Re: Event ID 1058
- From: davidskd5 <davidskd5@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 14 Aug 2005 23:31:26 -0700
Steve,
I am having a similar problem as Matthew. I however have only one DC. My
error message from the dcdiag is the same
> Starting test: frsevent
> There are warning or error events within the last 24 hours after the
> SYSVOL has been shared. Failing SYSVOL replication problems may cause
> Group Policy problems.
"
I followed the instructions in the article you pointed to up through step 3.
My adsiedit doesn't show the "problem" policy listed as a "notepad" icon. I
know which policy is the problem. I've checked the permissions on it through
adsiedit and exploere and on the "sysvol" share it self. I also get "domain
controller not found for "mydomain.com" when trying to access group policies
through "AD users and groups" when run from PDC. If I access GP through
client machine's "AD users and groups" group policy comes up and I am able to
modify it. Many of the policies within the group policy "computes" section
are empty however.
I've seen posts about directly modifiing gpt.ini within the problem policy,
but I don't trust that. Especially after seeing what that file contains.
more relevant info: every 5 minutes userenv logs 1030 and 1058
errors started while I was making changes to GP policies for IE browser
interface, GP refresh interval, and screen saver times to require user to
reenter password to use client.
I think if I can create a new, clean default group policy, it will fix the
problem, but I'm not sure how to do it, or ever if it will work.
David
"Steve Duff [MVP]" wrote:
> If it doesn't simply show in AD Sites snap-in where you can remove it, then there is a process for manually removing a DC from AD.
> This is spelled out in a KB article. I don't have the number handy as I'm out of the office. If you can't locate it at
> support.microsoft.com, then post back and I'll find it for you.
>
> You want especially to be sure that there are no FSMO roles still believed to be held by the phantom DC. This can cause important
> things to break badly and inexplicably after days, weeks or months. Check the RID, PDC and Infrastructure roles by right-clicking
> the domain in AD Users and Computers and selecting "Operations Masters". The Naming role is in the AD Trusts snap-in
> (right-click...operations master). The Schema role is in the schema snap-in (you'll have to use add/remove snap-in to get to this
> one), right-click schema..."operations master" to check that.
>
> Steve Duff, MCSE, MVP
> Ergodic Systems, Inc.
>
> "Matthew" <Matthew@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:FCE7A7BA-2149-47FF-ACD4-6BF710BF40EA@xxxxxxxxxxxxxxxx
> > Hi Steve
> >
> > I have run the dcdiag command. Initial errors show that replication is
> > trying to take place to another DC which no longer exists. This was just an
> > additional DC on the domain for test purposes. I believe I should of demoted
> > the server so that the rest of the network knows the DC no longer exists. Is
> > there an alternative method to stop replication attempts to a DC which does
> > not exist on the network.
> >
> > bytron.local
> > is not registered on one or more DNS servers.
> > [Replications Check,MATTHEW] A recent replication attempt failed:
> > From PAT to MATTHEW
> > Naming Context: DC=bytron,DC=local
> > The replication generated an error (8524):
> > Win32 Error 8524
> > The failure occurred at 2005-07-01 08:47:04.
> > The last success occurred at 2005-05-04 14:29:57.
> > 1360 failures have occurred since the last success.
> > The guid-based DNS name
> > a4161860-3f0c-4385-905f-dbecc51061cc._msdcs.
> > bytron.local
> >
> > Starting test: frsevent
> > There are warning or error events within the last 24 hours after the
> > SYSVOL has been shared. Failing SYSVOL replication problems may cause
> > Group Policy problems.
> > ......................... MATTHEW failed test frsevent
> >
> >
> >
> > As above shows, this can cause Group Policy probs. Do you have any ideas to
> > fix this replication problem?
> >
> > Regards
> >
> > Matthew
> >
> >
> >
> >
> >
> >
> >
> >
> > "Steve Duff [MVP]" wrote:
> >
> >> This is always a permissions problem - either somewhere in sysvol or AD. Unfortunately that covers a lot of territory, and you
> >> may
> >> end up seeing more of it than you want before you find the cause.
> >>
> >> But you might get lucky - as a first attack, I'd recommend a dcdiag /fix and netdiag /fix (I sound like a broken record today),
> >> make
> >> sure that sysvol is being shared out at all, and check the domain admins permissions as described here:
> >> http://support.microsoft.com/?id=294257
> >>
> >> Steve Duff, MCSE, MVP
> >> Ergodic Systems, Inc.
> >>
> >> "Matthew" <Matthew@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:7EF242D4-28E2-4BF2-AFC4-5308B1DD3256@xxxxxxxxxxxxxxxx
> >> > Hi
> >> >
> >> > Environment: Windows 2003 DC. This server has two NIC's which uses Routing
> >> > and Remote Access. This server has not been in service long. In the process
> >> > of setting up exchange on another Windows 2003 DC. When I try to open
> >> > Domian Cotrolller Security Policy, I recieve the following error:
> >> >
> >> > Failed to open group policy object. You may not have appropriate rights.
> >> >
> >> > Located at the event viewer "Application Log" on both the server and the
> >> > clients, the following message is displayed:
> >> >
> >> > Windows cannot access the file gpt.ini for GPO
> >> > CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=bytron,DC=local.
> >> > The file must be present at the location
> >> > <\\bytron.local\sysvol\bytron.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
> >> > (Configuration information could not be read from the domain controller,
> >> > either because the machine is unavailable, or access has been denied. ).
> >> > Group Policy processing aborted.
> >> >
> >> >
> >> >
> >> >
> >> > On the server inside event viewer "DNS", the following message:
> >> >
> >> > The DNS server was unable to open zone _msdcs.bytron-hq.matthew.bytron.local
> >> > in the Active Directory from the application directory partition
> >> > ForestDnsZones.bytron-hq.matthew.bytron.local. This DNS server is configured
> >> > to obtain and use information from the directory for this zone and is unable
> >> > to load the zone without it. Check that the Active Directory is functioning
> >> > properly and reload the zone. The event data is the error code.
> >> >
> >> > I have tried to source answer for this problem but can not find the
> >> > solution. Can anyone please help.
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > Thanks
> >> >
> >> > Matthew
> >> >
> >>
> >>
> >>
>
>
>
.
- Follow-Ups:
- Re: Event ID 1058
- From: Ace Fekay [MVP]
- Re: Event ID 1058
- Prev by Date: Re: TCP/IP CP reported error 31
- Next by Date: Re: Replication failure
- Previous by thread: Replication failure
- Next by thread: Re: Event ID 1058
- Index(es):
Relevant Pages
|
