Avatar of Christopher Casey
Christopher Casey
Flag for United States of America asked on

New DC win 08 question

Greetings,
            I have set up a new FSMO DC in an existing AD domain. However I have been reciving the following error about group policy. Any thoughts on whats happening?

Thanks


The processing of Group Policy failed. Windows attempted to read the file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
CitrixWindows Server 2008Active Directory

Avatar of undefined
Last Comment
Christopher Casey

8/22/2022 - Mon
motnahp00

Make sure you have the new DC network adapter configured to point to the other DCs.
neilpage99

1. First thing I would do is navigate to that exact path provided and verify the gpt.ini is there:
\\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt.ini
cwstad2

This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Christopher Casey

ASKER
Thanks all for responding!
yes the adapter has the entries for the other DC's in it.
I can access the Sysvol path via UNC.
And unfortunately i'm getting a SQL error on the link provided :(

When I run dcdiag this is the output.
           
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = LPDCM
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\LPDCM
      Starting test: Connectivity
         ......................... LPDCM passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\LPDCM
      Starting test: Advertising
         ......................... LPDCM passed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... LPDCM passed test FrsEvent
      Starting test: DFSREvent
         ......................... LPDCM passed test DFSREvent
      Starting test: SysVolCheck
         ......................... LPDCM passed test SysVolCheck
      Starting test: KccEvent
         ......................... LPDCM passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... LPDCM passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... LPDCM passed test MachineAccount
      Starting test: NCSecDesc
         ......................... LPDCM passed test NCSecDesc
      Starting test: NetLogons
         [LPDCM] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... LPDCM failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... LPDCM passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,LPDCM] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
         error 0x2105 "Replication access was denied."
         ......................... LPDCM failed test Replications
      Starting test: RidManager
         ......................... LPDCM passed test RidManager
      Starting test: Services
            Could not open NTDS Service on LPDCM, error 0x5 "Access is denied."
         ......................... LPDCM failed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000422
            Time Generated: 05/25/2012   15:03:41
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt
.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 05/25/2012   15:08:44
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt
.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 05/25/2012   15:13:46
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt
.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 05/25/2012   15:18:49
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt
.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 05/25/2012   15:23:53
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt
.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 05/25/2012   15:28:56
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt
.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 05/25/2012   15:33:59
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt
.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 05/25/2012   15:39:01
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt
.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 05/25/2012   15:41:45
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt
.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 05/25/2012   15:44:04
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt
.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 05/25/2012   15:49:07
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt
.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 05/25/2012   15:54:10
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt
.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
         An error event occurred.  EventID: 0x0000165B
            Time Generated: 05/25/2012   15:54:17
            Event String:
            The session setup from computer '02-105' failed because the security
 database does not contain a trust account '02-105$' referenced by the specified
 computer.
         An error event occurred.  EventID: 0x000016AD
            Time Generated: 05/25/2012   15:56:34
            Event String:
            The session setup from the computer 02-105 failed to authenticate. T
he following error occurred:
         An error event occurred.  EventID: 0x00000422
            Time Generated: 05/25/2012   15:59:13
            Event String:
            The processing of Group Policy failed. Windows attempted to read the
 file \\lp.com\SysVol\lp.com\Policies\{BE0F2168-44F5-4287-92C9-2E89F73BA238}\gpt
.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
         ......................... LPDCM failed test SystemLog
      Starting test: VerifyReferences
         ......................... LPDCM passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : lp
      Starting test: CheckSDRefDom
         ......................... lp passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... lp passed test CrossRefValidation

   Running enterprise tests on : lp.com
      Starting test: LocatorCheck
         ......................... lp.com passed test LocatorCheck
      Starting test: Intersite
         ......................... lp.com passed test Intersite
Christopher Casey

ASKER
To neilpage99,
      In further investigation no that file and ID folder are not there.
So where is it getting this link from?
Christopher Casey

ASKER
Or further how can i find the link and get rid of it :)
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Christopher Casey

ASKER
More info...
The path is only on one of the DC's also it seems to have more polices than the other 2.
Mind i inherited this domain so...trying to undo what others have done...
motnahp00

Check Active Directory Sites and Services and see if there are any non-existent DCs in your replication topology.
Christopher Casey

ASKER
yes as a matter of fact there was a non existent DC in the list.
I have removed it..Anything/anywhere else i should look?
Error still appears when gpupdate is run...
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Darius Ghassem

Here we go this should fixed the replication issues but let us look at the ipconfig /all first.


Take backup of the policies and script folders from both the servers from c:\Windows\Sysvol\domain

Stop NTFRS service on both DCs.
Make one of the DC authoritative server by modifying registry setting : Navigate to registry HKLM\System\CCS\Services\NTFRS\Parameters\CumlativeReplicaSets and Set the Burflags value to D4. This should be done with server which has the Updated information available or correct data.

Go to other DC and make that Non-authoritative by navigating to same registry location HKLM\System\CCS\Services\NTFRS\Parameters\CumlativeReplicaSets and Set the Burflags value to D2.
Restart Ntfrs service on both servers and force replication to see event 13516 in event viewer for FRS.

Make sure you are running dcdiag with elevated permissions on command prompt
motnahp00

Good... run this to force replication:

repadmin /syncall

If all goes well, you should not have any errors.
Darius Ghassem

I would check to make sure the DC was actually removed.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

If you are running Windows 2003 domain level you still have to run metadata cleanup the old way
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Prashant Girennavar

Logs Clearly indicates that there is an issue with sysvol,

First try Forcing the sysvol replicaiton and check

http://www.windowstricks.in/2009/11/force-sysvol-replication.html 

If it does not help , then you can perfrom Restore of sysvol folder , by setting burfalg to D2 on problematic DC

http://blogs.dirteam.com/blogs/jorge/archive/2010/08/12/restoring-the-sysvol-non-authoritatively-when-either-using-ntfrs-or-dfs-r-part-1.aspx

By doing this , Problematic DC will conacting the other DC which has got healthy sysvol folder and start replicating from it/

additionally refer below techwiki article which explains about this in detail

http://social.technet.microsoft.com/wiki/contents/articles/8548.sysvol-and-netlogon-share-importance-in-active-directory.aspx

Regards,

_Prashant_
Christopher Casey

ASKER
Still receiving the same error after following the above steps.
Let me know any logs you may need if I'm missing something..
Christopher Casey

ASKER
Really at a loss here. I walked through the steps folks listed above and the error still shows.
the bad DC is completely gone no trace what so ever. the policy seems to be in the sysvol folder. Is there anything I can do? Can i delete the policy in question out of sysvol?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER CERTIFIED SOLUTION
Christopher Casey

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Christopher Casey

ASKER
After following the steps to remove the down DC the error still appeared as it was still linked in GP. after "unlink" the policy everything else functioned.