Go Premium for a chance to win a PS4. Enter to Win


Windows cannot perform filter check for Group Policy object CN=.....

Posted on 2010-11-18
Medium Priority
Last Modified: 2012-05-10
  I'm on a client site and seeing error

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1065
Date:            11/18/2010
Time:            5:19:28 PM
User:            NT AUTHORITY\SYSTEM
Computer:      <ServerName>
Windows cannot perform filter check for Group Policy object CN={D8C6DA27-22B2-47CD-9436-35150F6F0B36},CN=Policies,CN=System,DC=<MyDOmainName>,DC=local. Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1030
Date:            11/18/2010
Time:            5:19:28 PM
User:            NT AUTHORITY\SYSTEM
Computer:      <ServerName>
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I can browse the \\\sysvol\<MyDomainName>\Policies\{D8C6DA27-22B2-47CD-9436-35150F6F0B36} folder. by loopback, internal IP, and by Name.

DNS seems to be installed and working.  
Users\Workstations are not having policy issues.

the GPT.ini says:
displayName=Small Business Server Internet Connection Firewall

tThe internet connection wizard won't run without failing, but isn't generating errors in the log that seem to lead anywhere, the icw log also seems to be little help the first errors it shows is:

Error 0x80080005 returned from call to Getting IP address for the LAN NIC().
Error 0x80080005 returned from call to Reading in the LAN NIC info().
Error 0x80080005 returned from call to CNetCommit::Common().
Error 0x80080005 returned from call to CNetCommit::Commit().

it seems like a security error or DNS problem but I just can't seem to figure this out.

Question by:R. Andrew Koffron
  • 3
  • 2

Expert Comment

ID: 34170278

Can you verify if you have correct permissions on the sysvol share por this Group Policy folder?
Take a look at this link, it show exactly what are the permisisons that have to be there:

And, do you have any error on FRS at the domain controllers? How much Doman Controllers do you have there on your structure?
LVL 16

Author Comment

by:R. Andrew Koffron
ID: 34170666
Security is right.

It's an SBS 2003 server, Only Server in the internal Physical Network Segament but other servers on the outside interface (shouldn't effect anything).

LVL 13

Accepted Solution

NarendraG earned 2000 total points
ID: 34170697
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 16

Assisted Solution

by:R. Andrew Koffron
R. Andrew Koffron earned 0 total points
ID: 34174529
here's what I ended up with but that article definitely pointed me in the right direction.

after some research on WMI here's the steps that seemed to be the most directly effective.

run each line individually, or put a pause after each line in a batch file, several of the commands showed some failures on line 16-55 but it still fixed my WMI issues

stop winmgmt service, and rename the windows\system32\wbem\repository folder.start winmgmt

rundll32.exe setupapi,InstallHinfSection WBEM 132 %windir%\inf\wbemoc.inf
 *pull needed files from C:\windows\servicepackfiles\i386
rundll32 wbemupgd, RepairWMISetup

loaded the following script I found at http://www.mrtweak.com/windows-servers/exchange-wmi-errors-wmi-repository-clear-reinstall-script/
(took some troubleshooting added the exchange lines. the "for" statements puked and had to be run manually I inserted pauses after each line just in case so I was able to troubleshoot each line as it fired)
net stop exmgmt
net stop winmgmt
cd %windir%\system32\wbem
rd /S /Q repository
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mfl
for /f %%s in (’dir /b /s *.dll’) do regsvr32 /s %%s
for /f %%s in (’dir /b *.mof’) do mofcomp %%s
for /f %%s in (’dir /b *.mfl’) do mofcomp %%s
mofcomp -n:root\cimv2\applications\exchange wbemcons.mof
mofcomp -n:root\cimv2\applications\exchange smtpcons.mof
mofcomp exmgmt.mof
mofcomp exwmi.mof
net start winmgmt
net start exmgmt
logged in to a pretty clean event log, Group Policies Applied. and apparently most the other errors I was seeing that looked totally unrelated where also effected by the WMI domino effect.

I'm going to assign points to narendraG but wanted to put more details into the EE question.
LVL 16

Author Closing Comment

by:R. Andrew Koffron
ID: 34203695
NarendraG Points: 500  Best Solution
pointed me at the fix but his comment had no details.
LVL 13

Expert Comment

ID: 34211932

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question