Group Policy issue - Event ID 1058

Posted on 2010-11-08
Last Modified: 2012-05-10

Have several machines on a network (less than half of them) that are having issues with group policy.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: Date
Time: Time
User: User_Name
Computer: Computer_Name
Description: Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domainname,DC=com . The file must be present at the location <\\\sysvol\\Policies\{31B2F340-016D-11D2-945F-00C04FB984 F9}\gpt.ini>. (Error_Message). Group Policy processing aborted. For more information, see Help and Support Center at

If i try and browse from the affected PC to that share location, i get: The network path was not found.

If i replace the domainname with the IP address of the SBS server, it works fine....

So DNS issue... well, i put a static entry into the hosts file, when i ping the domain name it resolves fine. Still cannot access the share by UNC.

Other network shares by UNC work fine, so that has me a little confused....

Question by:Superdata
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 34084380
Is the SBS server is set to use itself for primary DNS?  Are the affect clients using the SBS server for primary DNS?

Are the non-affected clients and affected clients getting different group policies?  On the SBS server, go to C:\Windows\SYSVOL\domain\Policies and verify the policy files exist.

Having to use the IP address makes me think the problem clients are not using the SBS as their DNS server.


Author Comment

ID: 34089319
"Is the SBS server is set to use itself for primary DNS,"

yes, with forwarders for external resolution.

"Are the affect clients using the SBS server for primary DNS? "

All clients on the network use the SBS Server for DNS. Many are not having issues.

"Are the non-affected clients and affected clients getting different group policies?"

On the SBS server, go to C:\Windows\SYSVOL\domain\Policies and verify the policy files exist.
They exist and as stated from the clients, browsing to \\ip address\sysvol\ etc works fine.

"Having to use the IP address makes me think the problem clients are not using the SBS as their DNS server."

DHCP is giving out the correct address, i have also statically set the DNS Server to the correct address and no change.

I have pulled one off the affected PCs off the domain and put it back on after deleting the computer account also, no change.

I have logged into the PC with domain administrator priv in a new profile, also no change.

What gets me, is that i can ping the domain name and it resolves to the server correctly. Slap in a UNC path into explorer and it cant resolve. This pointed me to file and print sharing, but its enabled, netbios is enabled too. Other UNC paths work.... whiskey tango foxtrot...

LVL 10

Expert Comment

ID: 34092150
I have also faced the same issue in our environment and below link resolved my issue. You can also try this its safe and really usefull but must take a backup of the registry before applying these registry settings.

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.


Author Comment

ID: 34100957
did not fix :(

noticed the netbios helper service is completely missing from the pc, not sure if this has something to do with it? netbios is enabled under the TCP/IP section.
LVL 10

Expert Comment

ID: 34101375
Try this once this is also helpfull.

Author Comment

ID: 34102024
Tried both parts, rebooted, no change :(

Author Comment

ID: 34102546
Fully patched windows manually, killed the antivirus, killed windows firewall, updated the driver for the wireless card.

What gets me, is that \\domaincontroller\sysvol = fine, \\ip\sysvol\ = fine, \\domain\sysvol\ doesnt work.
but when you ping the domain name it resolves. what does using the domain name in the unc path do differently?

The machine in question was in the last few months moved to a new domain name, from blehdom.local to bleh.local

after some testing tonight i have some new symptoms. It can only browse unc paths on machines that existed on the old domain (the DC has the same server name as the old server in the previous domain) our new SQL and TS Server shares cannot be seen by anything other than IP Address.

This has to be some form of strange DNS Issue.

Here is the print out of DNS from the machine:

Windows IP Configuration

Host name . . . . . . . . . . . . . : PC05
Primary DNS Suffix . . . . . . . : bleh.local    (correct)
Node Type. . . . . . . . . . . . . . : Hybrid
IP Routing . . . . . . . . . . . . . . : No
WINS Proxy Enabled . . . . .  : No
DNS Suffix Search List . . . . : bleh.local
.                                               BLEH.local      (why its got both has me a little confused, possibly the issue?)

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : BLEH.local
Description . . . . . . . . . . . . . . . . . : Linksys Wireless-G PCI Adaptor
Physical Address . . . . . . . . . . . . : 00-12-17-8A-A5-37
Dhcp Enabled . . . . . . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . . : Yes
IP Address . . . . . . . . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . . . . . . :
Default Gateway . . . . . . . . . . . . . :
DHCP Server . . . . . . . . . . . . . . . . :
DNS Servers . . . . . . . . . . . . . . . . :
Primary WINS Server. . . . . . . . . . :

I have cleaned out the hosts file, lmhosts etc


Author Comment

ID: 34102562
Sorry for the semi incoherent post, its getting late :P
LVL 28

Expert Comment

by:Michael Pfister
ID: 34109460
Maybe the WINS server got messed up. In most cases there is no more need to use WINS. For a test remove the WINS server config from a PC and recheck.
If its the problem and you can live without WINS, remove it from your DHCP config and remove WINS server from your SBS server.
If not, delete all entries the WINS database or at least check if the domain name netries point to the correct servers..

Author Comment

ID: 34194001
Removed wins settings, re-added, checked the entries were all correct on the server and no issue there that i can see.

Accepted Solution

Superdata earned 0 total points
ID: 34229052
OK - Here is the fix - after many many wasted hours.

Fully update the box, disjoin it from the domain,

Run -  to clear out the local security policy

rejoin domain, reboot, done (at least in my case)

what caused this issue i think, is that the old group policy from the previous domain was left hanging around and caused issues, running that clean up of the local security policy seems key, rejoining of the domain seemed to help on 1 of the machines, may not be required.

Author Closing Comment

ID: 34272641
no other answer comes close.

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question