Link to home
Start Free TrialLog in
Avatar of amanzoor
amanzoorFlag for Canada

asked on

Exchange 2010 machine on server 2008 R2. The user does not have the RSOP data while gpresult /r

I am a domain admin.  Does not matter if I login in myself or as 'domain\administrator' I get 'The user does not have the RSOP data' while running the gpresult /r.  Running RSOP reveals something about permissions.  I have already tried deleting the contents of 'Repository' directory with no avail.  Tried adding and deleting the adminsitrator from different exchange security groups.  Sometimes the gpresult works and most of the tiems the 'RSOP data ' error.  Need help with it.
Avatar of SubSun
Flag of India image

Is DNS working fine?  Did you check event logs and see anything related?

Try running gpupdat /force and then try to generate RSoP.

Also check out the Group Policy Settings Associated with RSoP
Disallow Interactive Users from generating RSoP data in
(Computer and User)/Configuration/Administrative Templates/System/Group Policy
Avatar of amanzoor


DNS is all fine.  when I run gpupdate /force then the gpresult /r works fine for few hours and then again the same error.
One thing I have noticed when I try to run group policy results wizard from my domain controller for this particular exchange server, the user selection window, display policy settings forand next button are all greyed out.  Also running simply the RSOP on exchange 2010 server reveals this 'unable to generate rsop data.  Likely causes are group policy has never successfully processed............details Invalid namespace.'  When I click close the rsop would very quickly process over domain\administrator (access denied).
Help plz.
ok so under the properties of the RSOP on computer, under local computer settings, security, add workstation to the domain (big RED MARK), has two names, administrator and the user, I found this policy is the default domain policy, I made it un-defined and just restarted the exchange 2010 computer, lets see if this was the trouble.
So I restarted the machine, done gpresult /r it get stuck at, the user is part of the following security group, an unexpected error has occured.  Rsop on this machine is fine.
Do you have windows firewall enabled on exchange  server or DC?
What if you run gpresult /s Server1 /user Domain\Administrator
Is this happening on only one server?
Hi Subsun,
True I have windows firewall on both my DCs and exchange 2010.  Yes it is only happening on exchange 2010, other member servers and DCs are fine.  Let me run the command you suggesterd.

C:\Users\administrator.mydomain>gpresult /s exchange3 /user mydomain
ERROR: Invalid Syntax. This option can be specified only when /X, /H, /R, /V or
/Z is specified.
Type "GPRESULT /?" for usage.


I am sure it is something to do with the 'Microsoft Exchange security groups' OU which is made after you install exchange2010.
Just ran RSOP, found the excalamation sign again, clicked on administrator on exchange3 - RSOP, properties, general tab:
Mode: logging
user name mydomain\administrator  (ACCESS DENIED)
Display user policy settings  YES
computer name mydomain\exchange3
Display computer policy YES

Note: Its only pulling the computer config and not the user config
If firewall is enabled then You might need look at this article which talks about adding some exceptions..
Hi Subsun,
I have put the changes to my default domain policy, also manually opened the port 135 on excahgne 2010.  Also I have checked wmimgmt.msc, properties of exchange 2010, there was no mydomain\administrator anywhere so I added the domain admins to the Root and to RSOP, the advantage of this happened that the (no access over mydomain\administrator) went away in RSOP.
May be this will help:, I just ran rsop over one of my DC and under computer config, windows settings, security settings, local policies, user rights assignemtn I have the following RED CROSS:
-add workstation to domain , user, mydomain\ghostserver and some other accounts are there.
-adjust memory quotas for a process: about 7 SIDs, and some accounts, under precedence tab one account of SQL 2005..
-Allow log on locally:  server operators, printer operators and some other accounts
-Bypass traverse checking, again 7 SIDs and some accounts, in precedence an SQL server account
-log on as service: again under security policy settings same members as above
-replace a process level token: under security policy settings same members as above.

Are you able to telnet to DC from Exch server on port 135? have you made exception in windows firewall as mentioned in the article?

Also check this post for similar issue..

>cd /d %windir%\system32
>regsvr32 /n /I userenv.dll
>cd wbem
>mofcomp scersop.mof
>gpupdate /force
I thought the issue was resolved but no.  I saw that the memory on exchange was consumed too frequently so after that I  increased RAM on exchange and RSOP and gpresult /r were fine.  TOday again the same issue.  Access denied infront of mydomain\administrator account name while running RSOP.  while I run gpresult /r 'the user has no RSOP data'.  
I have not tried :
cd /d %windir%\system32
>regsvr32 /n /I userenv.dll
>cd wbem
>mofcomp scersop.mof
>gpupdate /force
yet please let me know what will this do?
Those Commands to re-register WMI components and refreshing the wmi repository..
You can also refer the following KB for RSOP related error..
Ref :
I ran regsvr32 /n /I userenv.dll and I get
The module "userenv.dll" was loaded but the entry-point DllInstall was not found
made sure that "userenv.dll" is a valid Dll or OCX file and then try again.************
While the second command is successful:
C:\Windows\System32\wbem>mofcomp scersop.mof
Microsoft (R) MOF Compiler Version 6.2.9200.16398
Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: scersop.mof
MOF file has been successfully parsed
Storing data in the repository...

I am going to update the gp and restart.  I will let you know.  I have not followed the article yet.
Still no luck.  I need help
Do you see any error related to this in event logs now ?
no errors.  I ran rsop and there is a yellow sign of exclamation, I right clicked over the computer, and checked the erros information tab, it says 'Group policy infrastructure successfull'  help plz
Avatar of SubSun
Flag of India image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial