[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Group Policy issue - Event ID 1058

Posted on 2010-11-08
Medium Priority
Last Modified: 2012-05-10

Have several machines on a network (less than half of them) that are having issues with group policy.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: Date
Time: Time
User: User_Name
Computer: Computer_Name
Description: Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domainname,DC=com . The file must be present at the location <\\domainname.com\sysvol\domainname.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984 F9}\gpt.ini>. (Error_Message). Group Policy processing aborted. For more information, see Help and Support Center at http://support.microsoft.com.

If i try and browse from the affected PC to that share location, i get: The network path was not found.

If i replace the domainname with the IP address of the SBS server, it works fine....

So DNS issue... well, i put a static entry into the hosts file, when i ping the domain name it resolves fine. Still cannot access the share by UNC.

Other network shares by UNC work fine, so that has me a little confused....

Question by:Superdata

Expert Comment

ID: 34084380
Is the SBS server is set to use itself for primary DNS?  Are the affect clients using the SBS server for primary DNS?

Are the non-affected clients and affected clients getting different group policies?  On the SBS server, go to C:\Windows\SYSVOL\domain\Policies and verify the policy files exist.

Having to use the IP address makes me think the problem clients are not using the SBS as their DNS server.


Author Comment

ID: 34089319
"Is the SBS server is set to use itself for primary DNS,"

yes, with forwarders for external resolution.

"Are the affect clients using the SBS server for primary DNS? "

All clients on the network use the SBS Server for DNS. Many are not having issues.

"Are the non-affected clients and affected clients getting different group policies?"

On the SBS server, go to C:\Windows\SYSVOL\domain\Policies and verify the policy files exist.
They exist and as stated from the clients, browsing to \\ip address\sysvol\ etc works fine.

"Having to use the IP address makes me think the problem clients are not using the SBS as their DNS server."

DHCP is giving out the correct address, i have also statically set the DNS Server to the correct address and no change.

I have pulled one off the affected PCs off the domain and put it back on after deleting the computer account also, no change.

I have logged into the PC with domain administrator priv in a new profile, also no change.

What gets me, is that i can ping the domain name and it resolves to the server correctly. Slap in a UNC path into explorer and it cant resolve. This pointed me to file and print sharing, but its enabled, netbios is enabled too. Other UNC paths work.... whiskey tango foxtrot...

LVL 10

Expert Comment

ID: 34092150
I have also faced the same issue in our environment and below link resolved my issue. You can also try this its safe and really usefull but must take a backup of the registry before applying these registry settings.



NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.


Author Comment

ID: 34100957
did not fix :(

noticed the netbios helper service is completely missing from the pc, not sure if this has something to do with it? netbios is enabled under the TCP/IP section.
LVL 10

Expert Comment

ID: 34101375
Try this once this is also helpfull.


Author Comment

ID: 34102024
Tried both parts, rebooted, no change :(

Author Comment

ID: 34102546
Fully patched windows manually, killed the antivirus, killed windows firewall, updated the driver for the wireless card.

What gets me, is that \\domaincontroller\sysvol = fine, \\ip\sysvol\ = fine, \\domain\sysvol\ doesnt work.
but when you ping the domain name it resolves. what does using the domain name in the unc path do differently?

The machine in question was in the last few months moved to a new domain name, from blehdom.local to bleh.local

after some testing tonight i have some new symptoms. It can only browse unc paths on machines that existed on the old domain (the DC has the same server name as the old server in the previous domain) our new SQL and TS Server shares cannot be seen by anything other than IP Address.

This has to be some form of strange DNS Issue.

Here is the print out of DNS from the machine:

Windows IP Configuration

Host name . . . . . . . . . . . . . : PC05
Primary DNS Suffix . . . . . . . : bleh.local    (correct)
Node Type. . . . . . . . . . . . . . : Hybrid
IP Routing . . . . . . . . . . . . . . : No
WINS Proxy Enabled . . . . .  : No
DNS Suffix Search List . . . . : bleh.local
.                                               BLEH.local      (why its got both has me a little confused, possibly the issue?)

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : BLEH.local
Description . . . . . . . . . . . . . . . . . : Linksys Wireless-G PCI Adaptor
Physical Address . . . . . . . . . . . . : 00-12-17-8A-A5-37
Dhcp Enabled . . . . . . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . . : Yes
IP Address . . . . . . . . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . . . . . . :
Default Gateway . . . . . . . . . . . . . :
DHCP Server . . . . . . . . . . . . . . . . :
DNS Servers . . . . . . . . . . . . . . . . :
Primary WINS Server. . . . . . . . . . :

I have cleaned out the hosts file, lmhosts etc


Author Comment

ID: 34102562
Sorry for the semi incoherent post, its getting late :P
LVL 29

Expert Comment

by:Michael Pfister
ID: 34109460
Maybe the WINS server got messed up. In most cases there is no more need to use WINS. For a test remove the WINS server config from a PC and recheck.
If its the problem and you can live without WINS, remove it from your DHCP config and remove WINS server from your SBS server.
If not, delete all entries the WINS database or at least check if the domain name netries point to the correct servers..

Author Comment

ID: 34194001
Removed wins settings, re-added, checked the entries were all correct on the server and no issue there that i can see.

Accepted Solution

Superdata earned 0 total points
ID: 34229052
OK - Here is the fix - after many many wasted hours.

Fully update the box, disjoin it from the domain,

Run - http://support.microsoft.com/kb/313222  to clear out the local security policy

rejoin domain, reboot, done (at least in my case)

what caused this issue i think, is that the old group policy from the previous domain was left hanging around and caused issues, running that clean up of the local security policy seems key, rejoining of the domain seemed to help on 1 of the machines, may not be required.

Author Closing Comment

ID: 34272641
no other answer comes close.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question