Moordoom
asked on
GPT.ini Error in Application Log
Want to preface this question with a little pre-information. I figure too much info is better than too little.
10 months ago we had our PDC Domain Controller lose 2 hard drives at the same time. One of our Admins forcibly seized control of all th FSMO Schemas from this machine before trying to bring the PDC back online.
We had 2 other DCs on the domain at the time. One which took on all roles but infrastructure, and then our Exchange Server which holds the infrastructure role.
Since this time, the old PDC was brought back online, none the wiser for having its roles seized. We then proceeded to go thru the act of moving the FSMO roles normally from that machine, in hopes that there would be no conflicts.
For the sake of simplicity, we will call the Machines DC1 (the old PDC), DC2 (The New PDC) , DCE3 (With Exchange).
DC1 was never re-given the FSMO roles it had before. Its only domain function is BDC, and Backup Browser.
DC2 has all Roles including GC except for Infrastructure
DCE3 has only the Infrastructure, BDC and Backup Browser.
Every server in this Domain (except for DC2 and DCE3) gets an error Event ID 1058 and 1030 on login or an RDP Login, and on my TS machines with 50+ users logging off and on multiple times daily the application log on those machines gets long quickly.
Event ID 1058 is Windows cannot access file gpt.in for GPO cn={XXXXXXXXXX}
Event ID 1030 is Windows cannot query for the list of Group Policy objects.
I have tried numerous patches and hotfixes from Microsoft (I even have an open ticket with them on it, and they cannot seem to find the issue) and nothing has fixed it.
I sat down today to dig deeper.
I have gone throught the permission fix of the folders in the SYSVOL as well.
While doing this I noticed that DC1 had 20 folders inside the Policies Folder, while DC2 and DCE3 had 23. I looked in the logs of the member servers, and noticed the GPOs causing the errors were not on DC1, So I decided to force replication between the 3 of them.
DC2 can force replication to DC1 and DCE3, and DC1 and DCE3 can force replication back to DC2. DC1 and DCE3 cannot replicate to each other. They get a "The naming context specified for this replication operation is invalid" when I try. It also did not replicate the folders missing on DC1 after the forced replication.
Also the NTDS Setting names for DC2 and DCE3 say "<automatically generated>", while DC1 has long hexadecimal names (example - dfb1edda-2695-4cd2-9b79-c5
Also in the security tab for all 3 DCs, the is an Account Unknown (S1-xxxxxxxxxxxx) listed. That account has no permissions except special rights, which is grey checked.
So knowing the above information, how can I fix 1030 and 1058 Event ID errors?
10 months ago we had our PDC Domain Controller lose 2 hard drives at the same time. One of our Admins forcibly seized control of all th FSMO Schemas from this machine before trying to bring the PDC back online.
We had 2 other DCs on the domain at the time. One which took on all roles but infrastructure, and then our Exchange Server which holds the infrastructure role.
Since this time, the old PDC was brought back online, none the wiser for having its roles seized. We then proceeded to go thru the act of moving the FSMO roles normally from that machine, in hopes that there would be no conflicts.
For the sake of simplicity, we will call the Machines DC1 (the old PDC), DC2 (The New PDC) , DCE3 (With Exchange).
DC1 was never re-given the FSMO roles it had before. Its only domain function is BDC, and Backup Browser.
DC2 has all Roles including GC except for Infrastructure
DCE3 has only the Infrastructure, BDC and Backup Browser.
Every server in this Domain (except for DC2 and DCE3) gets an error Event ID 1058 and 1030 on login or an RDP Login, and on my TS machines with 50+ users logging off and on multiple times daily the application log on those machines gets long quickly.
Event ID 1058 is Windows cannot access file gpt.in for GPO cn={XXXXXXXXXX}
Event ID 1030 is Windows cannot query for the list of Group Policy objects.
I have tried numerous patches and hotfixes from Microsoft (I even have an open ticket with them on it, and they cannot seem to find the issue) and nothing has fixed it.
I sat down today to dig deeper.
I have gone throught the permission fix of the folders in the SYSVOL as well.
While doing this I noticed that DC1 had 20 folders inside the Policies Folder, while DC2 and DCE3 had 23. I looked in the logs of the member servers, and noticed the GPOs causing the errors were not on DC1, So I decided to force replication between the 3 of them.
DC2 can force replication to DC1 and DCE3, and DC1 and DCE3 can force replication back to DC2. DC1 and DCE3 cannot replicate to each other. They get a "The naming context specified for this replication operation is invalid" when I try. It also did not replicate the folders missing on DC1 after the forced replication.
Also the NTDS Setting names for DC2 and DCE3 say "<automatically generated>", while DC1 has long hexadecimal names (example - dfb1edda-2695-4cd2-9b79-c5
Also in the security tab for all 3 DCs, the is an Account Unknown (S1-xxxxxxxxxxxx) listed. That account has no permissions except special rights, which is grey checked.
So knowing the above information, how can I fix 1030 and 1058 Event ID errors?
ASKER
I am able to replicate (sync) using "repadmin /replicate dest-dc01 source-dc01 DC=domainname,DC=com" between all 3, but it still did not get rid of the errors or replicate the 3 missing folders to DC1.
ASKER
@Rancy
This is not a SBS Server.
DC1 is x86 2003 Enterprise, DC2 is x86 2003 R2 Enterprise, and DCE3 is x64 2008 R2 Enterprise.
Would the same apply?
Also, which DC would I run it from if so?
This is not a SBS Server.
DC1 is x86 2003 Enterprise, DC2 is x86 2003 R2 Enterprise, and DCE3 is x64 2008 R2 Enterprise.
Would the same apply?
Also, which DC would I run it from if so?
Which DC is showing these alerts ?
- Rancy
- Rancy
ASKER
I ran the ADSIEDIT.MSC from DC2 and DC1, and there appears to be nothing wrong with the domain name. It appears correct. But is shows all 23 policy folders.
DC 1 still only shows 20 policies in C:\WINDOWS\SYSVOL\domain\P
DC 1 still only shows 20 policies in C:\WINDOWS\SYSVOL\domain\P
ASKER
None of the DCs show the alert. It is on all the member servers.
What is the logon server for the Member server ?
Hope the time sync is perfect and no difference ?
Also the member server can check the Sysvol folder on the DC's ?
- Rancy
Hope the time sync is perfect and no difference ?
Also the member server can check the Sysvol folder on the DC's ?
- Rancy
ASKER
The member server can see the SysVol on all 3 DCs.
The logon server for the member server I would assume is the PDC which is DC2, but with it giving the error on policy that is not showing up on DC1, I cannot be sure.
Doing an echo %logonserve% tells me DC2, which is the current PDC.
The time is the same, they all use the same time server, and I did a w32tm /resync just to be sure on a member server.
The logon server for the member server I would assume is the PDC which is DC2, but with it giving the error on policy that is not showing up on DC1, I cannot be sure.
Doing an echo %logonserve% tells me DC2, which is the current PDC.
The time is the same, they all use the same time server, and I did a w32tm /resync just to be sure on a member server.
ASKER
What would be an issue if I copied the folders that are missing on DC1 from DC2 ?
Both are x86 2003 Ent Servers
Both are x86 2003 Ent Servers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
dcdiag /s:DC2 passed all test.
dcdiag /s:DC1 failed frsevent (event in log passed 24 hours), VerifyingReference (recommends KB312862 to fix).
Copying the file folders from DC2 ro DC1 and then doing a gpupdate /force on a member server did stop the 1058 and 1030 event codes, but I am under the belief that if I can another GPO I will be doing ihese again.
Going to looking in KB312862 and follow what it says to do.
dcdiag /s:DC1 failed frsevent (event in log passed 24 hours), VerifyingReference (recommends KB312862 to fix).
Copying the file folders from DC2 ro DC1 and then doing a gpupdate /force on a member server did stop the 1058 and 1030 event codes, but I am under the belief that if I can another GPO I will be doing ihese again.
Going to looking in KB312862 and follow what it says to do.
ASKER
Did a ADSIEDIT.msc
under the cn=system\cn=file replication service, it had a corrputed cn name for the new PDC on DC1. Corrected the name and it is now able to replicate.
under the cn=system\cn=file replication service, it had a corrputed cn name for the new PDC on DC1. Corrected the name and it is now able to replicate.
ASKER
Rancy's questioning lead me in the right direction to solve the issue myself.
Wow .... good man !! so everything working fine :)
- Rancy
- Rancy
http://support.microsoft.com/kb/888943
- Rancy