Re: Active Directory domain policy not available - Windows cannot access the registry information (52)
From: Chad A Gross [SBS-MVP] (chad.gross_at_laytonflower.nospam.com)
Date: 03/24/04
- Next message: Chad A Gross [SBS-MVP]: "Re: Computers on VPN can't access Internet"
- Previous message: Chad A Gross [SBS-MVP]: "Re: Internal Website DNS Config Question"
- In reply to: Steve Stewart: "Active Directory domain policy not available - Windows cannot access the registry information (52)"
- Next in thread: Steve Stewart: "Re: Active Directory domain policy not available - Windows cannot access the registry information (52)"
- Reply: Steve Stewart: "Re: Active Directory domain policy not available - Windows cannot access the registry information (52)"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 24 Mar 2004 00:09:51 -0600
Hi Steve -
What share permissions did you change? This type of error can occur if the
SYSVOL and NETLOGON shares aren't accessible.
www.eventid.net - Bookmark it & subscribe!
Source Userenv
Type Error
Description Windows cannot access the registry information at
\\mydomain.com\sysvol\mydomain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB
984F9}\Machine\registry.pol with (<error code>).
Things to understand What are the registry files?
What are the registry.pol files?
Comments Adrian Grigorof (Last update 9/1/2003):
As first step, use NET HELPMSG <error code> for a first clue as what
it wrong.
Error code 5 - "Access denied" - See Q290647. Also, from a newsgroup
post: "I have been plagued by the same message on my system for months. Most
of the postings I saw claimed that this was due to my system being
multi-homed and the order of the priority of the NICs being incorrect. In my
case, the suggested remedies did not work. Today I checked and found out the
the node "C:\WINNT\sysvol\sysvol" was not shared. After I shared that node
to system and Administrator, the error messages stopped."
Error code 51 - "The remote computer is not available." - "The
\\Active Directory Domain Name\Sysvol share is a special share that requires
the distributed file system (Dfs) client to make a connection. If the Dfs
client is disabled, the error messages are generated. ". See the link to
Q259398.
Error code 53 - "The network path was not found." - Caused by File and
Printer Sharing service not being enabled on the Domain Controller
interface(s). See the link to Q279742.
Another instance of error code 53 may be recorded if the IP address of
the domain controller is changed but the DNS still points to the old IP
address.
Massimo (Last update 1/9/2004):
Error 1351: I solved this problem enabling NetBIOS over TCP/IP in the
WINS tab of Advanced TCP/IP Options for the LAN card.
Dan Grenfell (Last update 12/10/2003):
- Error 1351 - These errors started appearing after I had switched off
NetBEUI on a Multihomed Win2k DC, leaving only TCP/IP. Changing the protocol
binding order for the private adapter so that TCP/IP was the preferred
protocol instead of the disabled NetBEUI stopped these errors, and allowed
me to administer the WINS server again from MMC.
Ionut Marin (Last update 9/26/2003):
From a newsgroup post: "After reading all the KB articles everyone
suggested, checking my SYSVOL file structure, etc; I happened to take a look
at the NIC settings and discovered that, somehow, NetBIOS had become
disabled on the LAN card. I enabled NetBIOS and everything is now working
fine. No more error messages and users can access the server".
Also from a newsgroup post: "If the DFS Client is disabled, you can
not access the \\<Active Directory Domain Name>\Sysvol share, which would
cause this problem. To check / enable the DFS Client, use Regedt32 to
navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup.
Double-click the DisableDFS value name, a REG_DWORD data type. A data value
of 0, the default, enables the DFS Client. A data value of 1 disables the
DFS Client.
NOTE: If the DisableDFS value name is missing, the DFS Client is
enabled".
When you use the Symantec W32.Nimda.A@mm virus removal tool on a
domain controller, the share permissions for shares such as Sysvol and
Netlogon may be changed from the default share permissions. See Q312031 for
more details.
Anonymous (Last update 8/31/2003):
Error code 51 - I had disabled file and printer sharing on a 2000 DC,
reenabling that fixed the problem.
Pete Gibson (Last update 8/31/2003):
I tried most things, until I disabled the LAN connection and enabled
it again and that fixed the problem for me.
Chris Bowden (Last update 8/31/2003):
In my case the Kerberos Realm name (which should be the NetBIOS domain
name) was incorrect in the registry (and was referencing the local computer
name). To correct this issue:
1. Open REGEDT32.
2. Navigate to Security\Policies\PolAcDmN.
3. Left-click on <No Name>:REG_NONE and select "View - Display Binary
Data"
4. You should see the NetBIOS name of the domain in the text on the
right (ex. WAMLTD). If the machine name is listed instead, you will need to
replace it.
5. Navigate to Security\Policies\PolPrDmN.
6. Double-click the <No Name>:REG_NONE and copy the binary value
(CTRL-C)
7. Navigate to Security\Policies\PolAcDmN, double-click <No
Name>:REG_NONE and paste in the correct value.
8. Left-click on <No Name>:REG_NONE and select "View - Display Binary
Data". You should see the correct value listed.
9. Run "secedit /refreshpolicy machine_policy /enforce"
10. Look in the application log for a SCECLI 1704 event (indicating
successful application of policy)
Anonymous (Last update 6/10/2003):
Error: 5 = "Access denied". Group Policy was not being propagated to
clients and logons were slow. I found that the permissions on the domain
controllers Sysvol folder and subfolders were incorrect but after 20 minutes
of changing them as per Microsofts instructions, the system automatically
changed them back. The sysvol permissions and some GP entries contained the
security identifier for the Power Users group which doesn't exist on a DC.
All efforts to remove this security identifier failed.
I deleted all Registry.pol and System.adm on the DC and edited all
GPT.ini files, on the DC, so Version=1. I then rebooted the DC and changed
the Sysvol permissions. Make a new Default Domain Policy and a new Default
Domain Controllers Policy. Make sure that Everyone, Authenticated users and
Administrators have "Bypass Traverse Cecking" enabled in the Default Domain
Policy.
Dean Usaj (Last update 5/15/2003):
Error: 1351 - I removed the PC from the domain and after restart put
it back in domain. This seems to solve the problem.
SChase (Last update 4/28/2003):
Error: 1351 - "Configuration information could not be read from the
domain controller, either because the machine is unavailable, or access has
been denied." - Bob A Schelfhout Aubertijn's method (see below) solved the
error and also solved Event ID 1001 -Security Policy cannot be propagated.
Thomas Blatti
In my case, the reason for this error was the server, it had the
IRPSStackSize to low (on 11). Default for Windows 2000 is 15 (range from 11
to 50 refering Q177078). Registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
A refering document from MS (Q106167) is outdated and should be
corrected for Windows 2000.
Ander Taylor
I had this problem on all my member servers, it turned out to be a
permissions problem with SYSVOL.
I fixed it as follows:
Start > Programs > Administrative Tools > Domain Controllers Security
Policy > Security Settings > Double click "File System" > Double click
"%SYSVOL%\Domain\Policies" > Edit Security> Make sure the appropriate
permissions are set and tick the "Allow Inheritable Permissions ........"
checkbox. Note that the permissions in "%SYSVOL%" must be set properly too.
Kevin Austin
Error 1351 - MS knowledgebase had my solution in article Q258960. It
referenced a Buffer limitation of 15 ip addresses in Lmhsvc.dll which is
resolved in SP2.
Bob A. Schelfhout Aubertijn
Q258296 explains in detail how to prevent this error from popping up
every 5 minutes in the event log. The trick is to move the NIC that has file
and printer sharing bound to it to the top of the binding order in, network
connections > advanced > advanced settings.
Josh Tanski
Setting the TCP/IP NetBIOS Helper Service to manual startup caused
this and related events for me, as it prevented me from accessing DFS
shares. I set the service back to automatic startup to solve the problem.
--
Chad A. Gross [SBS-MVP]
SBS ROCKS!!!
"Steve Stewart" <steve@nospam.com> wrote in message
news:0ecu50lpaqor1p9ifa7kikgjmfpmioc3ap@4ax.com...
>
> Help!
>
> I have a SBS2000 that is acting up. I'm getting the following error
> message in the log.
>
> Event Type: Error
> Event Source: Userenv
> Event Category: None
> Event ID: 1000
> Date: 3/22/2004
> Time: 10:16:05 AM
> User: NT AUTHORITY\SYSTEM
> Computer: SHSBS
> Description:
> Windows cannot access the registry information at
>
\\domain.sbs\sysvol\domain.sbs\Policies\{31B2F340-016D-11D2-945F-00C04FB984F
9}\Machine\registry.pol
> with (52).
>
>
> Is there anyway that I could have screwed this up by changing NTFS
> file permissions on user share folders? I know I disallowed
> inheritable permissions from parent to propogate to the share folder
> and to child objects.
>
> This the only chang I made to the server and I can't figure out why
> I'm having the problem.
>
> I have the popular KBs for this error message and will take a crack at
> them tonight, but I am at a loss for why I am experiencing this
> problem all of the sudden.
>
> Thanks,
>
> Steve
- Next message: Chad A Gross [SBS-MVP]: "Re: Computers on VPN can't access Internet"
- Previous message: Chad A Gross [SBS-MVP]: "Re: Internal Website DNS Config Question"
- In reply to: Steve Stewart: "Active Directory domain policy not available - Windows cannot access the registry information (52)"
- Next in thread: Steve Stewart: "Re: Active Directory domain policy not available - Windows cannot access the registry information (52)"
- Reply: Steve Stewart: "Re: Active Directory domain policy not available - Windows cannot access the registry information (52)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
