1Dingodog
asked on
GPO new policy error
Server 2008 Standard new install, error on Group Policy editing. Access Denied when trying to save cahnges. No error shows up in Event Viewer. I can creat a new policy and link it to the OU then edit and save, open the Policy again and have no access to save any changes.Checked security settings for SYSVOL and Administrator has full control of folder. Any suggestions on what to check next.
ASKER
No errors in event logs
How about dcdiag
ASKER
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Server2008
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER2008 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Advertising
......................... SERVER2008 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER2008 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER2008 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER2008 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER2008 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER2008 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER2008 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER2008 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER2008 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER2008 passed test ObjectsReplicated
Starting test: Replications
......................... SERVER2008 passed test Replications
Starting test: RidManager
......................... SERVER2008 passed test RidManager
Starting test: Services
......................... SERVER2008 passed test Services
Starting test: SystemLog
An Warning Event occurred. EventID: 0x80060005
Time Generated: 03/13/2011 18:29:56
Event String:
The Virtual Storage Filter Driver is disabled through the registry. It is inactive for all disk drives.
An Warning Event occurred. EventID: 0x80040020
Time Generated: 03/13/2011 18:30:12
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
An Warning Event occurred. EventID: 0x80040020
Time Generated: 03/13/2011 18:30:12
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
An Warning Event occurred. EventID: 0x80040020
Time Generated: 03/13/2011 18:30:12
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
An Warning Event occurred. EventID: 0x8000001D
Time Generated: 03/13/2011 18:30:25
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 03/13/2011 18:30:57
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
An Error Event occurred. EventID: 0x000004E6
Time Generated: 03/13/2011 18:31:10
Event String: Chassis intrusion detected
An Error Event occurred. EventID: 0xC0001B72
Time Generated: 03/13/2011 18:31:51
Event String:
The following boot-start or system-start driver(s) failed to load:
An Warning Event occurred. EventID: 0x000727AA
Time Generated: 03/13/2011 18:34:10
Event String:
The WinRM service failed to create the following SPNs: WSMAN/Server2008.Boc.local
......................... SERVER2008 failed test SystemLog
Starting test: VerifyReferences
......................... SERVER2008 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Boc
Starting test: CheckSDRefDom
......................... Boc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Boc passed test CrossRefValidation
Running enterprise tests on : Boc.local
Starting test: LocatorCheck
......................... Boc.local passed test LocatorCheck
Starting test: Intersite
......................... Boc.local passed test Intersite
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Server2008
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER2008 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Advertising
......................... SERVER2008 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER2008 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER2008 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER2008 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER2008 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER2008 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER2008 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER2008 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER2008 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER2008 passed test ObjectsReplicated
Starting test: Replications
......................... SERVER2008 passed test Replications
Starting test: RidManager
......................... SERVER2008 passed test RidManager
Starting test: Services
......................... SERVER2008 passed test Services
Starting test: SystemLog
An Warning Event occurred. EventID: 0x80060005
Time Generated: 03/13/2011 18:29:56
Event String:
The Virtual Storage Filter Driver is disabled through the registry. It is inactive for all disk drives.
An Warning Event occurred. EventID: 0x80040020
Time Generated: 03/13/2011 18:30:12
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
An Warning Event occurred. EventID: 0x80040020
Time Generated: 03/13/2011 18:30:12
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
An Warning Event occurred. EventID: 0x80040020
Time Generated: 03/13/2011 18:30:12
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
An Warning Event occurred. EventID: 0x8000001D
Time Generated: 03/13/2011 18:30:25
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 03/13/2011 18:30:57
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
An Error Event occurred. EventID: 0x000004E6
Time Generated: 03/13/2011 18:31:10
Event String: Chassis intrusion detected
An Error Event occurred. EventID: 0xC0001B72
Time Generated: 03/13/2011 18:31:51
Event String:
The following boot-start or system-start driver(s) failed to load:
An Warning Event occurred. EventID: 0x000727AA
Time Generated: 03/13/2011 18:34:10
Event String:
The WinRM service failed to create the following SPNs: WSMAN/Server2008.Boc.local
......................... SERVER2008 failed test SystemLog
Starting test: VerifyReferences
......................... SERVER2008 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Boc
Starting test: CheckSDRefDom
......................... Boc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Boc passed test CrossRefValidation
Running enterprise tests on : Boc.local
Starting test: LocatorCheck
......................... Boc.local passed test LocatorCheck
Starting test: Intersite
......................... Boc.local passed test Intersite
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Server2008
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER2008 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Advertising
......................... SERVER2008 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER2008 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER2008 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER2008 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER2008 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER2008 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER2008 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER2008 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER2008 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER2008 passed test ObjectsReplicated
Starting test: Replications
......................... SERVER2008 passed test Replications
Starting test: RidManager
......................... SERVER2008 passed test RidManager
Starting test: Services
......................... SERVER2008 passed test Services
Starting test: SystemLog
An Warning Event occurred. EventID: 0x80060005
Time Generated: 03/13/2011 18:29:56
Event String:
The Virtual Storage Filter Driver is disabled through the registry. It is inactive for all disk drives.
An Warning Event occurred. EventID: 0x80040020
Time Generated: 03/13/2011 18:30:12
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
An Warning Event occurred. EventID: 0x80040020
Time Generated: 03/13/2011 18:30:12
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
An Warning Event occurred. EventID: 0x80040020
Time Generated: 03/13/2011 18:30:12
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
An Warning Event occurred. EventID: 0x8000001D
Time Generated: 03/13/2011 18:30:25
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 03/13/2011 18:30:57
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
An Error Event occurred. EventID: 0x000004E6
Time Generated: 03/13/2011 18:31:10
Event String: Chassis intrusion detected
An Error Event occurred. EventID: 0xC0001B72
Time Generated: 03/13/2011 18:31:51
Event String:
The following boot-start or system-start driver(s) failed to load:
An Warning Event occurred. EventID: 0x000727AA
Time Generated: 03/13/2011 18:34:10
Event String:
The WinRM service failed to create the following SPNs: WSMAN/Server2008.Boc.local
......................... SERVER2008 failed test SystemLog
Starting test: VerifyReferences
......................... SERVER2008 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Boc
Starting test: CheckSDRefDom
......................... Boc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Boc passed test CrossRefValidation
Running enterprise tests on : Boc.local
Starting test: LocatorCheck
......................... Boc.local passed test LocatorCheck
Starting test: Intersite
......................... Boc.local passed test Intersite
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Server2008
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER2008 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Advertising
......................... SERVER2008 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SERVER2008 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER2008 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER2008 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER2008 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER2008 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER2008 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER2008 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER2008 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER2008 passed test ObjectsReplicated
Starting test: Replications
......................... SERVER2008 passed test Replications
Starting test: RidManager
......................... SERVER2008 passed test RidManager
Starting test: Services
......................... SERVER2008 passed test Services
Starting test: SystemLog
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 03/13/2011 18:30:57
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
An Error Event occurred. EventID: 0x000004E6
Time Generated: 03/13/2011 18:31:10
Event String: Chassis intrusion detected
An Error Event occurred. EventID: 0xC0001B72
Time Generated: 03/13/2011 18:31:51
Event String:
The following boot-start or system-start driver(s) failed to load:
An Warning Event occurred. EventID: 0x000727AA
Time Generated: 03/13/2011 18:34:10
Event String:
The WinRM service failed to create the following SPNs: WSMAN/Server2008.Boc.local
......................... SERVER2008 failed test SystemLog
Starting test: VerifyReferences
......................... SERVER2008 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Boc
Starting test: CheckSDRefDom
......................... Boc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Boc passed test CrossRefValidation
Running enterprise tests on : Boc.local
Starting test: LocatorCheck
......................... Boc.local passed test LocatorCheck
Starting test: Intersite
......................... Boc.local passed test Intersite
Disable your AV then try
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What pushed you to suspect the AV, but that seemed to be the issue. I was able to edit 2 policies and save them. I will accept this as solution and keep my fingers crossed.
Common issue
ASKER
Thanks for the help.
Any errors in the Event logs?