Windows cannot perform filter check for Group Policy object CN=.....

Posted on 2010-11-18
Medium Priority
Last Modified: 2012-05-10
  I'm on a client site and seeing error

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1065
Date:            11/18/2010
Time:            5:19:28 PM
User:            NT AUTHORITY\SYSTEM
Computer:      <ServerName>
Windows cannot perform filter check for Group Policy object CN={D8C6DA27-22B2-47CD-9436-35150F6F0B36},CN=Policies,CN=System,DC=<MyDOmainName>,DC=local. Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1030
Date:            11/18/2010
Time:            5:19:28 PM
User:            NT AUTHORITY\SYSTEM
Computer:      <ServerName>
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I can browse the \\\sysvol\<MyDomainName>\Policies\{D8C6DA27-22B2-47CD-9436-35150F6F0B36} folder. by loopback, internal IP, and by Name.

DNS seems to be installed and working.  
Users\Workstations are not having policy issues.

the GPT.ini says:
displayName=Small Business Server Internet Connection Firewall

tThe internet connection wizard won't run without failing, but isn't generating errors in the log that seem to lead anywhere, the icw log also seems to be little help the first errors it shows is:

Error 0x80080005 returned from call to Getting IP address for the LAN NIC().
Error 0x80080005 returned from call to Reading in the LAN NIC info().
Error 0x80080005 returned from call to CNetCommit::Common().
Error 0x80080005 returned from call to CNetCommit::Commit().

it seems like a security error or DNS problem but I just can't seem to figure this out.

Question by:R. Andrew Koffron
  • 3
  • 2

Expert Comment

ID: 34170278

Can you verify if you have correct permissions on the sysvol share por this Group Policy folder?
Take a look at this link, it show exactly what are the permisisons that have to be there:

And, do you have any error on FRS at the domain controllers? How much Doman Controllers do you have there on your structure?
LVL 16

Author Comment

by:R. Andrew Koffron
ID: 34170666
Security is right.

It's an SBS 2003 server, Only Server in the internal Physical Network Segament but other servers on the outside interface (shouldn't effect anything).

LVL 13

Accepted Solution

NarendraG earned 2000 total points
ID: 34170697
7 new features that'll make your work life better

It’s our mission to create a product that solves the huge challenges you face at work every day. In case you missed it, here are 7 delightful things we've added recently to monday to make it even more awesome.

LVL 16

Assisted Solution

by:R. Andrew Koffron
R. Andrew Koffron earned 0 total points
ID: 34174529
here's what I ended up with but that article definitely pointed me in the right direction.

after some research on WMI here's the steps that seemed to be the most directly effective.

run each line individually, or put a pause after each line in a batch file, several of the commands showed some failures on line 16-55 but it still fixed my WMI issues

stop winmgmt service, and rename the windows\system32\wbem\repository folder.start winmgmt

rundll32.exe setupapi,InstallHinfSection WBEM 132 %windir%\inf\wbemoc.inf
 *pull needed files from C:\windows\servicepackfiles\i386
rundll32 wbemupgd, RepairWMISetup

loaded the following script I found at http://www.mrtweak.com/windows-servers/exchange-wmi-errors-wmi-repository-clear-reinstall-script/
(took some troubleshooting added the exchange lines. the "for" statements puked and had to be run manually I inserted pauses after each line just in case so I was able to troubleshoot each line as it fired)
net stop exmgmt
net stop winmgmt
cd %windir%\system32\wbem
rd /S /Q repository
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mfl
for /f %%s in (’dir /b /s *.dll’) do regsvr32 /s %%s
for /f %%s in (’dir /b *.mof’) do mofcomp %%s
for /f %%s in (’dir /b *.mfl’) do mofcomp %%s
mofcomp -n:root\cimv2\applications\exchange wbemcons.mof
mofcomp -n:root\cimv2\applications\exchange smtpcons.mof
mofcomp exmgmt.mof
mofcomp exwmi.mof
net start winmgmt
net start exmgmt
logged in to a pretty clean event log, Group Policies Applied. and apparently most the other errors I was seeing that looked totally unrelated where also effected by the WMI domino effect.

I'm going to assign points to narendraG but wanted to put more details into the EE question.
LVL 16

Author Closing Comment

by:R. Andrew Koffron
ID: 34203695
NarendraG Points: 500  Best Solution
pointed me at the fix but his comment had no details.
LVL 13

Expert Comment

ID: 34211932

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question