Solved

Event Viewer system error

Posted on 2013-11-13
9
547 Views
Last Modified: 2013-11-17
I see this error message in Even Viewer under windows logs:

The processing of Group Policy failed. Windows attempted to read the file \\SanJoseFoothillFamilyComm.local\sysvol\SanJoseFoothillFamilyComm.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled
.

I already check a, b and c and all looks well, can someone help me whit this problem? It will be greatly appreciated. I’m willing to go as far as deleting all policies and start from scratch.
0
Comment
Question by:narce100
  • 6
  • 2
9 Comments
 
LVL 14

Expert Comment

by:BlueCompute
ID: 39646530
Hi narce100,

Indicates an issue with the default domain controller policy.  You can run gpresult /h C:\tests\gpresult.html  and also dcdiag >C:\tests\dcdiag.txt and post those here or look at the errors yourself.  Can you access the GPO in sysvol by going Start > Run > \\SanJoseFoothillFamilyComm.local\sysvol\SanJoseFoothillFamilyComm.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\  ?

Is this a single server setup or ?
0
 

Author Comment

by:narce100
ID: 39646670
I get an error when doing the run command (see attach.) I'm also posting the files for decdiag and gpresults. Thanks.
1.JPG
2.JPG
dcdiag.txt
0
 

Author Comment

by:narce100
ID: 39646673
Here's the other file
gpresult.html
gpresult.html
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39646773
Have you verified the policies folder in sysvol does the {6AC1786C-016F-11D2-945F-00C04fB984F9} guid folder exit.Check the permission on folder too.

You can also run group policy diagnosis tool to check the health of GPOhttp://support.microsoft.com/kb/940122

Also ensure correct dns setting on DC as this:http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

The dcdiag output is not executed with admin.Open the cmd as run as administrator and run dcdiag command to get correct output.Run gpupdate /force and check.

Ensure that netlogon and sysvol share is avaialble.Run net share command to verify the same.
0
 

Author Comment

by:narce100
ID: 39652175
{6AC1786C-016F-11D2-945F-00C04fB984F9} does not even exist (see attach). Do I have to rebuild sysvol?
1.JPG
0
 

Author Comment

by:narce100
ID: 39652320
Paragraph 2 applies only to Server 2003 and below
All compliant with paragraph 3
Here’s a notepad of dcdiag ran as administrator (see attach)
admindcdiag.txt
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39652843
How many Dc you have in env.From the printscreen it is clear that both default domain policy and default domain controller policy is missing.If you have other DC verify the same location for missing quid and you can perfrom authorative and non authorative restore of sysvol assuming that guid folder is present on other DC.

) Normally for an Authoritative Restore you stop at NTFRS services on all DCs.
 2) Set burflags to D4 on a known good sysvol (or at this time restore sysvol data from backup then set burflags to D4) then start NTFRS on this server.  You may want to rename the old folders with .old extensions prior to restoring good data.
 3) Clean up the folders on all the remaining servers (Policies, Scripts, etc) - renamed them with .old extensions.
 4) Set burflags to D2 on all remaining servers and start NTFRS.
 5) Wait for FRS to replicate.
 6) Clean up the .old stuff if things look good.
 
This is probably what you need to do to get it back.Essentially the "http://support.microsoft.com/kb/290762/" article.
 
Kindly take the backup of the sysvol folder of all DC that is copy paste the content of the sysvol to temp location and perform the authorative and non authorative restore of sysvol as mentioned above.

If you have single DC then if you have old sysvol backup(folder) or systemstate backup of the server you can restore the sysvol folder to alternate location and copy the gui 6AC1786C-016F-11D2-945F-00C04fB984F9(default domain controller polciy) and 31B2F340-016D-11D2-945F-00C04FB984F9(default domain policy)  to sysvol folder.http://support.microsoft.com/kb/216359

In case if you dont have backup you need to run only dcgpofix /target:DC as this reset only default DC policy only if you run dcgpofix /target:Domain this will also rest domain policy which is required as default domain policy guid is also missing:http://technet.microsoft.com/en-us/library/hh875588.aspx

Note IMP:However not that after reseting the GPO only default setting will be available.More on dcgpofix refer KB:http://support.microsoft.com/kb/833783
 
Hope this helps
0
 

Author Comment

by:narce100
ID: 39655506
I've requested that this question be closed as follows:

Accepted answer: 0 points for narce100's comment #a39652320

for the following reason:

I followed your suggestions on the last post and it worked for me.
Thank you very much
0
 

Author Closing Comment

by:narce100
ID: 39655507
I followed your suggestions on the last post and it worked for me.
Thank you very much
0

Join & Write a Comment

Resolve DNS query failed errors for Exchange
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now