?
Solved

Processing Group Policy fails reading Sysvol on PDC EVID: 1058 E-code: 64 W2k8 server?

Posted on 2010-08-13
11
Medium Priority
?
2,632 Views
Last Modified: 2012-05-10
My server is dropping its network shares every couple of hours and as frequently as 5 - 20 minutes after startup now.  I migrated from another 2003 Server machine to this 2008 server 32bit machine last July.  Recently and becoming more frequently (Now just 5 to 20 minutes after a restart) I am getting the following error:

Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Date:          8/13/2010 3:12:19 PM
Event ID:      1058
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      SLMISERVER.SLMI
Description:
The processing of Group Policy failed. Windows attempted to read the file \\SLMI\sysvol\SLMI\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}" />
    <EventID>1058</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>1</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-13T19:12:19.593Z" />
    <EventRecordID>90849</EventRecordID>
    <Correlation ActivityID="{A4D1CA92-87D7-4BBA-9F26-76F05F750FB4}" />
    <Execution ProcessID="1044" ThreadID="3652" />
    <Channel>System</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SupportInfo1">4</Data>
    <Data Name="SupportInfo2">840</Data>
    <Data Name="ProcessingMode">0</Data>
    <Data Name="ProcessingTimeInMilliseconds">74802</Data>
    <Data Name="ErrorCode">64</Data>
    <Data Name="ErrorDescription">The specified network name is no longer available. </Data>
    <Data Name="DCName">SLMISERVER</Data>
    <Data Name="GPOCNName">CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=SLMI</Data>
    <Data Name="FilePath">\\SLMI\sysvol\SLMI\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini</Data>
  </EventData>
</Event>

Following this error all my network shares drop and no one can access shared folders on this server or network priinters attached to this server.  The strange thing is this server is also the PDC for the domain.  Can someone please help me with this?  People using this server are becoming increasingly frustrated because they keep loosing access to their network folders.  I am frustrated as well because the only way to restore access is to restart the server.  Thanks in advance for your help.
SLMI-PDC-dcdiag-on-GPO-errors.txt
0
Comment
Question by:itguyj_sl-america
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 3

Expert Comment

by:wingspin
ID: 33433410
It sounds like the Net Logon service is stopping.  Can you check and see if the service stops when everyone loses the shares?  

Also, check the remaining free space on the C: drive of the server.
0
 

Author Comment

by:itguyj_sl-america
ID: 33433594
I have about 48GB out of 68GB free on C drive.  

I am getting this Netlogin error around that time but it is involving a domain trust with another server on another domain:

Log Name:      System
Source:        NETLOGON
Date:          8/13/2010 4:01:05 PM
Event ID:      5783
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SLMISERVER.SLMI
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller \\sl_tnserver.SLTN.LLC for the domain SLTN is not responsive.  The current RPC call from Netlogon on \\SLMISERVER to \\sl_tnserver.SLTN.LLC has been cancelled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="NETLOGON" />
    <EventID Qualifiers="0">5783</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-13T20:01:05.000Z" />
    <EventRecordID>90859</EventRecordID>
    <Channel>System</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\\sl_tnserver.SLTN.LLC</Data>
    <Data>SLTN</Data>
    <Data>SLMISERVER</Data>
  </EventData>
</Event>


I am also getting this SLC error around the same time:

Log Name:      Application
Source:        Microsoft-Windows-Security-Licensing-SLC
Date:          8/13/2010 4:13:25 PM
Event ID:      12293
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SLMISERVER.SLMI
Description:
Publishing the Key Management Service (KMS) to DNS in the 'SLMI' domain failed.
Info:
hr=0x800705B4
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Licensing-SLC" Guid="{1FD7C1D2-D037-4620-8D29-B2C7E5FCC13A}" EventSourceName="Software Licensing Service" />
    <EventID Qualifiers="16384">12293</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-13T20:13:25.000Z" />
    <EventRecordID>40195</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security />
  </System>
  <EventData>
    <Data>hr=0x800705B4</Data>
    <Data>SLMI</Data>
  </EventData>
</Event>

I get this DHCP error around the same time:

Log Name:      System
Source:        Service Control Manager
Date:          8/13/2010 2:21:35 PM
Event ID:      7031
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SLMISERVER.SLMI
Description:
The DHCP Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7031</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-13T18:21:35.000Z" />
    <EventRecordID>90802</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">DHCP Server</Data>
    <Data Name="param2">1</Data>
    <Data Name="param3">120000</Data>
    <Data Name="param4">1</Data>
    <Data Name="param5">Restart the service</Data>
  </EventData>
</Ev

Here's yet another error SCM:

Log Name:      System
Source:        Service Control Manager
Date:          8/13/2010 3:31:51 PM
Event ID:      7011
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SLMISERVER.SLMI
Description:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the  service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7011</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-13T19:31:51.000Z" />
    <EventRecordID>90855</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">30000</Data>
    <Data Name="param2">
    </Data>
  </EventData>
</Event>

and of course I am getting this ESM warning:

Log Name:      System
Source:        Server Administrator
Date:          8/13/2010 2:21:59 PM
Event ID:      1553
Task Category: Instrumentation Service
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SLMISERVER.SLMI
Description:
Log size is near or at capacity
Log type: ESM
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Server Administrator" />
    <EventID Qualifiers="0">1553</EventID>
    <Level>3</Level>
    <Task>2</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-13T18:21:59.000Z" />
    <EventRecordID>90829</EventRecordID>
    <Channel>System</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Log size is near or at capacity
Log type: ESM</Data>
  </EventData>
</Event>

Sorry about all the error listings, I just wanted to be thorough.  Thanks again.
0
 

Author Comment

by:itguyj_sl-america
ID: 33433908
OK,  I just did this dcdiag 5 minutes ago and it looks much better.  Not sure why.  It will likely drop out in just a few minutes.  Please see attached dcdiag test.
SLMI-PDC-dcdiag-better.txt
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:itguyj_sl-america
ID: 33434126
OK, just checked the server and it's failing again.  See attached file.  Checked the performance monitor and the CPU is at 25 percent with the Windows NT Distributed File System service.

Here's the latest GP processing error regarding the failure reading Sysvol:

Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Date:          8/13/2010 6:06:37 PM
Event ID:      1058
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      SLMISERVER.SLMI
Description:
The processing of Group Policy failed. Windows attempted to read the file \\SLMI\sysvol\SLMI\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}" />
    <EventID>1058</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>1</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-13T22:06:37.643Z" />
    <EventRecordID>91031</EventRecordID>
    <Correlation ActivityID="{E9A22C9E-BE74-4C90-9BA4-8A7981F479D6}" />
    <Execution ProcessID="1044" ThreadID="3872" />
    <Channel>System</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SupportInfo1">4</Data>
    <Data Name="SupportInfo2">840</Data>
    <Data Name="ProcessingMode">0</Data>
    <Data Name="ProcessingTimeInMilliseconds">265389</Data>
    <Data Name="ErrorCode">64</Data>
    <Data Name="ErrorDescription">The specified network name is no longer available. </Data>
    <Data Name="DCName">SLMISERVER</Data>
    <Data Name="GPOCNName">CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=SLMI</Data>
    <Data Name="FilePath">\\SLMI\sysvol\SLMI\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini</Data>
  </EventData>
</Event>
SLMI-PDC-dcdiag-failing-again.txt
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 2000 total points
ID: 33437964
Remove any AV if you have any installed.

Make sure the DCs are pointing to only internal DNS servers and disable all NICs except for one run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix.
0
 

Author Comment

by:itguyj_sl-america
ID: 33453610
I tried all the suggestions previously mentioned.  I do have it where I am not getting any GP SYVOL read errros now.  One of the possible fixes was getting rid of Symantec NTP and PTP.  However, I am still having some residual effects I think.  Some people still cannot use a network shared printer through this server and some are still having trouble accessing network shared folders on this server.  I am getting the following errror:

Log Name:      System
Source:        Microsoft-Windows-DHCP-Server
Date:          8/17/2010 7:28:02 AM
Event ID:      1070
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SLMISERVER.SLMI
Description:
Iashlpr initialization failed: 1060, so DHCP server cannot talk to NPS server. It could be that IAS service is not started.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DHCP-Server" Guid="{6D64F02C-A125-4DAC-9A01-F0555B41CA84}" EventSourceName="DhcpServer" />
    <EventID Qualifiers="0">1070</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-17T11:28:02.000Z" />
    <EventRecordID>128216</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security />
  </System>
  <EventData>
    <Data>1060</Data>
    <Binary>24040000</Binary>
  </EventData>
</Event>

Any Ideas how to get rid of this error or is it unrelated?  I am also including a recent dcidiag.  
SLMI-PDC-dcdiag-8-17-10.txt
0
 
LVL 3

Expert Comment

by:wingspin
ID: 33454248
Disable IPv6
restart DHCP and DNS.

check this out.
http://technet.microsoft.com/en-us/library/cc726931(WS.10).aspx
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 2000 total points
ID: 33457291
Fully remove SEP from the system use the cleanwipe tool.
0
 

Author Comment

by:itguyj_sl-america
ID: 33459593
I had run cleanwipe earlier and removed SEP and things were running much better.  After reading on several Forums inclduding this one that SEP can play havic with Network shares.  As this is my main file server as well, I kind of wanted some Virus protection on it.  I heard that NTP and PTP are likely the main culprits with SEP.  So, I setup a new policy on the servers that only installed the Virus protection which seemed to be working until this afternoon when I started getting GP SYSVOL errors again.  

A noteworthy observation is that the dfssvc.exe file hogging about 75% of my servers CPU.  When I ended task on that service my Network shares and printers came back.  This is definately tied to the overall problem.  Looks like I will have to do what you have suggested and fully remove SEP with cleanwipe again in order to get this thing stabilized long term.  Thanks for everyone's suggestions.  If anyone has any ideas about the high CPU usage with dfssvc.exe outside the SEP issue, please let me know.  Otherwise, I will assume it is a side affect of the overall SEP issue.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33459721
You can try to run SEP with the most updated version of SEP but SEP still causing problems I now use McAfee.
0
 

Author Comment

by:itguyj_sl-america
ID: 33463483
Thanks I appreciate all your good advice dariusq.  Thanks again for eveyone's assistance.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question