Administrator password reset - now weird AD errors

Please help. This seems to have happened after my network admin left and I changed the administrator password.

Windows cannot access the file gpt.ini for GPO cn={D50DE3AE-CEBB-41D7-A899-30FC694D30B3},cn=policies,cn=system,DC=eafg,DC=local. The file must be present at the location <\\eafg.local\SysVol\eafg.local\Policies\{D50DE3AE-CEBB-41D7-A899-30FC694D30B3}\gpt.ini>. (Logon failure: unknown user name or bad password. ). Group Policy processing aborted.
EdibleArrangementsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sushant GulatiConsultantCommented:
This is really important to check before drilling down and please send the ipconfig /all result

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22799705.html

Good Luck..!!
~SG~
EdibleArrangementsAuthor Commented:
not sure what you are telling me to check.  
Sushant GulatiConsultantCommented:
When did you change the password of your network admin account? How many DCs are there?

Send me these results please..
ipconfig /all
Repadmin /showrepl
dcdiag /q
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

EdibleArrangementsAuthor Commented:
I have 2 DCs.  I changed it last week.

C:\Documents and Settings\Administrator.EAFG>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : EAI-DC-01
   Primary Dns Suffix  . . . . . . . : eafg.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : eafg.local

Ethernet adapter Local Area Connection 1:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
2
   Physical Address. . . . . . . . . : 00-15-C5-5D-78-96
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.168.43
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.168.10
   DNS Servers . . . . . . . . . . . : 192.168.168.45
                                       192.168.168.43

C:\Documents and Settings\Administrator.EAFG>Repadmin /showrepl

repadmin running command /showrepl against server localhost

Default-First-Site-Name\EAI-DC-01
DC Options: IS_GC
Site Options: (none)
DC object GUID: bcc8b9f3-608e-48fc-a2bf-6fb481b2ada3
DC invocationID: 313a53a9-b6e8-4326-b4d7-c99fb0947eb6

==== INBOUND NEIGHBORS ======================================

DC=eafg,DC=local
    Default-First-Site-Name\EAFG1 via RPC
        DC object GUID: 99f0c9ff-5e27-45eb-9fe8-fba45ff9b2c0
        Last attempt @ 2011-10-03 16:59:36 was successful.
    Default-First-Site-Name\EAI-DC-02 via RPC
        DC object GUID: 631c43be-51bd-4829-90e9-9ca06dc0e286
        Last attempt @ 2011-10-03 16:59:59 was successful.

CN=Configuration,DC=eafg,DC=local
    Default-First-Site-Name\EAFG1 via RPC
        DC object GUID: 99f0c9ff-5e27-45eb-9fe8-fba45ff9b2c0
        Last attempt @ 2011-10-03 16:51:26 was successful.
    Default-First-Site-Name\EAI-DC-02 via RPC
        DC object GUID: 631c43be-51bd-4829-90e9-9ca06dc0e286
        Last attempt @ 2011-10-03 16:51:26 was successful.

CN=Schema,CN=Configuration,DC=eafg,DC=local
    Default-First-Site-Name\EAFG1 via RPC
        DC object GUID: 99f0c9ff-5e27-45eb-9fe8-fba45ff9b2c0
        Last attempt @ 2011-10-03 16:51:26 was successful.
    Default-First-Site-Name\EAI-DC-02 via RPC
        DC object GUID: 631c43be-51bd-4829-90e9-9ca06dc0e286
        Last attempt @ 2011-10-03 16:51:26 was successful.

DC=DomainDnsZones,DC=eafg,DC=local
    Default-First-Site-Name\EAI-DC-02 via RPC
        DC object GUID: 631c43be-51bd-4829-90e9-9ca06dc0e286
        Last attempt @ 2011-10-03 16:51:26 was successful.
    Default-First-Site-Name\EAFG1 via RPC
        DC object GUID: 99f0c9ff-5e27-45eb-9fe8-fba45ff9b2c0
        Last attempt @ 2011-10-03 16:51:26 was successful.

DC=ForestDnsZones,DC=eafg,DC=local
    Default-First-Site-Name\EAFG1 via RPC
        DC object GUID: 99f0c9ff-5e27-45eb-9fe8-fba45ff9b2c0
        Last attempt @ 2011-10-03 16:51:26 was successful.
    Default-First-Site-Name\EAI-DC-02 via RPC
        DC object GUID: 631c43be-51bd-4829-90e9-9ca06dc0e286
        Last attempt @ 2011-10-03 16:51:26 was successful.


dcdiag brings me nothing
Sushant GulatiConsultantCommented:
Run the this from Start > run

control keymgr.dll

and see there shouldn't be any cached credentials running saved. Run the gpupdate /force and send me the errors if there are any.

Good Luck..!!
abhijitwaikarCommented:
1. Set the NIC bindings proper.
2. Check the SYSVOL , NETLOGON shares and required policies and scripts are available and on server.
3. Also DC should point itself as primary DNS.
4. Navigate to SysVol\eafg.local\Policies\{D50DE3AE-CEBB-41D7-A899-30FC694D30B3} and check proper permissions are configured on that particular policy.

Regards,
Abhijit Waikar.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EdibleArrangementsAuthor Commented:
2.  how do i check this
3. what are the proper permissions for the {D50DE3AE-CEBB-41D7-A899-30FC694D30B3}
abhijitwaikarCommented:
1. Set the NIC bindings proper.
http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/

2. Check the SYSVOL and NETLOGON shares are available and on server.
http://technet.microsoft.com/en-us/library/cc816833(WS.10).aspx

3. what are the proper permissions for the {D50DE3AE-CEBB-41D7-A899-30FC694D30B3}
http://social.technet.microsoft.com/Forums/en/winserverDS/thread/45a2bd2f-253f-4053-b6ee-762c4b9c9945

Regards,
Abhijit Waikar.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.