Solved

Event Viewer system error

Posted on 2013-11-13
9
551 Views
Last Modified: 2013-11-17
I see this error message in Even Viewer under windows logs:

The processing of Group Policy failed. Windows attempted to read the file \\SanJoseFoothillFamilyComm.local\sysvol\SanJoseFoothillFamilyComm.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled
.

I already check a, b and c and all looks well, can someone help me whit this problem? It will be greatly appreciated. I’m willing to go as far as deleting all policies and start from scratch.
0
Comment
Question by:narce100
  • 6
  • 2
9 Comments
 
LVL 14

Expert Comment

by:BlueCompute
ID: 39646530
Hi narce100,

Indicates an issue with the default domain controller policy.  You can run gpresult /h C:\tests\gpresult.html  and also dcdiag >C:\tests\dcdiag.txt and post those here or look at the errors yourself.  Can you access the GPO in sysvol by going Start > Run > \\SanJoseFoothillFamilyComm.local\sysvol\SanJoseFoothillFamilyComm.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\  ?

Is this a single server setup or ?
0
 

Author Comment

by:narce100
ID: 39646670
I get an error when doing the run command (see attach.) I'm also posting the files for decdiag and gpresults. Thanks.
1.JPG
2.JPG
dcdiag.txt
0
 

Author Comment

by:narce100
ID: 39646673
Here's the other file
gpresult.html
gpresult.html
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39646773
Have you verified the policies folder in sysvol does the {6AC1786C-016F-11D2-945F-00C04fB984F9} guid folder exit.Check the permission on folder too.

You can also run group policy diagnosis tool to check the health of GPOhttp://support.microsoft.com/kb/940122

Also ensure correct dns setting on DC as this:http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

The dcdiag output is not executed with admin.Open the cmd as run as administrator and run dcdiag command to get correct output.Run gpupdate /force and check.

Ensure that netlogon and sysvol share is avaialble.Run net share command to verify the same.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:narce100
ID: 39652175
{6AC1786C-016F-11D2-945F-00C04fB984F9} does not even exist (see attach). Do I have to rebuild sysvol?
1.JPG
0
 

Author Comment

by:narce100
ID: 39652320
Paragraph 2 applies only to Server 2003 and below
All compliant with paragraph 3
Here’s a notepad of dcdiag ran as administrator (see attach)
admindcdiag.txt
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39652843
How many Dc you have in env.From the printscreen it is clear that both default domain policy and default domain controller policy is missing.If you have other DC verify the same location for missing quid and you can perfrom authorative and non authorative restore of sysvol assuming that guid folder is present on other DC.

) Normally for an Authoritative Restore you stop at NTFRS services on all DCs.
 2) Set burflags to D4 on a known good sysvol (or at this time restore sysvol data from backup then set burflags to D4) then start NTFRS on this server.  You may want to rename the old folders with .old extensions prior to restoring good data.
 3) Clean up the folders on all the remaining servers (Policies, Scripts, etc) - renamed them with .old extensions.
 4) Set burflags to D2 on all remaining servers and start NTFRS.
 5) Wait for FRS to replicate.
 6) Clean up the .old stuff if things look good.
 
This is probably what you need to do to get it back.Essentially the "http://support.microsoft.com/kb/290762/" article.
 
Kindly take the backup of the sysvol folder of all DC that is copy paste the content of the sysvol to temp location and perform the authorative and non authorative restore of sysvol as mentioned above.

If you have single DC then if you have old sysvol backup(folder) or systemstate backup of the server you can restore the sysvol folder to alternate location and copy the gui 6AC1786C-016F-11D2-945F-00C04fB984F9(default domain controller polciy) and 31B2F340-016D-11D2-945F-00C04FB984F9(default domain policy)  to sysvol folder.http://support.microsoft.com/kb/216359

In case if you dont have backup you need to run only dcgpofix /target:DC as this reset only default DC policy only if you run dcgpofix /target:Domain this will also rest domain policy which is required as default domain policy guid is also missing:http://technet.microsoft.com/en-us/library/hh875588.aspx

Note IMP:However not that after reseting the GPO only default setting will be available.More on dcgpofix refer KB:http://support.microsoft.com/kb/833783
 
Hope this helps
0
 

Author Comment

by:narce100
ID: 39655506
I've requested that this question be closed as follows:

Accepted answer: 0 points for narce100's comment #a39652320

for the following reason:

I followed your suggestions on the last post and it worked for me.
Thank you very much
0
 

Author Closing Comment

by:narce100
ID: 39655507
I followed your suggestions on the last post and it worked for me.
Thank you very much
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now