Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 582
  • Last Modified:

Event Viewer system error

I see this error message in Even Viewer under windows logs:

The processing of Group Policy failed. Windows attempted to read the file \\SanJoseFoothillFamilyComm.local\sysvol\SanJoseFoothillFamilyComm.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled
.

I already check a, b and c and all looks well, can someone help me whit this problem? It will be greatly appreciated. I’m willing to go as far as deleting all policies and start from scratch.
0
narce100
Asked:
narce100
  • 6
  • 2
1 Solution
 
BlueComputeCommented:
Hi narce100,

Indicates an issue with the default domain controller policy.  You can run gpresult /h C:\tests\gpresult.html  and also dcdiag >C:\tests\dcdiag.txt and post those here or look at the errors yourself.  Can you access the GPO in sysvol by going Start > Run > \\SanJoseFoothillFamilyComm.local\sysvol\SanJoseFoothillFamilyComm.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\  ?

Is this a single server setup or ?
0
 
narce100Author Commented:
I get an error when doing the run command (see attach.) I'm also posting the files for decdiag and gpresults. Thanks.
1.JPG
2.JPG
dcdiag.txt
0
 
narce100Author Commented:
Here's the other file
gpresult.html
gpresult.html
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
SandeshdubeyCommented:
Have you verified the policies folder in sysvol does the {6AC1786C-016F-11D2-945F-00C04fB984F9} guid folder exit.Check the permission on folder too.

You can also run group policy diagnosis tool to check the health of GPOhttp://support.microsoft.com/kb/940122

Also ensure correct dns setting on DC as this:http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

The dcdiag output is not executed with admin.Open the cmd as run as administrator and run dcdiag command to get correct output.Run gpupdate /force and check.

Ensure that netlogon and sysvol share is avaialble.Run net share command to verify the same.
0
 
narce100Author Commented:
{6AC1786C-016F-11D2-945F-00C04fB984F9} does not even exist (see attach). Do I have to rebuild sysvol?
1.JPG
0
 
narce100Author Commented:
Paragraph 2 applies only to Server 2003 and below
All compliant with paragraph 3
Here’s a notepad of dcdiag ran as administrator (see attach)
admindcdiag.txt
0
 
SandeshdubeyCommented:
How many Dc you have in env.From the printscreen it is clear that both default domain policy and default domain controller policy is missing.If you have other DC verify the same location for missing quid and you can perfrom authorative and non authorative restore of sysvol assuming that guid folder is present on other DC.

) Normally for an Authoritative Restore you stop at NTFRS services on all DCs.
 2) Set burflags to D4 on a known good sysvol (or at this time restore sysvol data from backup then set burflags to D4) then start NTFRS on this server.  You may want to rename the old folders with .old extensions prior to restoring good data.
 3) Clean up the folders on all the remaining servers (Policies, Scripts, etc) - renamed them with .old extensions.
 4) Set burflags to D2 on all remaining servers and start NTFRS.
 5) Wait for FRS to replicate.
 6) Clean up the .old stuff if things look good.
 
This is probably what you need to do to get it back.Essentially the "http://support.microsoft.com/kb/290762/" article.
 
Kindly take the backup of the sysvol folder of all DC that is copy paste the content of the sysvol to temp location and perform the authorative and non authorative restore of sysvol as mentioned above.

If you have single DC then if you have old sysvol backup(folder) or systemstate backup of the server you can restore the sysvol folder to alternate location and copy the gui 6AC1786C-016F-11D2-945F-00C04fB984F9(default domain controller polciy) and 31B2F340-016D-11D2-945F-00C04FB984F9(default domain policy)  to sysvol folder.http://support.microsoft.com/kb/216359

In case if you dont have backup you need to run only dcgpofix /target:DC as this reset only default DC policy only if you run dcgpofix /target:Domain this will also rest domain policy which is required as default domain policy guid is also missing:http://technet.microsoft.com/en-us/library/hh875588.aspx

Note IMP:However not that after reseting the GPO only default setting will be available.More on dcgpofix refer KB:http://support.microsoft.com/kb/833783
 
Hope this helps
0
 
narce100Author Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for narce100's comment #a39652320

for the following reason:

I followed your suggestions on the last post and it worked for me.
Thank you very much
0
 
narce100Author Commented:
I followed your suggestions on the last post and it worked for me.
Thank you very much
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now