ITdiamond
asked on
DC cannot query list of Group Policy Objects Event ID: 1030 and 1058 in Userenv
After an unexpected power failure and UPS failure, our main Domain Controller is kicking out these Application Event logs every 15 minutes or every time I run gpupdate.
Event ID: 1058
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945 F-00C04FB9 84F9},CN=P olicies,CN =System,DC =domain,DC =com. The file must be present at the location <\\domain.com\sysvol\domai n.com\Poli cies\{31B2 F340-016D- 11D2-945F- 00C04FB984 F9}\gpt.in i>. (Access is denied. ). Group Policy processing aborted.
Event ID: 1030
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
Now what is odd is I can cut and paste that path that it says "Access denied" on and the gpt.ini opens in notepad no questions asked. The file just contains this text:
[General]
Version=2228533
Now the path this is referencing is the "Default Domain Policy" and the NTFS Security on it is:
Authenticated Users - Read and Execute, List, Read
Creator owner - special permissions checked
Domain Admins - Full Control
Enterprise Admins - Full Control
Enterprise Domain Controllers - Read and Execute, List, Read
SYSTEM - Full Control
If I try to check RSOP.msc on this DC I get this error after a few seconds of poking around:
The following error occurred in \\domain.com\sysvol\domain .com\Polic ies\{31B2F 340-016D-1 1D2-945F-0 0C04FB984F 9}\Adm\ine tres.adm on line 15620: Error 64 Help string specified more than once. The file can not be loaded.
Do you think this one file is the cause of these event ID errors? I don't seem to get that on my Windows 7 machine through RSOP or GPMC. I opened inetres.adm and on line 15620 is this statement: EXPLAIN !!IE_ExplainCat This also occures on line 115. So should I delete line 15620?
I'm not quite sure how to resolve this. A lot of articles point to network issues, DNS, and those sorts of things, but everything is running great. DNS looks great.... name lookups are correct, NETDIAG looks good, this DC can ping and access everything it's supposed to.
I just want to have a clean DC and this error doesn't appear to be happening on my other 2 DC's (another local 2003 R2 server and a remote office 2008 R2 server).
Thanks for the help!
Event ID: 1058
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945
Event ID: 1030
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
Now what is odd is I can cut and paste that path that it says "Access denied" on and the gpt.ini opens in notepad no questions asked. The file just contains this text:
[General]
Version=2228533
Now the path this is referencing is the "Default Domain Policy" and the NTFS Security on it is:
Authenticated Users - Read and Execute, List, Read
Creator owner - special permissions checked
Domain Admins - Full Control
Enterprise Admins - Full Control
Enterprise Domain Controllers - Read and Execute, List, Read
SYSTEM - Full Control
If I try to check RSOP.msc on this DC I get this error after a few seconds of poking around:
The following error occurred in \\domain.com\sysvol\domain
Do you think this one file is the cause of these event ID errors? I don't seem to get that on my Windows 7 machine through RSOP or GPMC. I opened inetres.adm and on line 15620 is this statement: EXPLAIN !!IE_ExplainCat This also occures on line 115. So should I delete line 15620?
113: CATEGORY !!InternetExplorer
114: #if version >= 4
115: EXPLAIN !!IE_ExplainCat
116: #endif
117:
118: POLICY !!NoHelpMenu
...
15618: CATEGORY !!InternetExplorer
15619: #if version >= 4
15620: EXPLAIN !!IE_ExplainCat
15621: #endif
15622:
15623: POLICY !!NoHelpMenu
I'm not quite sure how to resolve this. A lot of articles point to network issues, DNS, and those sorts of things, but everything is running great. DNS looks great.... name lookups are correct, NETDIAG looks good, this DC can ping and access everything it's supposed to.
I just want to have a clean DC and this error doesn't appear to be happening on my other 2 DC's (another local 2003 R2 server and a remote office 2008 R2 server).
Thanks for the help!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok I added the WaitForNetwork dword key with a value of 1 under HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows NT\CurrentVersion\Winlogon
This is interesting because I think you are on to something. Whenever the server is power cycled randomly this happens and usually we restart it at the end of a business day to fix it. So maybe it is a race condition or something else like explained in the KB article where at boot up it tries to process group policies before other components are running.
I remember now the command: dfsutil /PurgeMupCache is what I used last time the server was rebooted and it resolved the errors.
I'm going to think that this will fix the problem. I'll reboot it tonight and see if the errors come back at all.
This is interesting because I think you are on to something. Whenever the server is power cycled randomly this happens and usually we restart it at the end of a business day to fix it. So maybe it is a race condition or something else like explained in the KB article where at boot up it tries to process group policies before other components are running.
I remember now the command: dfsutil /PurgeMupCache is what I used last time the server was rebooted and it resolved the errors.
I'm going to think that this will fix the problem. I'll reboot it tonight and see if the errors come back at all.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes the errors were every 15 minutes.
4) PURGING THE MUPCACHE
This resolved the issue on 6/29 because I haven't seen those errors since. I waited awhile to see if they would return but they did not.
They usually happen when things come back up after a power outage or were rebooting things thanks to windows updates. Its almost like if the DC's aren't powered on in a particular order, this one has to have the mupcache purged.
4) PURGING THE MUPCACHE
This resolved the issue on 6/29 because I haven't seen those errors since. I waited awhile to see if they would return but they did not.
They usually happen when things come back up after a power outage or were rebooting things thanks to windows updates. Its almost like if the DC's aren't powered on in a particular order, this one has to have the mupcache purged.
ASKER
So line 15620 is unique, but still after doing gpupdate /force then going into rsop, when I go to expand Computer Configuration > Administrative Templates, I get the same error.
Though event ID 1704 from SceCli (information) showed up after two separate gpupdate's now "Security policy in the Group Policy objects have been applied successfully."
Though I'll have to wait and see if the Userenv errors come back later.