Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Event id 1030 and 1058

Posted on 2011-10-28
14
Medium Priority
?
567 Views
Last Modified: 2012-05-12
Hello EE. I have a domain controller running Windows 2003 SP2 that is located at another location that logs event ID 1030 and 1058. It complains about not finding a particular gpt.ini file for a particular GPO. The remote DC replicates from the main DC located at the main siite. The remote DC connects to the main location via site to site VPN tunnel. When I look at the sysvol on both DCs they do not have the same number of entries  of entries.  The main DC has more poilicies. Are they supposed to be the same?
0
Comment
Question by:InSearchOf
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 37048649
Yes the policies should be same on both the DC.
As there is mismatch between the sysvol content between both the DC perform authorative and non authorative restore of sysvol.

As you have two DC in the network you need to take the backup of sysvol folder(Policies & Scripts) of both DC.Perform D4(auth restore) on healthy DC in your case it is main DC  and D2(non-auth restore) on other DC.

This is probably what you need to do to get it back.
Reference KB "http://support.microsoft.com/kb/290762/" article.

0
 
LVL 10

Assisted Solution

by:abhijitwaikar
abhijitwaikar earned 500 total points
ID: 37048847
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 37052421
Usually these errors are caused by a problem with the replication process. Please read the article I wrote on the subject to help you self diagnose the root cause:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_1073-Diagnosing-and-repairing-Events-1030-and-1058.html
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 

Author Comment

by:InSearchOf
ID: 37052859
Ok. Thanks for the info. Lrt me look at these solutions and post back. Is there an order to things when it to the BUR flags solution?
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 37053337
Yes, if replication seizes and you can't restart the replication service manually. This is when you have to use the Burflag. Prior to doing so, you have to fix the DNS discrepancy first. Otherwise you will not be able to reset the replication between servers.
0
 

Author Comment

by:InSearchOf
ID: 37053392
Well, I ran the checks and tests outlined in the links in your atricle and I get no errord as well as the dfsutil /PurgeMupCache command. The number of policies still differ between the 2 DCs. The main DC has more entries than the remote one.  I read on your article that using the BUR registry method was not reccommended for Windows 2003 R2 which is what I have.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 37053846
Did you run DCdiag /test:DNS at the server's command prompt and also look within the FRS event logs of the DC?
0
 

Author Comment

by:InSearchOf
ID: 37065355
Yes I did. The test ran fine and the event logs have no error. Now I am getting 1030 and 1058 every 5 minutes.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 37067819
That's a server to server replication. I would like to take a look at this output:

DCdiag /test:netlogons
-------------------------------------------------
I think all you will have to do is reset the replication set between servers...

So, go to the server's command prompt and type these command lines:

Net stop netlogon
Net start netlogon
net stop NTFRS
net start NTFRS

NOW go into AD sites and services snapin and force replicate between servers.

Here is how:
http://www.windowsnetworking.com/kbase/windowstips/windows2003/admintips/activedirectory/ForcingActiveDirectoryReplication.html

---------------------------------------------
Within the errors, you will see an id to the group policy:

it will look something like a gui ID and that tells us what policy is having problems.. What is the UNC path ID of the GPO object having issues?
-----------------------------------------------

0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 600 total points
ID: 37068153
Have you tried to rebuild the sysvol as there is mismatch between the sysvol content?
Unless you dont rebuild the same you will recieve the event event ID 1030 and 1058.If you ran gpupdate /force you will get the same event.

1) Normally for an Authoritative Restore you stop at NTFRS services on all DCs.
2) Set burflags to D4 on a known good sysvol (or at this time restore sysvol data from backup then set burflags to D4) then start NTFRS on this server.  You may want to rename the old folders with .old extensions prior to restoring good data.
3) Clean up the folders on all the remaining servers (Policies, Scripts, etc) - renamed them with .old extensions.
4) Set burflags to D2 on all remaining servers and start NTFRS.
5) Wait for FRS to replicate.
6) Clean up the .old stuff if things look good.

This is probably what you need to do to get it back.KB article:http://support.microsoft.com/kb/290762/" article.
0
 

Author Comment

by:InSearchOf
ID: 37068884
Ok. Thanks for the useful tips. I will try them and post back.
0
 

Author Comment

by:InSearchOf
ID: 37068948
This is the output from  DCdiag /test:netlogons:

C:\Program Files\Support Tools>DCdiag /test:netlogons

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: NAME\NYF-NAME
      Starting test: Connectivity
         ......................... NYF-NAME passed test Connectivity

Doing primary tests

   Testing server: NAME\NYF-NAME
      Starting test: NetLogons
         ......................... NYF-NAME passed test NetLogons

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : DOMAIN
   Running enterprise tests on : DOMAIN.org
C:\Program Files\Support Tools>
0
 
LVL 39

Accepted Solution

by:
ChiefIT earned 900 total points
ID: 37104869
OK, a soft reset of the FRS service might fix the issue.

On the remote site, go to the command prompt and type.

Net stop NTFRS

On the FSMO main site, go to the DC and type:

net stop NTFRS
Net start NTFRS

On the remote site, go to the command prompt and type:
Net start NTFRS

Now, try to force replicate between servers by going into AD sites and services snapin. Follow these instructions if you need to know how to force replicate.

http://www.windowsnetworking.com/kbase/windowstips/windows2003/admintips/activedirectory/ForcingActiveDirectoryReplication.html
0
 

Author Comment

by:InSearchOf
ID: 37106549
Ok. Thanks ChiefIT. That worked. Thank you all for the help.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question