[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Group Policy 1058 errors

Posted on 2011-04-25
Medium Priority
Last Modified: 2012-05-11
Hi Everyone!

I have been working on an issue for several weeks now with no resolution in site.  Hopefully someone can point me in the right direction.  I have an environment with 4 primary DC's and 14 RODC's.  On all of my RODC's Group Policy Processing is functioning fine, but on one RODC I'm getting multiple GroupPolicy 1058 errors.  Here is the exact error:

The processing of Group Policy failed. Windows attempted to read the file \\domain.com\SysVol\tas.com\Policies\{886EDCD6-0D75-476C-B75C-89C5E60E3265}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

It is clear that this is using a DFS pointer and this DFS doesn't seem do exist.  Opening DFS Management on this RODC does not show a DFS Namespace for GP policies and I am unable to find anything when I go to add it.  I can manually browse to the proper network location for the GP policies if I simply insert a specific full DC name in the place of domain.com.  

How to I change the pointers that this device is using to replicate GP policies?  I've checked through Sites and Services, DFS management, etc.....  Any help would be appreciated.  Thanks!

Question by:Twelfelt
  • 2

Expert Comment

ID: 35466336
Do a flushdns and try to ping the domain name. It has to resolve to IP of one of the domain controllers.

Have you tried adding the sysvol folder to the namespace? I am not sure if this would work as we do not have DFS setup in our environment.
In case you see replication error you can always revert back the changes.

Author Comment

ID: 35468513
Did a flushdns and was able to ping the domain and have it resolve to one of the DC's.  You can't add the SysVol Namespace to DFS - it is not allowed.  The really frustrating part is that I can easily browse to the policies on any of our DC's, I just have to replace the domain.com field with a DC server name.  I can't even edit the DFS for SysVol to ensure it is pointing to the correct location.

Accepted Solution

Twelfelt earned 0 total points
ID: 35468755
OK - I found the issue.  After digging into DFS, the sysvol dfs for this particular server was pointing to itself.  As a result it wasn't able to discover a new GP policy that hadn't replicated to its DFS directory.  I am still working on figuring out why the DFS hasn't replicated to this DC, but the fix was simple.  I opened the 'policies' folder under the SysVol DFS and set the 'active' DFS pointer on this server to one of the DC's.  I followed up with a gpupdate /force and policies updated immediately.
LVL 71

Expert Comment

ID: 37357825
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question