Group Policy 1058 errors

Hi Everyone!

I have been working on an issue for several weeks now with no resolution in site.  Hopefully someone can point me in the right direction.  I have an environment with 4 primary DC's and 14 RODC's.  On all of my RODC's Group Policy Processing is functioning fine, but on one RODC I'm getting multiple GroupPolicy 1058 errors.  Here is the exact error:

The processing of Group Policy failed. Windows attempted to read the file \\domain.com\SysVol\tas.com\Policies\{886EDCD6-0D75-476C-B75C-89C5E60E3265}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

It is clear that this is using a DFS pointer and this DFS doesn't seem do exist.  Opening DFS Management on this RODC does not show a DFS Namespace for GP policies and I am unable to find anything when I go to add it.  I can manually browse to the proper network location for the GP policies if I simply insert a specific full DC name in the place of domain.com.  

How to I change the pointers that this device is using to replicate GP policies?  I've checked through Sites and Services, DFS management, etc.....  Any help would be appreciated.  Thanks!

TwelfeltAsked:
Who is Participating?
 
TwelfeltAuthor Commented:
OK - I found the issue.  After digging into DFS, the sysvol dfs for this particular server was pointing to itself.  As a result it wasn't able to discover a new GP policy that hadn't replicated to its DFS directory.  I am still working on figuring out why the DFS hasn't replicated to this DC, but the fix was simple.  I opened the 'policies' folder under the SysVol DFS and set the 'active' DFS pointer on this server to one of the DC's.  I followed up with a gpupdate /force and policies updated immediately.
0
 
ashutoshsapreCommented:
Do a flushdns and try to ping the domain name. It has to resolve to IP of one of the domain controllers.

Have you tried adding the sysvol folder to the namespace? I am not sure if this would work as we do not have DFS setup in our environment.
In case you see replication error you can always revert back the changes.
0
 
TwelfeltAuthor Commented:
Did a flushdns and was able to ping the domain and have it resolve to one of the DC's.  You can't add the SysVol Namespace to DFS - it is not allowed.  The really frustrating part is that I can easily browse to the policies on any of our DC's, I just have to replace the domain.com field with a DC server name.  I can't even edit the DFS for SysVol to ensure it is pointing to the correct location.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.