AutoEnrollment error in Event Viewer "Application"

I am getting this error on my domain work stations in Event Viewer.  My DC is server 2003 standard, it is handeling AD/DNS/DHCP.  I haven't had much luck searching out answers  
Any help is appreciated.

Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
timeckelAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

elawadCommented:
Do you have certification authority in your environment? and also check your DNS server if it has any error and if it fucntions correctly.
0
timeckelAuthor Commented:
DNS has no errors in the Event viewer under DNS.  when I run an nslookup from my WS it does point to my DC.  Running Netdiag from the DC all tests seem to pass as well.  I am not running cert authority.
0
timeckelAuthor Commented:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.  Error 1030 on DC

Error 1058 on DC
Windows cannot access the file gpt.ini for GPO cn={A05F193F-17BE-4CB3-BCB8-1A42B41925D5},cn=policies,cn=system,DC=mydomain,DC=local. The file must be present at the location <\\mydomain.local\SysVol\mydomain.local\Policies\{A05F193F-17BE-4CB3-BCB8-1A42B41925D5}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.
0
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

elawadCommented:
ok so you have a group policy error that might cause  the prevention of group policy deployment in your enviroment. copy and paste the following in your DC run command \mydomain.local\SysVol\mydomain.local\Policies\ and check if you have folder with the following number  {A05F193F-17BE-4CB3-BCB8-1A42B41925D5}at this location, if not go to your group ploicy managment console and search for this policy and remove it after doing this try the gpupdate /force command and see if the error resolved then try to ass the policy again. by the way if you have more than one DC check for any replication error also.
0
timeckelAuthor Commented:
yes that folder exists, I do have another dc i put on the domain last week.  The event viewer on that is clear fyi.  I ran adsiedit and found the only difference in my policy path in question compared to my other 5 was the "s" in sysvol was a capital letter.  I will perform the rest of your requests tomorrow morning and see what happens.  

thank you.

any idea on that automatic cert enrollment from my first post?  That has me thrown a bit.
0
elawadCommented:
i need you to do the elimination of the group policy error and try if the autoenrollement error persists. good luck
0
timeckelAuthor Commented:
I deleted the policy "which I should have from the start" and held off on recreating.  I checked event viewer 15 min. later and noticed now the last policy again which is my SUS server is trowing the same event error.  
0
elawadCommented:
do you mean that you recreated the same policy ??and it throws the same error? and when you deleted the policy and before creating it again did you have the same error?
0
timeckelAuthor Commented:
What I did was deleted the policy that was throwing the error, waited 10 or 15 min before doing anything checked event viewer and my next policy at the bottom which is for my SUS server is now throwing the same error.  I have 5 policy's    #5 was throwing the error and I deleted and now #4 is throwing the same error.  I am sure if I delete that #3 will be the same.  I'M stumped.
0
elawadCommented:
could you do gpupdate /force on any client pc at your enviroment and see if any error shows up
0
timeckelAuthor Commented:
I just did an no errors.  It appears that at this time the policies are being pushed and running just fine.
0
elawadCommented:
ok so what about your first error the enrollment does it still persists?
0
timeckelAuthor Commented:
Yes I am, but only on a few machines.
0
elawadCommented:
and have you updated the policy on those mashines as well?? you mean some of the machines you were encountering the error on them are now error free? you can also run group policy results wizard from the GPMC on your DC for those specific mashines and see if there exists any other group policy that is causing error.
0
timeckelAuthor Commented:
according to GPMC today it is still telling me that the policies ran.  under policy events I am getting a mess of  1054, 1517 and 1000 errors.  

1054
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

1000
Could not execute the following script login.bat. The system cannot find the file specified.

1517
Windows saved user domain\username registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

Yet the users has the policies

login.bat doesn't run everytime for him.
0
elawadCommented:
is your DNS server running good, if you run the nslookup command what do you get ?
0
timeckelAuthor Commented:
that was my first thought before I posted but when I run nslookup on a machine in question nslookup points right to my DC.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\user>nslookup
Default Server:  dc.domain.local
Address:  192.168.1.250

> dc
Server:  dc.domain.local
Address:  192.168.1.250

Name:    dc.domain.local
Address:  192.168.1.250

>
0
timeckelAuthor Commented:
I have 2 built in NICs on this HP server "my dc" maybe I should try switching NIC's and see what happens?  That would be too easy.
0
timeckelAuthor Commented:
1006
Windows cannot bind to cobey.local domain. (Invalid Credentials). Group Policy processing aborted.


1030
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
0
elawadCommented:
if this error on a certain machine, try to disjoin and rejoin this machine to the domain.
0
timeckelAuthor Commented:
will do.
0
timeckelAuthor Commented:
no luck.
0
elawadCommented:
what did you succefully disjoin and rejoing the PC?
0
timeckelAuthor Commented:
Yes but I noticed the errors still exist after rejoining to the domain.
0
timeckelAuthor Commented:
I keep thinking this is DNS but yet nslookup is fine etc.
0
elawadCommented:
ok, so if the join to the domain was succesful that means your contacting your DC and your DNS is working fine. i need you to run gpresult modeling wizard from the GPmanagment console on one of these machines and see what group policy is causing the error.
0
timeckelAuthor Commented:
Is this what your looking for?

Denied GPOshide
Name Link Location Reason Denied
Local Group Policy Local Empty
Firewall domain.local Empty
0
elawadCommented:
no dear please open your group policy managment console on your DC at the buttom you wil see a filed called group policy modeling wizard right click on it and start new wizard follow the wizard and insert the pc your having error from when asking about computer then after finishing you will have a report about all of the group policy applied to this computer, check if you have a red x in front of any policy.
0
timeckelAuthor Commented:
thats what I did, no red x's.
0
elawadCommented:
that means that all of your group policy are applied with no error on this computer at  least , can you please restate the problem you are now facing?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
timeckelAuthor Commented:
I'M getting the errors in event viewer listed above on about 15 machines on the domain.  I am of course giving you the GPMC details of a machine that is throwing these errors.  login.bat is running sporatic on these machines, sometimes the script runs and other times it will not.  It does look like the policies are being pushed but why the errors and the login.bat script issues for drive mappings?  The handfull of machines are also getting Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
0
timeckelAuthor Commented:
thanks for trying.
0
elawadCommented:
Thanks for you hope i can resolve ur issue
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.