Link to home
Start Free TrialLog in
Avatar of it_gsr

asked on

GPO error 1058

Hi there,

I have 5 DCs in one location as BC1 (PDC), BC2, WC1, WC2 (all W2k8R2), BC3 (W2k3) and WC7 and EC1 (W2k8R2) both in two different remote locations.

1.      I’m getting event 1058 on all the DCs in location one every 5 minutes except on BC3 and non on WC7 and EC1.
2.      Can’t access \\\sysvol &netlogon on BC1,BC2,WC1,WC2 but can access them with \\server\sysvol &netlogons on the individual servers.
3.      I Can access \\\sysvol &netlogons on WC7,EC1 and BC3 as well as on the individual servers.
4.      Gpupdate /force comes up with “User policy could not be updated successfully. The following errors were encountered: The processing of group policy fail” on BC1, BC2, WC1, WC2 but not on BC3,WC7 and EC1. And that particular gpo is the domain controller’s gpo and it  exist in all the Sysvol folders on all the DCs.
5.      I get the error attached on BC1,BC2,WC1,WC2
when changes are done under “computer configuration\policies\windows settings\security settings\advanced audit policy configuration” but no issue on BC3,WC7 and EC1. Changes done in the same “advanced audit policy configuration” on BC3,WC7 and EC1 gets saved but never replicates to BC1,BC2,WC1,WC2 (this almost happens to every gpo I tested this on)
6.      Changes in other configurations replicates to all the DCs.
I have check the DNS and replications and seems to be fine. Need more help to fix these issues.

Many thanks.
Avatar of Raheman M. Abdul
Raheman M. Abdul
Flag of United Kingdom of Great Britain and Northern Ireland image

what error occurs when you try \\\sysvol ?
try after resetting DNS server service
On the servers check the shares are OK by running "net share"

Try with the IP address instead of FQDN locally   \\IPAddress\...

See if you can access the SYSVOL folder from the client machines via UNC path \\ipaddressDC and \\FQDNofDC (check the TCP/IP configuration of the network card of the clients to verify that the preferred DNS server is pointed to the correct DNS server in the domain)

Check the permissons on SYSVOL and compare with working ones.

Make sure you have the right DNS entries and no incorrect entries or duplicate entries
Avatar of Ganesamoorthy S
Ganesamoorthy S

Check is the SYSVOL been shared, and also check the FRS service status

Re-start FRS service and check the FRS event log

If require do D2 to resolve the issue
Avatar of it_gsr


Raheman, i have check and there are not traces of any old server demoted that are still in the system.
Net share list both sysvol and netlogon on all the DCs and i can access both folders using the \\servername or IP\sysvol on all the Dcs. Have also manually compare the both share and security settings on them and they are ok. check on TCP/IP configuration is also ok.

Burhan, \\domain\sysvol comes up with network error "windows cannot access\\domain\sysvol"
Kindly see the other errors in the attached file.

Additional information, dcdiag test on BC3 show below:
Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
            Invalid service type: RpcSs on BC3, current value

            WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS

         * Checking Service: DnsCache
            Invalid service startup type: DnsCache on BC3, current value

            DEMAND_START, expected value AUTO_START.

Dcdiag test on WC7 and EC1 also show below

Starting test: FrsEvent

         * The File Replication Service Event log test
         The event log File Replication Service on server W7
         could not be queried, error 0x6ba "The RPC server is unavailable."

    Both servers failed  FrsEvent, KccEvent and SystemLog test.

Screenshot of the errors are in the attached file.
Avatar of it_gsr

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial