Solved

I cannot access GPO to make changes error (0x80070574) occurred parsing file logon failure: the target account is incorrect

Posted on 2014-12-08
16
1,103 Views
Last Modified: 2014-12-28
I cannot access GPO to make changes error (0x80070574) occurred parsing file logon failure: the target account is incorrect -

I am logged in as dc administrator

Please advise,
0
Comment
Question by:Carlos Marin
16 Comments
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40487054
are you saying you can't open the group policy editor on a domain controller?
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40487089
Ensure PDC master server is running and try editing GPO on PDC server
If still issue persists, reboot the server once.
0
 
LVL 13

Assisted Solution

by:Mark Galvin
Mark Galvin earned 250 total points
ID: 40488592
Hi

This may be a corruption of the security permisons on the GPO. I have seen this before and the fix is to right click on the GPO in question and select 'Copy'. Then right click again and select 'Paste'. You should be asked to preserve the permissions of inherit them - do no preserve, go with the other option. This will create a new polci with the name of 'Copy of XXXXXX', XXXXXX being the name of the GPO you are haivng an issue with.

You should then be able to make the changes you need. If you can delete the 'dead' policy and rename the copied policy.

Let me know
Thanks
Mark/
0
 

Author Comment

by:Carlos Marin
ID: 40489896
Hey Mark, Thanks- i did just that- but i still get the same message..... any other suggestions ???
0
 

Author Comment

by:Carlos Marin
ID: 40489900
Mahesh, this is the PDC server...
0
 

Author Comment

by:Carlos Marin
ID: 40489903
David, exactly what i am saying.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40490519
If you logged on different server, still you getting same error?

If not, it might be that it is problem to that specific user profile and deleting profile should solve issue

U might try on same server with another domain admins ID
0
 

Author Comment

by:Carlos Marin
ID: 40491070
I will try that...
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Carlos Marin
ID: 40491319
Same error. from another Server and/or from a different domain admin.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40492048
Can you please share screen shot please

If you can run below commands on PDC and share output please
dcdiag /v
dcdiag /test:netlogons
dcdiag /test:sysvolcheck

Also check event logs on DC under file replication services for event ID 13568 - Journal Wrap
0
 

Author Comment

by:Carlos Marin
ID: 40493009
Mahesh,,

First Diag....attached
0
 

Author Comment

by:Carlos Marin
ID: 40493011
0
 

Author Comment

by:Carlos Marin
ID: 40493017
second...dcdiag-test-sysvolchck
dcdiag-test-sysvolcheck.txt
0
 

Author Comment

by:Carlos Marin
ID: 40493032
Last one-
that event id does not show-
i see a lot of: 13555-13552-13562-13512
DCdiag-v.txt
0
 

Author Comment

by:Carlos Marin
ID: 40493868
After i ran the test- i restarted the DNS service and i was able to log on to the GPO- i added the policy needed, but the policy is not updating, even though i forced update- i have some error messages,
1112 1085 and 1058
Folder redirection....
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 250 total points
ID: 40496825
From logs it turns out that either SDC (other DC) is not operational \ already demoted
The last successful replication between PDC and SDC is in year 24th Feb 2012
U need to do metadata cleanup for failed DC

If above SDC I still alive, you need to forcefully demote it with DCPromo /forceremoval command

Remove all its traces from AD, this includes, domain controller object, Host(A) record, PTR record, SRV record, NS record and any other trace from DNS

After that restart netlogon, File replication service and dns server service on PDC and check if it works
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

30 Experts available now in Live!

Get 1:1 Help Now