• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1392
  • Last Modified:

Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9}

Hi,

I have one machine that won't log on to my profile and gives the following errors:

1058
1030

Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9}

I can access the .ini file in sysvol and this is only occurring on one machine. I can log into the same profile on any other machine.

Further to this I am also getting the same message on the DC

1058
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=letterpart,DC=local. The file must be present at the location <\\letterpart.local\sysvol\letterpart.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

1030
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

and again, I can access the .ini file in sysvol

Another problem I have is that when I try and edit any GPO in GPM, I sometimes can't edit them and I get an error message about permissions. It is working now so I can't replicate this and provide the error message.
0
Letterpart
Asked:
Letterpart
4 Solutions
 
JaoibhCommented:
if its one machine
I'd take it off the domain and put it back on again.
This will reset the permissions and hopefully resolve your problem
0
 
Carol ChisholmCommented:
http://support.microsoft.com/kb/888943?

These are really fiddly ones to resolve.
0
 
Mike KlineCommented:
Could be a lot of things GPO permissions, DNS, network, to name a few


Take a look at these two articles

http://support.microsoft.com/kb/887303

http://www.experts-exchange.com/articles/OS/Microsoft_Operating_Systems/Server/2003_Server/Diagnosing-and-repairing-Events-1030-and-1058.html
Good EE article by Chief IT

I'd try the dfsutil /purgemupcache first and see if that helps (i've had luck with it on a few boxes in the past)

Thanks

Mike
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
jlanderson1Commented:
Honestly, if you have more than one DC, the easiest thing to do is to copy the GPO from SYSVOL on one server to the other.  Just overwrite the GPO (31B2F340-016D-11D2-945F-00C04FB984F9).  This is the fastest easiest way.
0
 
LetterpartAuthor Commented:
Have done a bit more digging.

Firstly, this one machine that is having problems will not connect to the domain so I changed its name and then re-joined and I can now see it in AD. I still can't load any profiles on that machine but I am not worried about that just now.

Secondly, my 1030 1058 errors are happening every 5 minutes which is pointing to a server-server issue rather than client.

Thirdly, I ran a dcdiag /test:netlogons and everything came back ok. But when I run a DCdiag /test:DNS I get a stack of errors with my DNS.

Testing server: Reigate\APPSERV1

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : letterpart
   
   Running enterprise tests on : letterpart.local
      Starting test: DNS
         Test results for domain controllers:
           
            DC: APPSERV1.letterpart.local
            Domain: letterpart.local

                 
               TEST: Basic (Basc)
                  Warning: adapter [00000007] Intel(R) PRO/1000 MT Server Adapter has invalid DNS server: 192.168.1.100 (<name unavailable>)                  Warning: adapter [00000007] Intel(R) PRO/1000 MT Server Adapter has invalid DNS server: 192.168.1.210 (<name unavailable>)
                  Error: all DNS servers are invalid
               
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network adapters
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 192.168.1.100 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.100
               
            DNS server: 192.168.1.210 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.210
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: letterpart.local
               APPSERV1                     PASS FAIL PASS PASS PASS FAIL n/a  
         
         ......................... letterpart.local failed test DNS


192.168.1.100 is APPSERV1 and has been my Domain Controller DNS Server for years now. DC1 is a fairly new VM Domain Controller and DNS server and has been fine for about 3 months.

##########################################################

Obviously I have some DNS issues here which require resolving


0
 
JaoibhCommented:
Hey, DNS problems are fairly easy to fix.

At least you know this is more than likely the problem.

Firstly any Domain controller is a DNS server
so you to fix your problems first thing to do is make sure your DNS Servers point to themselves as the primary DNS server

Then go into DNS and setup your pointers and test them.







DNS-config.JPG
DNS-config1.JPG
DNS-config2.JPG
0
 
JaoibhCommented:
I assume you use a DHCP for your Desktop machines.
Double check your DNS settings are as follows.
Your Primary domain controller should be the primary DNS server for your clients.
any other domain controller or DNS server should be the Alternate

DNS-config-client.JPG
0
 
LetterpartAuthor Commented:
Hi Jaoibh,

my DNS settings are correct.

When I ran the simple and recursive test, the simple failed and recursive passed.
0
 
JaoibhCommented:
I'd suggest making manual "New Host (A)" on the DNS server for
DNS server: 192.168.1.100 (<name unavailable>)
             
DNS server: 192.168.1.210 (<name unavailable>)

Perhaps this will clear the error. Although these should have been automatically generated.

D
0
 
LetterpartAuthor Commented:
I already have A records for the DNS servers and NS records as well for both Appserv1 and dc1

Just out of interest...
I rebooted my DC1 and now when I run dcdiag /test:DNS it passes all tests. BUT when I run the test from monitoring in dnsmgmt it fails both tests.

0
 
JaoibhCommented:
Strange one

Can you try and Ping both of the DNS IP forwarders you are using?
Anything else in your DNS Event Viewer?
0
 
LetterpartAuthor Commented:
I can ping both servers ok and there is nothing else at all in my event logs.

BTW, I have reinstalled the computer that failed to load my profile and it is now working. So that is ok.

I'm now stuck on these very odd DNS dcdiag issues
0
 
LetterpartAuthor Commented:
Fixed!

A reboot sorted this issue out. Very odd and will just put down to Windows.

We still have DNS issue for which I have another open question: http://www.experts-exchange.com/Software/Server_Software/Q_26443951.html

I'm going to award points to everyone that helped.

Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now