Re: "Windows cannot access the file gpt.ini for GPO" - Events 1058 and 1030 on XP client only.

From: Chris Simmons (newsgroup.replies_at_netchris.com)
Date: 02/16/04 

Date: Sun, 15 Feb 2004 20:22:24 -0500

On Sun, 15 Feb 2004 18:36:43 -0600, "Kevin D. Goodknecht [MVP]"
<admin@nospam.LSAOL.COM> wrote:

>In news:kfuv20p7519vll1mc9s7i9aav1g4hfnpdt@4ax.com,
>Chris Simmons <newsgroup.replies@netchris.com> posted a question
>Then Kevin replied below:
>: On Sun, 15 Feb 2004 14:11:32 -0600, "Kevin D. Goodknecht [MVP]"
>: <admin@nospam.LSAOL.COM> wrote:
>:
>:: <SNIP>
>::
>:: This is one problem with Multihomed DCs in order to cure this you
>:: need to do a couple of things.
>::
>:: 1. Set the binding order, by going into network properties Control
>:: panel, in the Advanced menu select Advanced Settings. Make sure the
>:: internal NIC is at the top of the connections list and the Client
>:: for MS networks and File sharing are only bound on the internal
>:: interface.
>::
>:: 2. You will need to make registry entries to stop the creation of
>:: the blank records for the external interface for both the domain
>:: name and the global catalog record. You will then have to manually
>:: create these two blank records. There is a KB describing this but
>:: I'm unable to find it but here is the reg entry, you must use
>:: regedt32 to make this entry.
>:: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
>::
>:: Registry value: DnsAvoidRegisterRecords
>:: Data type: REG_MULTI_SZ
>::
>:: LdapIpAddress
>:: GcIpAddress
>::
>:: 3. On the Interfaces tab of the DNS server properties set the DNS
>:: listener address to the internal IP.
>::
>:: 4. On an XP Client you need to upgrade the GPO by following this KB
>:: article Upgrading Windows 2000 Group Policy for Windows XP
>:: http://support.microsoft.com/?id=307900
>::
>:: What happens is DNS returns the IP of the external interface and file
>:: sharing is not enabled on the interface and LDAP won't pass NAT.
>::
>:: --
>:: Best regards,
>:: Kevin D4 Dad Goodknecht Sr. [MVP]
>:: Hope This Helps
>:: ============================
>:
>: Thanks so much for this response, however no luck. For the KB
>: article, I couldn't find one, but I did find this which seemed to
>: correspond: http://tinyurl.com/3ymd5
>:
>:
>: I think the key problem here is that I cannot "see" the
>: \\domain.com\SYSVOL share. I can open up Windows Explorer and type
>: \\domain.com <enter> in the address bar and the share appears in the
>: file list. However, when I try to double-click the share, I get
>: "\\domain.com\SYSVOL is not accessible. You may not have permission
>: to use this network resource ... The network path was not found.". I
>: checked the permissions on the share and Everyone has read, the
>: Authenticated Users and Administrators groups have full access. On
>: the path where the share points (C:\WINNT\SYSVOL\sysvol), Everyone
>: does not have any access, however Authenticated Users has read. I can
>: see other shares on the DC fine, using the \\domain.com\sharename
>: convention; it's only the \SYSVOL share that's giving the problem.
>The NTFS permissions on the SYSVOL share are
>Administrators Full Folder, subfolder, files
>Authenticated RX, List, Read Folder, subfolder, files
>System Full Folder, subfolder, files
>Owner Full Subfolder and files
>
>
>:
>: (By the way, I couldn't complete step 4 because of this very problem:
>: "The network path was not found" was returned when I tried to update a
>: domain GPO.)
>
>What steps did you complete?
>Did you set the bindings?
>Did you make the registry entry?
>Did you create the Blank Host for the private IP of the NIC that has file
>sharing bound?
>Did you create the Blank host with the Private IP in the
>gc._msdcs.domainname sub folder?
>You must only have blank records for the private IP if you have records with
>the public IPs they need to be deleted. After you complete these steps run
>ipconfig /flushdns.
>To verify use nslookup to resolve your domain name and make sure that only
>the private IP is returned.
>
>--
>Best regards,
>Kevin D4 Dad Goodknecht Sr. [MVP]
>Hope This Helps
>============================

My apologies. I should have been more thorough in my reply. I
completed all steps, except for #4 (because of the network not found
issue).

1. Set the bindings.
2. Made the registry entry.
3. Created a (same as parent folder) entry at domain root for the
internal IP. Also, while there was not a _gc folder, I manually
created the folders (domains?):
_gc
_gc._msdcs
_gc._msdcs.com
_gc._msdcs.com.domain
_gc._msdcs.domain

and made (same as parent folder) entries at the com.domain and domain
levels, all pointing to the internal IP.

As for nslookup, is it bad that there are two entries for domain.com,
one pointing to the DC, the other to the domain? Here's the output:

C:\Documents and Settings\Chris>nslookup
Default Server: dc.domain.com
Address: 192.168.1.2

> domain.com
Server: dc.domain.com
Address: 192.168.1.2

Name: domain.com
Address: 192.168.1.2

> 

-- 
Thanks,
Chris Simmons
forensics@christophersimmons.org
*** IMPORTANT - DO NOT REPLY TO ABOVE E-MAIL ADDRESS ***
It exists solely as bait for spam.  If you wish to e-mail
me (and have me actually READ your e-mail), use the address
listed in the From: header.

Relevant Pages

  • Re: "Windows cannot access the file gpt.ini for GPO" - Events 1058 and 1030 on XP client o
    ... Authenticated Users and Administrators groups have full access. ... >Authenticated RX, List, Read Folder, subfolder, files ... >Did you create the Blank Host for the private IP of the NIC that has file ... Made the registry entry. ...
    (microsoft.public.win2000.group_policy)
  • Re: "Windows cannot access the file gpt.ini for GPO" - Events 1058 and 1030 on XP client o
    ... Authenticated Users and Administrators groups have full access. ... >Authenticated RX, List, Read Folder, subfolder, files ... >Did you create the Blank Host for the private IP of the NIC that has file ... Made the registry entry. ...
    (microsoft.public.windows.server.dns)
  • Re: Fast Size Folder
    ... as far as I know that is exactly what Windows itself does when you right click a folder and choose Properties. ... Private Declare Sub CopyMemory Lib "kernel32" _ ... ByVal sDir As String) As Long ... Dim s1 As String, sectorsPerCluster As Long ...
    (microsoft.public.vb.general.discussion)
  • Re: Hard Drive Folder Size
    ... The drive and folder will always be the same. ... Private Declare Sub CopyMemory Lib "kernel32" _ ... (ByVal lItem As Long, ByVal sDir As String) ... Dim s1 As String, sectorsPerCluster As Long, bytesPerSector As Long ...
    (microsoft.public.vb.general.discussion)
  • Re: file sizes
    ... You can count either the files in the selected folder only or you can include all files in all subfolders within that folder. ... Private Declare Sub CopyMemory Lib "kernel32" _ ... ByVal sDir As String) As Long ... Dim bytespercluster As Long, free As Long, total As Long ...
    (microsoft.public.vb.general.discussion)