Solved

Event ID 1058, 1054, Active Directory domain errors

Posted on 2014-04-04
6
6,263 Views
Last Modified: 2014-05-28
I've got a fairly new client setup which has multiple offices, connected via MPLS to a domain controller, which resides on a VM in a datacenter a few states away. A couple of times a day, for most machines, I get event ID 1058, and 1054 in the logs. I can't for the life of me figure out why. There doesn't seem to be any actual issues. No problems logging on, from any of the locations. DCdiag is perfect. DNS is set correctly. Nslookup returns info as expected. No sharing issues or other access problems. Just these lingering events. If it wasn't for events in the log, there would be zero issues, and maybe there isn't, but I'd sure like to know what was causing them. Its similar to the issues in previous OS, where media sense on a nic would cause this, but I have disabled that on the workstations to no avail. Server OS is 2008 R2. All workstations are Windows 7 x64 pro.

The first Critical Blacklist Event found: Event ID - 1058 System log - Microsoft-Windows-GroupPolicy:  The processing of Group Policy failed. Windows attempted to read the file ******** from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
0
Comment
Question by:sdholden28
  • 4
6 Comments
 

Author Comment

by:sdholden28
ID: 39979166
I've run gpupdate countless times on a myriad of workstations, and have never received anything other than "Group Policy update processed successfully".
0
 

Author Comment

by:sdholden28
ID: 39979176
Zero reports of any network or internet outages at any of the locations, temporary or otherwise. Software that runs daily operations is in constant use and resides in the same datacenter as the DC, so network connection issues could not go unnoticed, no matter how intermittent.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39979200
Hi,

Make sure that disable DFS is also reflecting in registery under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup.

http://support.microsoft.com/kb/314494/en
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:sdholden28
ID: 39979228
That link is for Windows XP. That registry key does not exist in Windows 7, at least in that location.
0
 
LVL 10

Accepted Solution

by:
Pramod Ubhe earned 500 total points
ID: 39982447
In the same error message, you should be able to see a long Unique ID of the GPO that is failing. You can match this ID in the GPO console (found on the details tab when you select a GPO in GPMC) or at this location - \\domainname.com\SYSVOL\Domainname.com\Policies

Once you trace the exact policy that is giving trouble, you can see what is causing it to fail. there might be permissions issues, replication issues or network latency or anything related to that particular GPO. You can use GPRESULT /R command to see what all GPOs are applied on a computer and set logonserver to see from where those GPOs are coming from.
0
 

Author Closing Comment

by:sdholden28
ID: 40096564
Turned out to be a replication issue. Thanks for the direction.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question