Getting an Event ID 1058 Group Policy error on Windows Server 2008

Hello.  We have a couple Windows servers on our Server 2008R2 network where we are seeing a group policy 1058 error.  We started searching the logs due to strange connection losses and slowness in our ERP and warehouse mgmt systems where users were complaining about "freeze ups" and other things not working.  We are just starting our investigation as to what could be wrong, and found these errors.  there may be others.  Here is the error message:

The processing of Group Policy failed. Windows attempted to read the file \\lacoinc1.local\sysvol\lacoinc1.local\Policies\{FCF440CF-78C1-4AB1-BAFE-FFED098F5E9B}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Damian_GardnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Damian_GardnerAuthor Commented:
Update:  I'm looking at the Event DETAILS tab on the error, and I'm seeing an OLD DC listed in there - one that we have decommissioned (called IAFWEBAPPS).  New DC should be "LACOAD1".

EventData

  SupportInfo1 4
  SupportInfo2 816
  ProcessingMode 0
  ProcessingTimeInMilliseconds 655
  ErrorCode 1396
  ErrorDescription Logon Failure: The target account name is incorrect.  
  DCName IAFWEBAPPS.lacoinc1.local
  GPOCNName cn={FCF440CF-78C1-4AB1-BAFE-FFED098F5E9B},cn=policies,cn=system,DC=lacoinc1,DC=local
  FilePath \\lacoinc1.local\sysvol\lacoinc1.local\Policies\{FCF440CF-78C1-4AB1-BAFE-FFED098F5E9B}\gpt.ini
0
Damian_GardnerAuthor Commented:
Ok - this seems to be a problem with the server attempting to connect to the wrong server (a non existent one) to get it's group policy updates.  Question now is how to correct it.  A gpupdate /force gives this:

C:\Users\dgardner>gpupdate /force
Updating Policy...

User policy could not be updated successfully. The following errors were encount
ered:

The processing of Group Policy failed. Windows attempted to read the file \\laco
inc1.local\sysvol\lacoinc1.local\Policies\{FCF440CF-78C1-4AB1-BAFE-FFED098F5E9B}
\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and
 could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
0
DrDave242Commented:
It sounds like that DC (IAFWEBAPPS) was removed from the network without first being demoted, either because it crashed and couldn't be recovered or because someone simply forgot to demote it. Fortunately, this is a pretty common problem with a pretty easy fix: on one of your remaining DCs, perform a metadata cleanup to remove the old DC from Active Directory.

There are several different methods shown in that article; any of them should work in Server 2008 and above. If you prefer, there's also the old-school method. It takes a little longer and requires more effort, but you also get to see a little more of what's going on under the hood.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Damian_GardnerAuthor Commented:
Hi DrDave.  Actually, we did demote it, and followed a procedure for cleaning up the AD for it.  But - I found old references to it on the DNs and have cleaned them out.  I also flushed the DNS on the server in question, and re-registered the DNS, which has done the trick.  Thank you for your help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.