Solved

Domain Administrator account.  C:\> GPRESULT /R    we get ERROR: Access Denied.    ??

Posted on 2016-11-21
6
149 Views
Last Modified: 2016-11-22
We have a Win2008R2 server giving us a headache, just started the other day, after we ran a Windows Update.    Only One role on this server which is Remote Desktop Services.

We seem to now be a RESTRICTED user even though we are logging as the Domain Administrator.    

My 1st hint was when running C:\> GPRESULT /R    we get ERROR: Access Denied.  
The related rsop.mmc also fails also "Access Denied"
Other commands return "not enough space on the disk",
   such as trying to run  
C:\Windows\System32\wbem>mofcomp scersop.mof
Microsoft (R) MOF Compiler Version 6.3.9600.16384
Copyright (c) Microsoft Corp. 1997-2006. All rights reserved.
Parsing MOF file: scersop.mof
MOF file has been successfully parsed
Storing data in the repository...
An error occurred while opening the namespace for object 1 defined on lines 10 -  13:
Error Number: 0x80070070, Facility: Win32
Description: There is not enough space on the disk.
Compiler returned error 0x80070070

Open in new window


Lots of space 100+ GBs free on C:.   Somewhere the Computer is restricted.     I just can't figure how to narrow it down.  
All of the issues seem related.  I've seen on this for days,   I sure need some fresh ideas on how to fix.

Please share some clues !
0
Comment
Question by:JReam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Accepted Solution

by:
Justin Moore earned 250 total points
ID: 41896784
I would start be uninstalling the update that caused the problem. Do yo know what it is and how to find it? If not do a system restore prior to the update.
0
 
LVL 28

Assisted Solution

by:masnrock
masnrock earned 200 total points
ID: 41896946
Was this machine a DC? If not, you may need to remove from domain and rejoin it.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 50 total points
ID: 41897255
Be aware that with UAC on, a domain admin is a normal user until he elevates.
So right click cmd.exe and select "run as administrator" and retry the gpresult/rsop.msc commands.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 1

Author Comment

by:JReam
ID: 41897387
KB3159398 was the CULPRIT which was installed on the AD controllers early last week.    That KB totally whacked our production RDS servers and every test and temporary RDS VM we tried at hello to the domain.      Extra nasty because once the GPOs were applied it caused the target RDS Machines to be hosed badly and permanently even if we later disjoined the domain.   We still don't know exactly what broke within the RDS machines.    What a headache.

Our fix was to:  
1)  Uninstall KB3159398 from all AD controllers
2)  Restore all RDS servers from backup.  

That KB3159398 wasted many days for us.  This KB should be used with extreme caution.   The Web Link to the KB documents shows quite a bunch of  stuff that you can get burned on, just like we did.   Danger danger.
0
 
LVL 28

Expert Comment

by:masnrock
ID: 41897682
I think there's a lesson to be learned from this. Create a test environment to test out updates and changes before putting into production.
0
 
LVL 1

Author Closing Comment

by:JReam
ID: 41897735
Thanks folks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VM not booting up after reboot. vSphere console is showing black screen. 9 92
GPO denied - but why ? 6 57
Active Directory Powershell Script 9 41
GPO question 3 29
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question