Re: Event ID 1101 and 1030

From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 11/03/04 

Date: Wed, 3 Nov 2004 15:00:49 +1100

Hi Ibnu

It sounds like an AD permissions problem on the AllServers OU object. The
simplest solution may be to move the FileServers OU temporarily out of the
AllServers OU (as well as any other OU's that are in the AllServers OU) and
delete and re-create the AllServers OU. Once this is done, move them back.

Kind regards 

-- 
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com
Please note you'll need to strip ".online" from my email address to email 
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
"Ibnu" <Ibnu@discussions.microsoft.com> wrote in message 
news:E7540608-7D12-4E18-9333-5362B49C04D4@microsoft.com...
> Greetings Mark
>
> Thank you very much for the information.
>
> I have followed and verified your steps below. However, it still does not
> work.
>
> The Win2003 Servers are located in
> OU=FileServers,OU=AllServers,DC=DomainName,DC=org in Win2000 Active 
> Directory.
>
> The first GPO is applied to Domain (DC=DomainName).
> There is no GPO applied to OU=AllServers.
> The next GPO is applied to OU=FileServers.
>
> And yet the EventID 1101 indicates that "Windows cannot access the the
> object OU=AllServers,DC=DomainName,DC=org in Active Directory. The access 
> to
> the object may be denied."
>
> So here are the steps that I take to verify OU=AllServers since there is 
> no
> GPO applied to it:
> 1. Right-click on OU=AllServers, and click "Properties"
>
> 2. Click on "Group Policy" tab, and there is no GPO listed there
>
> 3. Click on "Security" tab, highlight "Authenticated Users" and there is 
> NO
> Permission box that is selected/checked.
> (Could this be the reason?.  I then continue.)
>
> 4. Click on "Advanced..." button, the "Permission Entries" shows that
> "Authenticated Users" are "Allow" on "Special" Permission that "Apply to"
> "This object only"
>
> 5. Click on "View/Edit..." button, it shows "List Contents" and "Read
> Permissions" boxes are checked for "Allow"
>
> I then concluded that the "Security" settings on OU=AllServers is okay. 
> Am
> I wrong?
>
> Best Regards,
> Ibnu
>
>
> "Mark Renoden [MSFT]" wrote:
>
>> Hi
>>
>> This might help:
>>
>> 1. On the Windows 2000-based domain controller, click "Start", point to
>> "Programs", point to "Administrative Tools", and then click "Active
>> Directory Users and Computers".
>>
>> 2. On the "View" menu, click "Advanced Features".
>>
>> 3. In the right pane, right-click the OU to which you applied Group 
>> Policy
>> for the 2003 servers, and then click "Properties".
>>
>> 4. Click the "Security" tab, and then click "Authenticated Users" from 
>> the
>> list.
>>
>> 5. In the "Permissions" box, make sure that the "Allow" check box is
>> selected for "Read".
>>
>> 6. Click the "Group Policy" tab, and then click "Properties".
>>
>> 7. Click the "Security" tab, and then click "Authenticated Users" from 
>> the
>> list.
>>
>> 8. In the "Permissions" box, make sure that the "Allow" check box is
>> selected for "Read" and "Apply Group Policy".
>>
>> 9. Click "Start", click "Run", type "cmd" (without the quotation marks), 
>> and
>> then click "OK".
>>
>> 10. At the command prompt, type "secedit /refreshpolicy user_policy
>> /enforce" (without the quotation marks), and then press ENTER.
>>
>> 11. Type "exit" (without the quotation marks), and then press ENTER to 
>> quit
>> the command prompt.
>>
>> Kind regards
>> -- 
>> Mark Renoden [MSFT]
>> Windows Platform Support Team
>> Email: markreno@online.microsoft.com
>>
>> Please note you'll need to strip ".online" from my email address to email
>> me; I'll post a response back to the group.
>>
>> This posting is provided "AS IS" with no warranties, and confers no 
>> rights.
>>
>> "Ibnu" <Ibnu@discussions.microsoft.com> wrote in message
>> news:3C5FC481-0357-492F-B83D-165FBE65B0CC@microsoft.com...
>> >I have Windows 2000 Active Directory with some Windows 2003 Standard
>> >Servers.
>> > These Win2003 Servers are ONLY for File Servers, and are NOT used for
>> > anything else.
>> >
>> > The Win2000 Domain Controllers and Win2003 Servers have DFS Service
>> > running
>> > automatically.
>> >
>> > When I check Application Event Viewer of my Win2003 Servers, each of my
>> > Win2003 Server has Error Event ID 1101 and 1030.
>> >
>> > Event ID: 1101
>> > Source: Userenv
>> > Description: Windows cannot access the the object
>> > OU=_______,DC=______,DC=org in Active Directory. The access to the 
>> > object
>> > may
>> > be denied. Group Policy processing aborted.
>> >
>> > Event ID: 1030
>> > Source: Userenv
>> > Description: Windows cannot query for the list of Group Policy objects.
>> > Check the event log for possible messages previously logged by the 
>> > policy
>> > engine that describes the reason for this.
>> >
>> > Could someone please help me?
>> >
>> > I try to look for Windows 2003 Server newsgroup; but, there is none. 
>> > So,
>> > I
>> > hope it is appropriate to post this message here.
>> >
>> > Thank you,
>> > Ibnu
>> >
>>
>>
>>
Quantcast