Solved

userenv event error 1058 and 1030 causing primary Domain controller to crash

Posted on 2010-08-26
9
971 Views
Last Modified: 2012-06-27
We are running Window Server 2003-

We are getting userenv error 1058:

Windows cannot access the file gpt.ini for GPO cn={4CB2BC94-186C-4D1B-A557-0E04488514CB},cn=policies,cn=system,DC=cvn75,DC=navy,DC=mil. The file must be present at the location <\\DomainName\sysvol\DomainName\Policies\{4CB2BC94-186C-4D1B-A557-0E04488514CB}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

And userenv error 1030:

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

We get these errors many times and our primary DC is cut from the network. Roaming profiles are stored on this server so this creates MANY problem.  It doesn't happen very often but it helps to know how to fix it.

-thank you-
0
Comment
Question by:Josef Al-Chacar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 3

Expert Comment

by:Emileneth
ID: 33538083
If your server is cut of the network entirely by no apparent reason it may be a Confiker issue, so check your stations for this threats that attacks the network components of several windows versions
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33538198
It could be but i'm also a trouble call tech and ive never seen this issue on a workstation.  I really don't think it's any type of worm.
0
 
LVL 3

Expert Comment

by:Emileneth
ID: 33538338
There are 3 states in wich the attack from Confiker class variants, does different things

In my experience with this type

1) The OS is completly vulnerable, transparently it infects and sends its copies via SMTP

2) The OS is partialy resistant, the hack attempt to the IP component makes the process crash and the system is cut off the network, you can tell this because the service called "Server" is down

3) The OS is fully resistant, and and only gets infected when the Windows Firewall is intentionaly disabled

This is just a hint, when you get the trouble, check on the state of the service processes, and analize the server performance, for more clues
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 22

Expert Comment

by:Paka
ID: 33538512
1058 and 1030 errors are usually due to resource exhaustion issues (be it viral or other problem).  Use Task Manager or Performance Monitor and look at a handle consumption and PTEs.  If the handle consumption is high, look at the process that's consuming it and consider re-installing that application if possible.  If your PTEs are low (<5000), then you should look at tuning your memory.  

Here are some additional questions that will help us resolve your 1058/1030 issues:
What version (x64/x86) of Windows are you running?  
Are you using the /3GB switch?  
What other services are running on this box?
How frequently do these errors occur?
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33538628
We have x86

As far as i know we have 1gb switch

AD, Symantec AV (a prime cause for many of our problems.) Roaming profiles are stored here
The error only occurs about once every 2 months but we end up having to reboot the primary DC to fix the problem.

I'm in the military so any system downtime is critical.
0
 
LVL 22

Expert Comment

by:Paka
ID: 33538661
It definitely sounds like a resource leak and not a viral issue.  Use the steps I identified earlier to check handle and PTE use.  Since it is a slow leak, you'll have to monitor it over a couple days to find the source.  By chance are you running HP Open View or Hercules?
0
 
LVL 3

Expert Comment

by:Emileneth
ID: 33538744
I agree that it's very possible to be a resource leak.

On the other side, a reinstall is not likely to solve the issue, as a licking software does it, because a design flaw. If you happen to identify any process that progresively hogs resources, you may start to consider a clustered fail-over implementation with a scheduled downtime on each node, wich will likely need to replace or upgrade that application.

For any critical service, its almost mandatory to use some cluster cloud computing.
Scheduled downtimes are a tradition in pre-cloud application services, there is now something better, use it.

In my experiences with leaking services, the entire system reboots when it is unable to assign more resources to even for the most critical windows components, and I cannot simply change the service, it's corporation mandatory, i only restart at scheduled intervals and await for the headquarters to send me a newer (hopefully corrected) software. This things are most commonly associated with software designed with old techniques and or compilers, and developers, if you have the direct contact with them, most of the time dont want to acknowledge their soft is buggy. An if they do recognize any bug they will only offer you their new version at its corresponding upgrade cost, and no guarranties.
0
 
LVL 3

Author Comment

by:Josef Al-Chacar
ID: 33539403
Thank you both

I will look in to this tonight. Ill let you know what i find out. I have debugdiag.exe which tests for leaky services so i'll take a look

It may be a while for a response. i work the night shift
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 125 total points
ID: 33542766
I actually wrote an article on how to troubleshoot this and fix it. The article needs some editing. I hope this helps:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_1073-Diagnosing-and-repairing-Events-1030-and-1058.html
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question