Group Policy 1058 errors

Posted on 2011-04-25
Last Modified: 2012-05-11
Hi Everyone!

I have been working on an issue for several weeks now with no resolution in site.  Hopefully someone can point me in the right direction.  I have an environment with 4 primary DC's and 14 RODC's.  On all of my RODC's Group Policy Processing is functioning fine, but on one RODC I'm getting multiple GroupPolicy 1058 errors.  Here is the exact error:

The processing of Group Policy failed. Windows attempted to read the file \\\SysVol\\Policies\{886EDCD6-0D75-476C-B75C-89C5E60E3265}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

It is clear that this is using a DFS pointer and this DFS doesn't seem do exist.  Opening DFS Management on this RODC does not show a DFS Namespace for GP policies and I am unable to find anything when I go to add it.  I can manually browse to the proper network location for the GP policies if I simply insert a specific full DC name in the place of  

How to I change the pointers that this device is using to replicate GP policies?  I've checked through Sites and Services, DFS management, etc.....  Any help would be appreciated.  Thanks!

Question by:Twelfelt
    LVL 7

    Expert Comment

    Do a flushdns and try to ping the domain name. It has to resolve to IP of one of the domain controllers.

    Have you tried adding the sysvol folder to the namespace? I am not sure if this would work as we do not have DFS setup in our environment.
    In case you see replication error you can always revert back the changes.

    Author Comment

    Did a flushdns and was able to ping the domain and have it resolve to one of the DC's.  You can't add the SysVol Namespace to DFS - it is not allowed.  The really frustrating part is that I can easily browse to the policies on any of our DC's, I just have to replace the field with a DC server name.  I can't even edit the DFS for SysVol to ensure it is pointing to the correct location.

    Accepted Solution

    OK - I found the issue.  After digging into DFS, the sysvol dfs for this particular server was pointing to itself.  As a result it wasn't able to discover a new GP policy that hadn't replicated to its DFS directory.  I am still working on figuring out why the DFS hasn't replicated to this DC, but the fix was simple.  I opened the 'policies' folder under the SysVol DFS and set the 'active' DFS pointer on this server to one of the DC's.  I followed up with a gpupdate /force and policies updated immediately.
    LVL 67

    Expert Comment

    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
    Synchronize a new Active Directory domain with an existing Office 365 tenant
    This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now