Solved

EventID 1030 and 1058

Posted on 2013-05-28
6
291 Views
Last Modified: 2013-06-09
Hey guys

Ok, yesterday I had lots of issues with my server and I was able to get people logging in by running the D4 restore.  They are somewhat able to login now but now all the directories
under \\computername\sysvol\computername\ is blank.

Before I had this whole mess come down on me, the sysvol area had a lot of directories and I was smart enough to back them up to a separate directory (same partition).  In fact, I backed up the Policies and the Domain information.

The adsiedit says that those diretories should be there verbatim.  The question now stands, can I simply stop ntfrs and netlogon services, restore those directories back where they were before and restart the ntfrs and netlogon services since there is nothing there except for one directory which name says to NOT delete.

The error log says that the gpt.ini file is not available.  If I go to my backup I see the gpt.ini file in there where its supposed to be.

Since the directories are well documented directories (and not just random numbers) I would think that a restore from backup would solve a lot of issues (some of the users are able to login to their PCs but are getting group policy erros and a host of other nuisance problems)

I did happen to see some help from microsoft on how to rebuild the diretories under the sysvol directory.  I will probably check that out if no help is forthcoming from here.
0
Comment
Question by:jonmenefee
  • 5
6 Comments
 

Author Comment

by:jonmenefee
ID: 39203630
Here is the article I found (the bottom of the article at least)

Link is:  http://support.microsoft.com/kb/315457


How to temporarily stabilize the domain SYSVOL tree
1.Stop FRS on all domain controllers in the domain and set the service to Disabled.
2.Manually copy the full set of policies to the following folder on each domain controller:
\SYSVOL\SYSVOL\dns domain name\policies
Typically, the following two policies are required for authentication: ¿Default Domain Controllers Policy {6AC1786C-016F-11D2-945F-00C04fB984F9}
¿ Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}

Note You may have to copy additional policies depending on Group Policy requirements for the environment.
3. Manually copy all necessary scripts to the following folder:
\SYSVOL\SYSVOL\DNS Domain name\scripts
0
 

Author Comment

by:jonmenefee
ID: 39203633
Right now, none of those directories exist on the reference domain controller.  I dont know if I even backed up enough folders.

I wonder if a backup from a month ago of the directories would be any good.  This network only has about 5 people on it.
0
 
LVL 9

Expert Comment

by:Zenvenky
ID: 39203710
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:jonmenefee
ID: 39204567
I just read the link and thanks but this 1030 and 1058 error is being generated on the reference domain controller itself :-(
0
 

Accepted Solution

by:
jonmenefee earned 0 total points
ID: 39220529
I went ahead and backed up the servers, wiped and rebuilt them with SBS 2011 and Server 2012.  It was only 5 users so it wasnt that bad.  Just a lot of backing up and restoring of email boxes that had not seen use in a few years but still needed to be retained.
0
 

Author Closing Comment

by:jonmenefee
ID: 39232760
Unfortunately there was no other help and since this ticket had been open for so long with no other help, I decided to just close it.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now