Windows cannot perform filter check for Group Policy object CN=.....

Posted on 2010-11-18
Last Modified: 2012-05-10
  I'm on a client site and seeing error

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1065
Date:            11/18/2010
Time:            5:19:28 PM
User:            NT AUTHORITY\SYSTEM
Computer:      <ServerName>
Windows cannot perform filter check for Group Policy object CN={D8C6DA27-22B2-47CD-9436-35150F6F0B36},CN=Policies,CN=System,DC=<MyDOmainName>,DC=local. Group Policy processing aborted.

For more information, see Help and Support Center at

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1030
Date:            11/18/2010
Time:            5:19:28 PM
User:            NT AUTHORITY\SYSTEM
Computer:      <ServerName>
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

For more information, see Help and Support Center at

I can browse the \\\sysvol\<MyDomainName>\Policies\{D8C6DA27-22B2-47CD-9436-35150F6F0B36} folder. by loopback, internal IP, and by Name.

DNS seems to be installed and working.  
Users\Workstations are not having policy issues.

the GPT.ini says:
displayName=Small Business Server Internet Connection Firewall

tThe internet connection wizard won't run without failing, but isn't generating errors in the log that seem to lead anywhere, the icw log also seems to be little help the first errors it shows is:

Error 0x80080005 returned from call to Getting IP address for the LAN NIC().
Error 0x80080005 returned from call to Reading in the LAN NIC info().
Error 0x80080005 returned from call to CNetCommit::Common().
Error 0x80080005 returned from call to CNetCommit::Commit().

it seems like a security error or DNS problem but I just can't seem to figure this out.

Question by:R. Andrew Koffron
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 34170278

Can you verify if you have correct permissions on the sysvol share por this Group Policy folder?
Take a look at this link, it show exactly what are the permisisons that have to be there:

And, do you have any error on FRS at the domain controllers? How much Doman Controllers do you have there on your structure?
LVL 16

Author Comment

by:R. Andrew Koffron
ID: 34170666
Security is right.

It's an SBS 2003 server, Only Server in the internal Physical Network Segament but other servers on the outside interface (shouldn't effect anything).

LVL 13

Accepted Solution

NarendraG earned 500 total points
ID: 34170697
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 16

Assisted Solution

by:R. Andrew Koffron
R. Andrew Koffron earned 0 total points
ID: 34174529
here's what I ended up with but that article definitely pointed me in the right direction.

after some research on WMI here's the steps that seemed to be the most directly effective.

run each line individually, or put a pause after each line in a batch file, several of the commands showed some failures on line 16-55 but it still fixed my WMI issues

stop winmgmt service, and rename the windows\system32\wbem\repository folder.start winmgmt

rundll32.exe setupapi,InstallHinfSection WBEM 132 %windir%\inf\wbemoc.inf
 *pull needed files from C:\windows\servicepackfiles\i386
rundll32 wbemupgd, RepairWMISetup

loaded the following script I found at
(took some troubleshooting added the exchange lines. the "for" statements puked and had to be run manually I inserted pauses after each line just in case so I was able to troubleshoot each line as it fired)
net stop exmgmt
net stop winmgmt
cd %windir%\system32\wbem
rd /S /Q repository
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mfl
for /f %%s in (’dir /b /s *.dll’) do regsvr32 /s %%s
for /f %%s in (’dir /b *.mof’) do mofcomp %%s
for /f %%s in (’dir /b *.mfl’) do mofcomp %%s
mofcomp -n:root\cimv2\applications\exchange wbemcons.mof
mofcomp -n:root\cimv2\applications\exchange smtpcons.mof
mofcomp exmgmt.mof
mofcomp exwmi.mof
net start winmgmt
net start exmgmt
logged in to a pretty clean event log, Group Policies Applied. and apparently most the other errors I was seeing that looked totally unrelated where also effected by the WMI domino effect.

I'm going to assign points to narendraG but wanted to put more details into the EE question.
LVL 16

Author Closing Comment

by:R. Andrew Koffron
ID: 34203695
NarendraG Points: 500  Best Solution
pointed me at the fix but his comment had no details.
LVL 13

Expert Comment

ID: 34211932

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question