Solved

Exchange 2010 machine on server 2008 R2.  The user does not have the RSOP data while gpresult /r

Posted on 2013-01-05
16
882 Views
Last Modified: 2013-02-21
Hi,
I am a domain admin.  Does not matter if I login in myself or as 'domain\administrator' I get 'The user does not have the RSOP data' while running the gpresult /r.  Running RSOP reveals something about permissions.  I have already tried deleting the contents of 'Repository' directory with no avail.  Tried adding and deleting the adminsitrator from different exchange security groups.  Sometimes the gpresult works and most of the tiems the 'RSOP data ' error.  Need help with it.
Thanks
0
Comment
Question by:amanzoor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
16 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 38748952
Is DNS working fine?  Did you check event logs and see anything related?

Try running gpupdat /force and then try to generate RSoP.

Also check out the Group Policy Settings Associated with RSoP
Disallow Interactive Users from generating RSoP data in
(Computer and User)/Configuration/Administrative Templates/System/Group Policy
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38753310
subsun,
DNS is all fine.  when I run gpupdate /force then the gpresult /r works fine for few hours and then again the same error.
One thing I have noticed when I try to run group policy results wizard from my domain controller for this particular exchange server, the user selection window, display policy settings forand next button are all greyed out.  Also running simply the RSOP on exchange 2010 server reveals this 'unable to generate rsop data.  Likely causes are group policy has never successfully processed............details Invalid namespace.'  When I click close the rsop would very quickly process over domain\administrator (access denied).
Help plz.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38753330
ok so under the properties of the RSOP on computer, under local computer settings, security, add workstation to the domain (big RED MARK), has two names, administrator and the user, I found this policy is the default domain policy, I made it un-defined and just restarted the exchange 2010 computer, lets see if this was the trouble.
So I restarted the machine, done gpresult /r it get stuck at, the user is part of the following security group, an unexpected error has occured.  Rsop on this machine is fine.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 40

Expert Comment

by:Subsun
ID: 38753364
Do you have windows firewall enabled on exchange  server or DC?
What if you run gpresult /s Server1 /user Domain\Administrator
Is this happening on only one server?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38756033
Hi Subsun,
True I have windows firewall on both my DCs and exchange 2010.  Yes it is only happening on exchange 2010, other member servers and DCs are fine.  Let me run the command you suggesterd.

C:\Users\administrator.mydomain>gpresult /s exchange3 /user mydomain
\administrator
ERROR: Invalid Syntax. This option can be specified only when /X, /H, /R, /V or
/Z is specified.
Type "GPRESULT /?" for usage.

C:\Users\administrator.mydomain>

I am sure it is something to do with the 'Microsoft Exchange security groups' OU which is made after you install exchange2010.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38756062
Just ran RSOP, found the excalamation sign again, clicked on administrator on exchange3 - RSOP, properties, general tab:
Mode: logging
user name mydomain\administrator  (ACCESS DENIED)
Display user policy settings  YES
computer name mydomain\exchange3
Display computer policy YES

Note: Its only pulling the computer config and not the user config
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38756214
If firewall is enabled then You might need look at this article which talks about adding some exceptions..
http://technet.microsoft.com/en-us/library/cc782615%28v=ws.10%29.aspx
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38756415
Hi Subsun,
I have put the changes to my default domain policy, also manually opened the port 135 on excahgne 2010.  Also I have checked wmimgmt.msc, properties of exchange 2010, there was no mydomain\administrator anywhere so I added the domain admins to the Root and to RSOP, the advantage of this happened that the (no access over mydomain\administrator) went away in RSOP.
May be this will help:, I just ran rsop over one of my DC and under computer config, windows settings, security settings, local policies, user rights assignemtn I have the following RED CROSS:
-add workstation to domain , user, mydomain\ghostserver and some other accounts are there.
-adjust memory quotas for a process: about 7 SIDs, and some accounts, under precedence tab one account of SQL 2005..
-Allow log on locally:  server operators, printer operators and some other accounts
-Bypass traverse checking, again 7 SIDs and some accounts, in precedence an SQL server account
-log on as service: again under security policy settings same members as above
-replace a process level token: under security policy settings same members as above.

Help
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38756557
Are you able to telnet to DC from Exch server on port 135? have you made exception in windows firewall as mentioned in the article?

Also check this post for similar issue..
http://www.itnewsgroups.net/windowsserver/t14508-gpresult-access-denied.aspx

>cd /d %windir%\system32
>regsvr32 /n /I userenv.dll
>cd wbem
>mofcomp scersop.mof
>gpupdate /force
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38764900
subsun,
I thought the issue was resolved but no.  I saw that the memory on exchange was consumed too frequently so after that I  increased RAM on exchange and RSOP and gpresult /r were fine.  TOday again the same issue.  Access denied infront of mydomain\administrator account name while running RSOP.  while I run gpresult /r 'the user has no RSOP data'.  
I have not tried :
cd /d %windir%\system32
>regsvr32 /n /I userenv.dll
>cd wbem
>mofcomp scersop.mof
>gpupdate /force
yet please let me know what will this do?
Thanks
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38765012
Those Commands to re-register WMI components and refreshing the wmi repository..
You can also refer the following KB for RSOP related error..
Ref : http://support.microsoft.com/kb/977755
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38765728
I ran regsvr32 /n /I userenv.dll and I get
**************RegSvr32
The module "userenv.dll" was loaded but the entry-point DllInstall was not found
made sure that "userenv.dll" is a valid Dll or OCX file and then try again.************
While the second command is successful:
C:\Windows\System32\wbem>mofcomp scersop.mof
Microsoft (R) MOF Compiler Version 6.2.9200.16398
Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: scersop.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!

I am going to update the gp and restart.  I will let you know.  I have not followed the article yet.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38820200
Still no luck.  I need help
0
 
LVL 40

Expert Comment

by:Subsun
ID: 38820481
Do you see any error related to this in event logs now ?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 38861185
no errors.  I ran rsop and there is a yellow sign of exclamation, I right clicked over the computer, and checked the erros information tab, it says 'Group policy infrastructure successfull'  help plz
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 38865252
Sorry.. I am out of suggestions, You can click on request attention button and ask Mod's to send a alert to other experts and see if it helps.. or log a call with Microsoft..
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question