Solved

Exchange 2010 machine on server 2008 R2.  The user does not have the RSOP data while gpresult /r

Posted on 2013-01-05
16
828 Views
Last Modified: 2013-02-21
Hi,
I am a domain admin.  Does not matter if I login in myself or as 'domain\administrator' I get 'The user does not have the RSOP data' while running the gpresult /r.  Running RSOP reveals something about permissions.  I have already tried deleting the contents of 'Repository' directory with no avail.  Tried adding and deleting the adminsitrator from different exchange security groups.  Sometimes the gpresult works and most of the tiems the 'RSOP data ' error.  Need help with it.
Thanks
0
Comment
Question by:amanzoor
  • 9
  • 7
16 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 38748952
Is DNS working fine?  Did you check event logs and see anything related?

Try running gpupdat /force and then try to generate RSoP.

Also check out the Group Policy Settings Associated with RSoP
Disallow Interactive Users from generating RSoP data in
(Computer and User)/Configuration/Administrative Templates/System/Group Policy
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38753310
subsun,
DNS is all fine.  when I run gpupdate /force then the gpresult /r works fine for few hours and then again the same error.
One thing I have noticed when I try to run group policy results wizard from my domain controller for this particular exchange server, the user selection window, display policy settings forand next button are all greyed out.  Also running simply the RSOP on exchange 2010 server reveals this 'unable to generate rsop data.  Likely causes are group policy has never successfully processed............details Invalid namespace.'  When I click close the rsop would very quickly process over domain\administrator (access denied).
Help plz.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38753330
ok so under the properties of the RSOP on computer, under local computer settings, security, add workstation to the domain (big RED MARK), has two names, administrator and the user, I found this policy is the default domain policy, I made it un-defined and just restarted the exchange 2010 computer, lets see if this was the trouble.
So I restarted the machine, done gpresult /r it get stuck at, the user is part of the following security group, an unexpected error has occured.  Rsop on this machine is fine.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38753364
Do you have windows firewall enabled on exchange  server or DC?
What if you run gpresult /s Server1 /user Domain\Administrator
Is this happening on only one server?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38756033
Hi Subsun,
True I have windows firewall on both my DCs and exchange 2010.  Yes it is only happening on exchange 2010, other member servers and DCs are fine.  Let me run the command you suggesterd.

C:\Users\administrator.mydomain>gpresult /s exchange3 /user mydomain
\administrator
ERROR: Invalid Syntax. This option can be specified only when /X, /H, /R, /V or
/Z is specified.
Type "GPRESULT /?" for usage.

C:\Users\administrator.mydomain>

I am sure it is something to do with the 'Microsoft Exchange security groups' OU which is made after you install exchange2010.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38756062
Just ran RSOP, found the excalamation sign again, clicked on administrator on exchange3 - RSOP, properties, general tab:
Mode: logging
user name mydomain\administrator  (ACCESS DENIED)
Display user policy settings  YES
computer name mydomain\exchange3
Display computer policy YES

Note: Its only pulling the computer config and not the user config
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38756214
If firewall is enabled then You might need look at this article which talks about adding some exceptions..
http://technet.microsoft.com/en-us/library/cc782615%28v=ws.10%29.aspx
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38756415
Hi Subsun,
I have put the changes to my default domain policy, also manually opened the port 135 on excahgne 2010.  Also I have checked wmimgmt.msc, properties of exchange 2010, there was no mydomain\administrator anywhere so I added the domain admins to the Root and to RSOP, the advantage of this happened that the (no access over mydomain\administrator) went away in RSOP.
May be this will help:, I just ran rsop over one of my DC and under computer config, windows settings, security settings, local policies, user rights assignemtn I have the following RED CROSS:
-add workstation to domain , user, mydomain\ghostserver and some other accounts are there.
-adjust memory quotas for a process: about 7 SIDs, and some accounts, under precedence tab one account of SQL 2005..
-Allow log on locally:  server operators, printer operators and some other accounts
-Bypass traverse checking, again 7 SIDs and some accounts, in precedence an SQL server account
-log on as service: again under security policy settings same members as above
-replace a process level token: under security policy settings same members as above.

Help
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 40

Expert Comment

by:Subsun
ID: 38756557
Are you able to telnet to DC from Exch server on port 135? have you made exception in windows firewall as mentioned in the article?

Also check this post for similar issue..
http://www.itnewsgroups.net/windowsserver/t14508-gpresult-access-denied.aspx

>cd /d %windir%\system32
>regsvr32 /n /I userenv.dll
>cd wbem
>mofcomp scersop.mof
>gpupdate /force
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38764900
subsun,
I thought the issue was resolved but no.  I saw that the memory on exchange was consumed too frequently so after that I  increased RAM on exchange and RSOP and gpresult /r were fine.  TOday again the same issue.  Access denied infront of mydomain\administrator account name while running RSOP.  while I run gpresult /r 'the user has no RSOP data'.  
I have not tried :
cd /d %windir%\system32
>regsvr32 /n /I userenv.dll
>cd wbem
>mofcomp scersop.mof
>gpupdate /force
yet please let me know what will this do?
Thanks
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38765012
Those Commands to re-register WMI components and refreshing the wmi repository..
You can also refer the following KB for RSOP related error..
Ref : http://support.microsoft.com/kb/977755
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38765728
I ran regsvr32 /n /I userenv.dll and I get
**************RegSvr32
The module "userenv.dll" was loaded but the entry-point DllInstall was not found
made sure that "userenv.dll" is a valid Dll or OCX file and then try again.************
While the second command is successful:
C:\Windows\System32\wbem>mofcomp scersop.mof
Microsoft (R) MOF Compiler Version 6.2.9200.16398
Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: scersop.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!

I am going to update the gp and restart.  I will let you know.  I have not followed the article yet.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38820200
Still no luck.  I need help
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38820481
Do you see any error related to this in event logs now ?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38861185
no errors.  I ran rsop and there is a yellow sign of exclamation, I right clicked over the computer, and checked the erros information tab, it says 'Group policy infrastructure successfull'  help plz
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 38865252
Sorry.. I am out of suggestions, You can click on request attention button and ask Mod's to send a alert to other experts and see if it helps.. or log a call with Microsoft..
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
how to add IIS SMTP to handle application/Scanner relays into office 365.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now