Solved

Event ID 1058, 1054, Active Directory domain errors

Posted on 2014-04-04
6
6,414 Views
Last Modified: 2014-05-28
I've got a fairly new client setup which has multiple offices, connected via MPLS to a domain controller, which resides on a VM in a datacenter a few states away. A couple of times a day, for most machines, I get event ID 1058, and 1054 in the logs. I can't for the life of me figure out why. There doesn't seem to be any actual issues. No problems logging on, from any of the locations. DCdiag is perfect. DNS is set correctly. Nslookup returns info as expected. No sharing issues or other access problems. Just these lingering events. If it wasn't for events in the log, there would be zero issues, and maybe there isn't, but I'd sure like to know what was causing them. Its similar to the issues in previous OS, where media sense on a nic would cause this, but I have disabled that on the workstations to no avail. Server OS is 2008 R2. All workstations are Windows 7 x64 pro.

The first Critical Blacklist Event found: Event ID - 1058 System log - Microsoft-Windows-GroupPolicy:  The processing of Group Policy failed. Windows attempted to read the file ******** from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
0
Comment
Question by:sdholden28
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 

Author Comment

by:sdholden28
ID: 39979166
I've run gpupdate countless times on a myriad of workstations, and have never received anything other than "Group Policy update processed successfully".
0
 

Author Comment

by:sdholden28
ID: 39979176
Zero reports of any network or internet outages at any of the locations, temporary or otherwise. Software that runs daily operations is in constant use and resides in the same datacenter as the DC, so network connection issues could not go unnoticed, no matter how intermittent.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39979200
Hi,

Make sure that disable DFS is also reflecting in registery under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup.

http://support.microsoft.com/kb/314494/en
0
Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

 

Author Comment

by:sdholden28
ID: 39979228
That link is for Windows XP. That registry key does not exist in Windows 7, at least in that location.
0
 
LVL 10

Accepted Solution

by:
Pramod Ubhe earned 500 total points
ID: 39982447
In the same error message, you should be able to see a long Unique ID of the GPO that is failing. You can match this ID in the GPO console (found on the details tab when you select a GPO in GPMC) or at this location - \\domainname.com\SYSVOL\Domainname.com\Policies

Once you trace the exact policy that is giving trouble, you can see what is causing it to fail. there might be permissions issues, replication issues or network latency or anything related to that particular GPO. You can use GPRESULT /R command to see what all GPOs are applied on a computer and set logonserver to see from where those GPOs are coming from.
0
 

Author Closing Comment

by:sdholden28
ID: 40096564
Turned out to be a replication issue. Thanks for the direction.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question