Re: Event ID 1101 and 1030

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Ibnu (Ibnu_at_discussions.microsoft.com)
Date: 11/03/04 

Date: Wed, 3 Nov 2004 09:42:01 -0800

Greetings Mark,

I moved my Win2003 Servers to "Computers" Container and I will see if the
errors disappear.

If the errors disappear, I will create a new OU for my Win2003 Servers and
move them there.

Thank you very much for all your help, and I will keep you posted.

Best Regards,
Ibnu

"Mark Renoden [MSFT]" wrote:

> Hi Ibnu
>
> It sounds like an AD permissions problem on the AllServers OU object. The
> simplest solution may be to move the FileServers OU temporarily out of the
> AllServers OU (as well as any other OU's that are in the AllServers OU) and
> delete and re-create the AllServers OU. Once this is done, move them back.
>
> Kind regards
> --
> Mark Renoden [MSFT]
> Windows Platform Support Team
> Email: markreno@online.microsoft.com
>
> Please note you'll need to strip ".online" from my email address to email
> me; I'll post a response back to the group.
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Ibnu" <Ibnu@discussions.microsoft.com> wrote in message
> news:E7540608-7D12-4E18-9333-5362B49C04D4@microsoft.com...
> > Greetings Mark
> >
> > Thank you very much for the information.
> >
> > I have followed and verified your steps below. However, it still does not
> > work.
> >
> > The Win2003 Servers are located in
> > OU=FileServers,OU=AllServers,DC=DomainName,DC=org in Win2000 Active
> > Directory.
> >
> > The first GPO is applied to Domain (DC=DomainName).
> > There is no GPO applied to OU=AllServers.
> > The next GPO is applied to OU=FileServers.
> >
> > And yet the EventID 1101 indicates that "Windows cannot access the the
> > object OU=AllServers,DC=DomainName,DC=org in Active Directory. The access
> > to
> > the object may be denied."
> >
> > So here are the steps that I take to verify OU=AllServers since there is
> > no
> > GPO applied to it:
> > 1. Right-click on OU=AllServers, and click "Properties"
> >
> > 2. Click on "Group Policy" tab, and there is no GPO listed there
> >
> > 3. Click on "Security" tab, highlight "Authenticated Users" and there is
> > NO
> > Permission box that is selected/checked.
> > (Could this be the reason?. I then continue.)
> >
> > 4. Click on "Advanced..." button, the "Permission Entries" shows that
> > "Authenticated Users" are "Allow" on "Special" Permission that "Apply to"
> > "This object only"
> >
> > 5. Click on "View/Edit..." button, it shows "List Contents" and "Read
> > Permissions" boxes are checked for "Allow"
> >
> > I then concluded that the "Security" settings on OU=AllServers is okay.
> > Am
> > I wrong?
> >
> > Best Regards,
> > Ibnu
> >
> >
> > "Mark Renoden [MSFT]" wrote:
> >
> >> Hi
> >>
> >> This might help:
> >>
> >> 1. On the Windows 2000-based domain controller, click "Start", point to
> >> "Programs", point to "Administrative Tools", and then click "Active
> >> Directory Users and Computers".
> >>
> >> 2. On the "View" menu, click "Advanced Features".
> >>
> >> 3. In the right pane, right-click the OU to which you applied Group
> >> Policy
> >> for the 2003 servers, and then click "Properties".
> >>
> >> 4. Click the "Security" tab, and then click "Authenticated Users" from
> >> the
> >> list.
> >>
> >> 5. In the "Permissions" box, make sure that the "Allow" check box is
> >> selected for "Read".
> >>
> >> 6. Click the "Group Policy" tab, and then click "Properties".
> >>
> >> 7. Click the "Security" tab, and then click "Authenticated Users" from
> >> the
> >> list.
> >>
> >> 8. In the "Permissions" box, make sure that the "Allow" check box is
> >> selected for "Read" and "Apply Group Policy".
> >>
> >> 9. Click "Start", click "Run", type "cmd" (without the quotation marks),
> >> and
> >> then click "OK".
> >>
> >> 10. At the command prompt, type "secedit /refreshpolicy user_policy
> >> /enforce" (without the quotation marks), and then press ENTER.
> >>
> >> 11. Type "exit" (without the quotation marks), and then press ENTER to
> >> quit
> >> the command prompt.
> >>
> >> Kind regards
> >> --
> >> Mark Renoden [MSFT]
> >> Windows Platform Support Team
> >> Email: markreno@online.microsoft.com
> >>
> >> Please note you'll need to strip ".online" from my email address to email
> >> me; I'll post a response back to the group.
> >>
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights.
> >>
> >> "Ibnu" <Ibnu@discussions.microsoft.com> wrote in message
> >> news:3C5FC481-0357-492F-B83D-165FBE65B0CC@microsoft.com...
> >> >I have Windows 2000 Active Directory with some Windows 2003 Standard
> >> >Servers.
> >> > These Win2003 Servers are ONLY for File Servers, and are NOT used for
> >> > anything else.
> >> >
> >> > The Win2000 Domain Controllers and Win2003 Servers have DFS Service
> >> > running
> >> > automatically.
> >> >
> >> > When I check Application Event Viewer of my Win2003 Servers, each of my
> >> > Win2003 Server has Error Event ID 1101 and 1030.
> >> >
> >> > Event ID: 1101
> >> > Source: Userenv
> >> > Description: Windows cannot access the the object
> >> > OU=_______,DC=______,DC=org in Active Directory. The access to the
> >> > object
> >> > may
> >> > be denied. Group Policy processing aborted.
> >> >
> >> > Event ID: 1030
> >> > Source: Userenv
> >> > Description: Windows cannot query for the list of Group Policy objects.
> >> > Check the event log for possible messages previously logged by the
> >> > policy
> >> > engine that describes the reason for this.
> >> >
> >> > Could someone please help me?
> >> >
> >> > I try to look for Windows 2003 Server newsgroup; but, there is none.
> >> > So,
> >> > I
> >> > hope it is appropriate to post this message here.
> >> >
> >> > Thank you,
> >> > Ibnu
> >> >
> >>
> >>
> >>
>
>
>

Quantcast