I cannot access GPO to make changes error (0x80070574) occurred parsing file logon failure: the target account is incorrect

I cannot access GPO to make changes error (0x80070574) occurred parsing file logon failure: the target account is incorrect -

I am logged in as dc administrator

Please advise,
Carlos MarinManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
are you saying you can't open the group policy editor on a domain controller?
0
MaheshArchitectCommented:
Ensure PDC master server is running and try editing GPO on PDC server
If still issue persists, reboot the server once.
0
Mark GalvinManaging Director / Principal ConsultantCommented:
Hi

This may be a corruption of the security permisons on the GPO. I have seen this before and the fix is to right click on the GPO in question and select 'Copy'. Then right click again and select 'Paste'. You should be asked to preserve the permissions of inherit them - do no preserve, go with the other option. This will create a new polci with the name of 'Copy of XXXXXX', XXXXXX being the name of the GPO you are haivng an issue with.

You should then be able to make the changes you need. If you can delete the 'dead' policy and rename the copied policy.

Let me know
Thanks
Mark/
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Carlos MarinManagerAuthor Commented:
Hey Mark, Thanks- i did just that- but i still get the same message..... any other suggestions ???
0
Carlos MarinManagerAuthor Commented:
Mahesh, this is the PDC server...
0
Carlos MarinManagerAuthor Commented:
David, exactly what i am saying.
0
MaheshArchitectCommented:
If you logged on different server, still you getting same error?

If not, it might be that it is problem to that specific user profile and deleting profile should solve issue

U might try on same server with another domain admins ID
0
Carlos MarinManagerAuthor Commented:
I will try that...
0
Carlos MarinManagerAuthor Commented:
Same error. from another Server and/or from a different domain admin.
0
MaheshArchitectCommented:
Can you please share screen shot please

If you can run below commands on PDC and share output please
dcdiag /v
dcdiag /test:netlogons
dcdiag /test:sysvolcheck

Also check event logs on DC under file replication services for event ID 13568 - Journal Wrap
0
Carlos MarinManagerAuthor Commented:
Mahesh,,

First Diag....attached
0
Carlos MarinManagerAuthor Commented:
0
Carlos MarinManagerAuthor Commented:
second...dcdiag-test-sysvolchck
dcdiag-test-sysvolcheck.txt
0
Carlos MarinManagerAuthor Commented:
Last one-
that event id does not show-
i see a lot of: 13555-13552-13562-13512
DCdiag-v.txt
0
Carlos MarinManagerAuthor Commented:
After i ran the test- i restarted the DNS service and i was able to log on to the GPO- i added the policy needed, but the policy is not updating, even though i forced update- i have some error messages,
1112 1085 and 1058
Folder redirection....
0
MaheshArchitectCommented:
From logs it turns out that either SDC (other DC) is not operational \ already demoted
The last successful replication between PDC and SDC is in year 24th Feb 2012
U need to do metadata cleanup for failed DC

If above SDC I still alive, you need to forcefully demote it with DCPromo /forceremoval command

Remove all its traces from AD, this includes, domain controller object, Host(A) record, PTR record, SRV record, NS record and any other trace from DNS

After that restart netlogon, File replication service and dns server service on PDC and check if it works
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.