Re: "Windows cannot access the file gpt.ini for GPO" - Events 1058 and 1030 on XP client only.

From: Kevin D. Goodknecht [MVP] (admin_at_nospam.LSAOL.COM)
Date: 02/16/04


Date: Sun, 15 Feb 2004 18:36:43 -0600

In news:kfuv20p7519vll1mc9s7i9aav1g4hfnpdt@4ax.com,
Chris Simmons <newsgroup.replies@netchris.com> posted a question
Then Kevin replied below:
: On Sun, 15 Feb 2004 14:11:32 -0600, "Kevin D. Goodknecht [MVP]"
: <admin@nospam.LSAOL.COM> wrote:
:
:: <SNIP>
::
:: This is one problem with Multihomed DCs in order to cure this you
:: need to do a couple of things.
::
:: 1. Set the binding order, by going into network properties Control
:: panel, in the Advanced menu select Advanced Settings. Make sure the
:: internal NIC is at the top of the connections list and the Client
:: for MS networks and File sharing are only bound on the internal
:: interface.
::
:: 2. You will need to make registry entries to stop the creation of
:: the blank records for the external interface for both the domain
:: name and the global catalog record. You will then have to manually
:: create these two blank records. There is a KB describing this but
:: I'm unable to find it but here is the reg entry, you must use
:: regedt32 to make this entry.
:: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
::
:: Registry value: DnsAvoidRegisterRecords
:: Data type: REG_MULTI_SZ
::
:: LdapIpAddress
:: GcIpAddress
::
:: 3. On the Interfaces tab of the DNS server properties set the DNS
:: listener address to the internal IP.
::
:: 4. On an XP Client you need to upgrade the GPO by following this KB
:: article Upgrading Windows 2000 Group Policy for Windows XP
:: http://support.microsoft.com/?id=307900
::
:: What happens is DNS returns the IP of the external interface and file
:: sharing is not enabled on the interface and LDAP won't pass NAT.
::
:: --
:: Best regards,
:: Kevin D4 Dad Goodknecht Sr. [MVP]
:: Hope This Helps
:: ============================
:
: Thanks so much for this response, however no luck. For the KB
: article, I couldn't find one, but I did find this which seemed to
: correspond: http://tinyurl.com/3ymd5
:
:
: I think the key problem here is that I cannot "see" the
: \\domain.com\SYSVOL share. I can open up Windows Explorer and type
: \\domain.com <enter> in the address bar and the share appears in the
: file list. However, when I try to double-click the share, I get
: "\\domain.com\SYSVOL is not accessible. You may not have permission
: to use this network resource ... The network path was not found.". I
: checked the permissions on the share and Everyone has read, the
: Authenticated Users and Administrators groups have full access. On
: the path where the share points (C:\WINNT\SYSVOL\sysvol), Everyone
: does not have any access, however Authenticated Users has read. I can
: see other shares on the DC fine, using the \\domain.com\sharename
: convention; it's only the \SYSVOL share that's giving the problem.
The NTFS permissions on the SYSVOL share are
Administrators Full Folder, subfolder, files
Authenticated RX, List, Read Folder, subfolder, files
System Full Folder, subfolder, files
Owner Full Subfolder and files

:
: (By the way, I couldn't complete step 4 because of this very problem:
: "The network path was not found" was returned when I tried to update a
: domain GPO.)

What steps did you complete?
Did you set the bindings?
Did you make the registry entry?
Did you create the Blank Host for the private IP of the NIC that has file
sharing bound?
Did you create the Blank host with the Private IP in the
gc._msdcs.domainname sub folder?
You must only have blank records for the private IP if you have records with
the public IPs they need to be deleted. After you complete these steps run
ipconfig /flushdns.
To verify use nslookup to resolve your domain name and make sure that only
the private IP is returned.

-- 
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
-- 
When responding to posts, please "Reply to Group"  via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
 http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
 http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
 http://www.oehelp.com/OEBackup/Default.aspx
==========================================