Processing Group Policy fails reading Sysvol on PDC EVID: 1058 E-code: 64 W2k8 server?

It sounds like the Net Logon service is stopping.  Can you check and see if the service stops when everyone loses the shares?  

Also, check the remaining free space on the C: drive of the server.

I have about 48GB out of 68GB free on C drive.  

I am getting this Netlogin error around that time but it is involving a domain trust with another server on another domain:

Log Name:      System
Source:        NETLOGON
Date:          8/13/2010 4:01:05 PM
Event ID:      5783
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SLMISERVER.SLMI
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller \\sl_tnserver.SLTN.LLC for the domain SLTN is not responsive.  The current RPC call from Netlogon on \\SLMISERVER to \\sl_tnserver.SLTN.LLC has been cancelled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="NETLOGON" />
    <EventID Qualifiers="0">5783</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-13T20:01:05.000Z" />
    <EventRecordID>90859</EventRecordID>
    <Channel>System</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\\sl_tnserver.SLTN.LLC</Data>
    <Data>SLTN</Data>
    <Data>SLMISERVER</Data>
  </EventData>
</Event>


I am also getting this SLC error around the same time:

Log Name:      Application
Source:        Microsoft-Windows-Security-Licensing-SLC
Date:          8/13/2010 4:13:25 PM
Event ID:      12293
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SLMISERVER.SLMI
Description:
Publishing the Key Management Service (KMS) to DNS in the 'SLMI' domain failed.
Info:
hr=0x800705B4
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Licensing-SLC" Guid="{1FD7C1D2-D037-4620-8D29-B2C7E5FCC13A}" EventSourceName="Software Licensing Service" />
    <EventID Qualifiers="16384">12293</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-13T20:13:25.000Z" />
    <EventRecordID>40195</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security />
  </System>
  <EventData>
    <Data>hr=0x800705B4</Data>
    <Data>SLMI</Data>
  </EventData>
</Event>

I get this DHCP error around the same time:

Log Name:      System
Source:        Service Control Manager
Date:          8/13/2010 2:21:35 PM
Event ID:      7031
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SLMISERVER.SLMI
Description:
The DHCP Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7031</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-13T18:21:35.000Z" />
    <EventRecordID>90802</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">DHCP Server</Data>
    <Data Name="param2">1</Data>
    <Data Name="param3">120000</Data>
    <Data Name="param4">1</Data>
    <Data Name="param5">Restart the service</Data>
  </EventData>
</Ev

Here's yet another error SCM:

Log Name:      System
Source:        Service Control Manager
Date:          8/13/2010 3:31:51 PM
Event ID:      7011
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SLMISERVER.SLMI
Description:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the  service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7011</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-13T19:31:51.000Z" />
    <EventRecordID>90855</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">30000</Data>
    <Data Name="param2">
    </Data>
  </EventData>
</Event>

and of course I am getting this ESM warning:

Log Name:      System
Source:        Server Administrator
Date:          8/13/2010 2:21:59 PM
Event ID:      1553
Task Category: Instrumentation Service
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SLMISERVER.SLMI
Description:
Log size is near or at capacity
Log type: ESM
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Server Administrator" />
    <EventID Qualifiers="0">1553</EventID>
    <Level>3</Level>
    <Task>2</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-13T18:21:59.000Z" />
    <EventRecordID>90829</EventRecordID>
    <Channel>System</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Log size is near or at capacity
Log type: ESM</Data>
  </EventData>
</Event>

Sorry about all the error listings, I just wanted to be thorough.  Thanks again.

OK,  I just did this dcdiag 5 minutes ago and it looks much better.  Not sure why.  It will likely drop out in just a few minutes.  Please see attached dcdiag test.
SLMI-PDC-dcdiag-better.txt

OK, just checked the server and it's failing again.  See attached file.  Checked the performance monitor and the CPU is at 25 percent with the Windows NT Distributed File System service.

Here's the latest GP processing error regarding the failure reading Sysvol:

Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Date:          8/13/2010 6:06:37 PM
Event ID:      1058
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      SLMISERVER.SLMI
Description:
The processing of Group Policy failed. Windows attempted to read the file \\SLMI\sysvol\SLMI\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}" />
    <EventID>1058</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>1</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-13T22:06:37.643Z" />
    <EventRecordID>91031</EventRecordID>
    <Correlation ActivityID="{E9A22C9E-BE74-4C90-9BA4-8A7981F479D6}" />
    <Execution ProcessID="1044" ThreadID="3872" />
    <Channel>System</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SupportInfo1">4</Data>
    <Data Name="SupportInfo2">840</Data>
    <Data Name="ProcessingMode">0</Data>
    <Data Name="ProcessingTimeInMilliseconds">265389</Data>
    <Data Name="ErrorCode">64</Data>
    <Data Name="ErrorDescription">The specified network name is no longer available. </Data>
    <Data Name="DCName">SLMISERVER</Data>
    <Data Name="GPOCNName">CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=SLMI</Data>
    <Data Name="FilePath">\\SLMI\sysvol\SLMI\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini</Data>
  </EventData>
</Event>
SLMI-PDC-dcdiag-failing-again.txt

I tried all the suggestions previously mentioned.  I do have it where I am not getting any GP SYVOL read errros now.  One of the possible fixes was getting rid of Symantec NTP and PTP.  However, I am still having some residual effects I think.  Some people still cannot use a network shared printer through this server and some are still having trouble accessing network shared folders on this server.  I am getting the following errror:

Log Name:      System
Source:        Microsoft-Windows-DHCP-Server
Date:          8/17/2010 7:28:02 AM
Event ID:      1070
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SLMISERVER.SLMI
Description:
Iashlpr initialization failed: 1060, so DHCP server cannot talk to NPS server. It could be that IAS service is not started.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DHCP-Server" Guid="{6D64F02C-A125-4DAC-9A01-F0555B41CA84}" EventSourceName="DhcpServer" />
    <EventID Qualifiers="0">1070</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-17T11:28:02.000Z" />
    <EventRecordID>128216</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>SLMISERVER.SLMI</Computer>
    <Security />
  </System>
  <EventData>
    <Data>1060</Data>
    <Binary>24040000</Binary>
  </EventData>
</Event>

Any Ideas how to get rid of this error or is it unrelated?  I am also including a recent dcidiag.  
SLMI-PDC-dcdiag-8-17-10.txt

Disable IPv6
restart DHCP and DNS.

check this out.
http://technet.microsoft.com/en-us/library/cc726931(WS.10).aspx

I had run cleanwipe earlier and removed SEP and things were running much better.  After reading on several Forums inclduding this one that SEP can play havic with Network shares.  As this is my main file server as well, I kind of wanted some Virus protection on it.  I heard that NTP and PTP are likely the main culprits with SEP.  So, I setup a new policy on the servers that only installed the Virus protection which seemed to be working until this afternoon when I started getting GP SYSVOL errors again.  

A noteworthy observation is that the dfssvc.exe file hogging about 75% of my servers CPU.  When I ended task on that service my Network shares and printers came back.  This is definately tied to the overall problem.  Looks like I will have to do what you have suggested and fully remove SEP with cleanwipe again in order to get this thing stabilized long term.  Thanks for everyone's suggestions.  If anyone has any ideas about the high CPU usage with dfssvc.exe outside the SEP issue, please let me know.  Otherwise, I will assume it is a side affect of the overall SEP issue.

You can try to run SEP with the most updated version of SEP but SEP still causing problems I now use McAfee.

Thanks I appreciate all your good advice dariusq.  Thanks again for eveyone's assistance.