the processing of group policy failed

Hi,

We suddenly have problems on our network.
I checked the logs and I see following error: (event id 1058
The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\{C8512DA8-FADF-478F-93F2-891595746498}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

I see this error on the client computer and on the server

Client: Windows7
Server: sbs2008

I performed a ipconfig /flushdns on the client machine, I checked the ip, dns,.. everything is ok.
What can be the problem here?

thx
techneitsolutionsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FemSteenkampCommented:
from client , can you browse to
\\domain.local\SysVol ?

on the sbs servers locally can you browse to
\\domain.local\SysVol\domain.local\Policies\{C8512DA8-FADF-478F-93F2-891595746498}\

what is teh permissions on the INI ???
0
techneitsolutionsAuthor Commented:
I am not able to browse the 2 folders??
0
techneitsolutionsAuthor Commented:
From the server I am able to connect to Sysvol but I do not have permissions to check the files below.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

FemSteenkampCommented:
the fact that on the SBS server itslef ou cannot browse to the SYSVOL share inidcate that there is problem creating teh share

look in eventlog, there should be errors as to why SYSVOL cannot be shared
0
techneitsolutionsAuthor Commented:
Ok, some folders I can browse but not all of them..

In the logs I cannot find anything about the Sysvol??

can you please help
0
techneitsolutionsAuthor Commented:
Also, I have 1 error in the logs who gives The specified network name is no longer available (for 1 GPOCNName) and at another one I get Access is denied.
0
FemSteenkampCommented:
I presume the SBS is hosting the DNS?  if so please change the machine to point to itself as primary DNS
then restart the netlogon service
0
techneitsolutionsAuthor Commented:
The SBS is dns and his Primary DNS is pointing to himself..
0
FemSteenkampCommented:
you restarted teh netlogon service?

and see if the sysvlo folder is shared?
0
techneitsolutionsAuthor Commented:
euhm, the problem started yesterday and then I restarted the server, then everything was fine, but the problem restarted this morning..

restarted the netlogon with no luck and sysvol is shared
0
AwinishCommented:
On sysvol by default there is read permission for authenticated user,full permission for system,admin.

You should see netlogon & sysvol share on dc & able to access,because GPO & scripts are kept which is contacted when any system logs on domain.

Check FRS log on dc.
On one of the dc run gpotool,exe on cmd(GPotool is available with resource kit tool download &  install on dc & check the health of GPO's.)
It can also happen C8512DA8-FADF-478F-93F2-891595746498 this GPO is corrupted.
0
techneitsolutionsAuthor Commented:
I ran gpotool and all the policies shows OK

How can I know which gpo is linked to the C8512DA8-FADF-478F-93F2-891595746498 and what can I do about it?

Rights on the sysvol are correct, except the Administrators group has Read permissions, this hasn't been changed..
0
techneitsolutionsAuthor Commented:
FRS is also ok, no errors
0
AwinishCommented:
You can use gpotool as well as gpmc tool to find out which is the GPO associated with above GUID.

If you put gpotool /? you will find the syntax.

i think its gpotool /{C8512DA8-FADF-478F-93F2-891595746498}

You can see thorugh GPMC also.

0
FemSteenkampCommented:
to find which GPO the failing gpo is

http://support.microsoft.com/kb/216359

use the cscript search.vbs section or use LDP tool
0
techneitsolutionsAuthor Commented:
It's resolved at this moment.
the rights in the GPO Manager screen were changed for some reason.
I had a notification to reset it to AD rights which I clicked Yes and everything was ok
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.