Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

GP errors

Posted on 2012-04-10
15
Medium Priority
?
708 Views
Last Modified: 2012-07-21
I seem to be having issue with some of our servers within our domiain generating these errors on a regular basis:

Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ldc,DC=*domainname*,DC=co,DC=uk. The file must be present at the location <\\*DOMAINNAME*\sysvol\*DOMAINNAME*\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The format of the specified network name is invalid. ). Group Policy processing aborted.

and then we would recieve the error:

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

We have recently added 2 new windows server 2008 R2 Domain controllers to the domain using forest functional level of Windows server 2003.

Does anyone know a way I can stop these errors from being generated.

Thanks
0
Comment
Question by:ccfcfc
  • 8
  • 4
  • 2
14 Comments
 
LVL 10

Expert Comment

by:jmanishbabu
ID: 37827172
Is this the DC in which FRS service is running and you are getting the errors?

Upload "repadmin /showrepl dc* /verbose /all /intersite >c:\replication.txt"

And also

dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37827567
Post a plain dcdiag without switches. Seems like the Windows 2008 Server aren't fully replicated which we can fix pretty easy but I need to make sure that is the problem
0
 

Author Comment

by:ccfcfc
ID: 37828142
here you go

see attached

thanks
dcdiag.txt
dctools.zip
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37828159
Check your DNS settings you should be only pointing to internal DNS servers only in the TCP\IP properties
0
 
LVL 10

Expert Comment

by:jmanishbabu
ID: 37828378
Check the Primary DNS servers configured .  Point it to local host and to the Secondary DNS server to the  nearest available DC .
0
 

Author Comment

by:ccfcfc
ID: 37831492
We seem to be getting entries in a few member servers in the domain with the following :-

Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},
CN=Policies,CN=System,DC=ldc,DC=intamac,DC=co,DC=uk. The file must be present at the
location <\\ldc.intamac.co.uk\sysvol\ldc.intamac.co.uk\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(The format of the specified network name is invalid. ). Group Policy processing aborted.


Source: userenv
EventID : 1058
Type error
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37832486
Please post ipconfig /all

Are these happening on all clients or servers?
0
 

Author Comment

by:ccfcfc
ID: 37832521
here you go:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\*******>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : LDC-DC-01
   Primary Dns Suffix  . . . . . . . : ldc.intamac.co.uk
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ldc.intamac.co.uk
                                       intamac.co.uk
                                       co.uk

Ethernet adapter NIC Team 1:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : BASP Virtual Adapt
   Physical Address. . . . . . . . . : 00-19-B9-EE-48-1F
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.50.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.50.254
   DNS Servers . . . . . . . . . . . : 192.168.50.1
                                       192.168.50.2

C:\Documents and Settings\*(((****>


No this network only hosts servers and NO workstations.

thanks
0
 

Author Comment

by:ccfcfc
ID: 37833109
These errors are only happening on a few member servers in the domain
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 37833893
Have you run dfsutil /purgemupcache
0
 

Author Comment

by:ccfcfc
ID: 37923341
IT seems possibly that a "non microsoft" service is the issue so, running "start msconfig" and disabling these services and waitng to see if GP repliactions occurs.
Problem then is, working out what services is creating the problem.
0
 

Author Comment

by:ccfcfc
ID: 38182390
I've requested that this question be closed as follows:

Accepted answer: 0 points for ccfcfc's comment #37923341

for the following reason:

no other solution has been found.
0
 

Accepted Solution

by:
ccfcfc earned 0 total points
ID: 38189763
All it seems after long discussions with Microsoft and our Anti-Virus provider, Kaspersky, we seem to have found the solution.

It seems that the the Primary DC was the only server which was having the issue with the group policy as other servers which was using the secondary DC on our network were all downloading the group policy OK. Also the affected clients, I moved over to the secondary server, and seems to be working OK.

Therefore having a look at the config, our primary DC has Symatec Endpoint Installed and running which i believe is causing the issue as the secodnary DC has Kaspersky Endpoint installed and works fine. Removed AV and seems to be working OK again.
0
 

Author Closing Comment

by:ccfcfc
ID: 38209868
This is the solution after many investigations with Kaspersky and Microsoft.
4
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question