Looking online for fixes I have come across:
1)      Using DCGPOFIX for Server 2003 to recreate the Default Domain Controllers  Policy
2)      Dcgpofix for server 2000 to recreate the Default Domain Controllers  Policy
I have read there can be issues after the 2 above of where “The Dcgpofix tool does not restore security settings in the Default Domain Controller Policy to their original state
OR
3)      http://support.microsoft.com/kb/315457  , this instructs me on “How to rebuild the SYSVOL tree and its content in a domain”
I have not moved over the 5 FSMO roles to the new DC as yet as I intend to retire the 2000 DC as its an old server.

So I may have 2 other options
a)      Move over the 5 roles onto the new DC and setup dhcp/dns and then try the DCGPOFIX
b)      Demote the new DC and then run the DCGPOFIX on the 2K Server.

I have read https://www.experts-exchange.com/articles/OS/Microsoft_Operating_Systems/Server/2003_Server/Diagnosing-and-repairing-Events-1030-and-1058.html
By ChiefIT

Any advise?
Thanks
James
ASKER CERTIFIED SOLUTION
Avatar of Awinish
AwinishFlag of India imageSenior Solution Architect

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 16 Comments.
See Answers