Re: Re: Event IDs 1030 & 1058 (again)

From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 06/22/04

Next message: Bill Grant: "Re: XP slow login on '03 domain & linked GP question"
Previous message: Michael Dennis[MSFT]: "GP settings info..."
In reply to: JohnC.: "Re: Re: Event IDs 1030 & 1058 (again)"
Next in thread: boxster_at_antamy.com: "Re: Re: Event IDs 1030 & 1058 (again)"
Messages sorted by: [ date ] [ thread ]

Date: Tue, 22 Jun 2004 10:59:20 +1000

Hi all

The hotfix is now correctly packaged and associated with the following
article:

842804 Group Policy processing does not work and events 1030 and 1058 are
http://support.microsoft.com/?id=842804

Kind regards

-- 
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com
Please note you'll need to strip ".online" from my email address to email 
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
"JohnC." <johnnychandler1@hotmail.com> wrote in message 
news:%23PDYMG7TEHA.1472@TK2MSFTNGP12.phx.gbl...
> Hi, I ran into a problem similar to this. It turned out that the error was
> related to the fact that we were running a logon.bat that redirected the
> computer to \\Central-7\... the problem was that somebody had fat figured 
> an
> entry in a host file. Check and make sure that you don't have any entries 
> in
> your host file. Just a thought
> "Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message
> news:uxWWc0CSEHA.1936@TK2MSFTNGP10.phx.gbl...
>> Hi Anthony
>>
>> To clarify your questions:
>>
>> 3. Open Active Directory Users and Computers and right-click the Domain
>> Controllers container.  Navigate to the Group Policy tab and edit the
>> "Domain Controller Security Policy".  Navigate to Windows Settings ->
>> Security Settings -> Local Policies -> User Rights Assignment.  Ensure
> that
>> "Bypass Traverse Checking" includes the "Everyone" group (Apologies for
>> missing this earlier).
>>
>> 7. I've attached a full list of ACL's from C:\ down to GPT.ini as they
>> appear by default on Windows Server 2003.
>>
>> 8. Not sure why this is (haven't seen it before).  Have you applied any
>> security templates to this server?
>>
>> 9. and 10.  It's worth testing these steps just to see if this is related
> to
>> the issue.
>>
>> As I mentioned in a follow up post earlier, the hotfix that's available 
>> is
>> specific to the "Access Denied" error described in 830676.  If this isn't
>> the event description you're seeing, please provide the event 
>> descriptions
>> for the 1030's and the 1058's.
>>
>> Kind regards
>> -- 
>> Mark Renoden [MSFT]
>> Windows Platform Support Team
>> Email: markreno@online.microsoft.com
>>
>> Please note you'll need to strip ".online" from my email address to email
>> me; I'll post a response back to the group.
>>
>> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>>
>>
>> <boxster@antamy.com> wrote in message
>> news:dZGdnUdDIJ9tPyHd3cwC-g@speakeasy.net...
>> >
>> > On 31-May-2004, "Mark Renoden [MSFT}" <markreno@online.microsoft.com>
>> > wrote:
>> >
>> >> Hi Anthony
>> >>
>> >> To my knowledge, there are a number of factors that may be the cause 
>> >> of
>> >> this issue.  One of these is a bug but it's best to check the 
>> >> following
>> >> before
>> >> obtaining the related fix from Microsoft:
>> >
>> >
>> > Mark - thanks for the response.  I've gone through your list and have
> some
>> > additional questions / clarifications (see below).
>> >
>> > Anthony
>> >
>> >> 1. That both DC's point to the same server as the preferred DNS 
>> >> server.
>> >
>> > I only have one DC - it points to itself as the DNS server
>> >
>> >
>> >> 2. Ensure that "Digitally sign server communication (always)" and
>> >> "Digitally sign server communication (when possible)" match on all 
>> >> DC's
>> >> in
>> >> the "Local
>> >>
>> >> Security Policy" -> Windows Settings -> Security Settings -> Local
>> >> Policies -> Security Options.  Default settings are:
>> >>
>> >>    Microsoft Network Client: Digitally Sign Communication (always)
>> >>    Microsoft Network Client: Digitally Sign Communication (if server
>> >>    agrees)
>> >>    Microsoft Network Server: Digitally Sign Communication (always)
>> >>    Microsoft Network Server: Digitally Sign Communication (if client
>> >>    agrees)
>> >>
>> >
>> > These are all set to "Disabled"
>> >
>> >> 3. In the "Domain Controller Security Policy", ensure that Windows
>> >> Settings -> Security Settings -> Local Policies -> User Rights
> Assignment
>> >> includes the "Everyone" group.
>> >
>> > Can you clarify which policy / policies should have Everyone assigned 
>> > to
>> > them ?
>> >
>> >> 4. If any DC's use a Gigabit NIC, try updating the driver or an
> alternate
>> >> device?
>> >
>> > Not applicable
>> >
>> >> 5. Ensure that the Netlogon service on all DC's is set to "Automatic"
>> >> startup and that the service is successfully starting.
>> >
>> > It is
>> >
>> >> 6. Ensure that the Distributed File System service on all DC's is set
> to
>> >> "Automatic" startup and that the service is successfully starting.
>> >
>> > It is
>> >
>> >> 7. Ensure that Administrators and System have Full Control access to
> the
>> >> GPT.INI file and the full directory path specified in the events?
>> >
>> > Done, although I had to add Administrators to the list (the directory
>> > wasn't
>> > inheriting from the parent)
>> >
>> >> 8. Provided you don't currently have anything important set in the
>> >> Default
>> >>
>> >> Domain or Default Domain Controllers policies, try running the
> following
>> >> on the PDC emulator.  NOTE:  This will completely replace the existing
>> >> policies with the defaults.
>> >>
>> >>     dcgpofix /target:both
>> >
>> > This fails with the message :
>> >
>> > Unable to read EFS certificates from Registry.pol file of Default 
>> > Domain
>> > Policy. The error was
>> > The network path was not found.
>> >
>> > I assume that this is related to the underlying issue.  I ran dcgpofix
> on
>> > the DC.
>> >
>> >> 9. Ensure that Remote Desktop Sharing is not enabled (Properties of My
>> >> Computer -> Remote Tab -> Uncheck "Allow users to connect remotely to
>> >> this
>> >>
>> >> computer."  Click OK.
>> >
>> > This is enabled (for admin purposes).  Is it really a factor in this
>> > problem
>> > ?
>> >
>> >>
>> >> 10. Ensure that Offline Files are enabled (Open Windows Explorer ->
> Tools
>> >> Menu -> Folder Options -> Offline Files Tab -> check "Enable Offline
>> >> Files"
>> >> and "Synchronize all offline files when logging on.").  Click OK.
>> >
>> > This can't be enabled due to the Remote Desktop sharing
>> >
>> >>
>> >> Failing these steps, contact Microsoft and request the hotfix
> associated
>> >> with knowledge the following knowledge base article:
>> >>
>> >>     830676 Group Policy processing fails with Events 1058 and 1030 in
>> >> Windows
>> >>     http://support.microsoft.com/?id=830676
>> >>
>> >> While this article does not specifically state there is a hotfix
>> >> available
>> >>
>> >> for the issue, I've provided it in a couple of cases and this has
>> >> resolved
>> >>
>> >> the problem.
>> >>
>> >> Kind regards
>> >> -- 
>> >> Mark Renoden [MSFT]
>> >> Windows Platform Support Team
>> >> Email: markreno@online.microsoft.com
>> >>
>> >> Please note you'll need to strip ".online" from my email address to
> email
>> >> me; I'll post a response back to the group.
>> >
>> >> and "Synchronize all offline files when logging on.").  Click OK.
>> >>
>> >> Failing these steps, contact Microsoft and request the hotfix
> associated
>> >> with knowledge the following knowledge base article:
>> >>
>> >>     830676 Group Policy processing fails with Events 1058 and 1030 in
>> >> Windows
>> >>     http://support.microsoft.com/?id=830676
>> >>
>> >> While this article does not specifically state there is a hotfix
>> >> available
>> >>
>> >> for the issue, I've provided it in a couple of cases and this has
>> >> resolved
>> >>
>> >> the problem.
>> >>
>> >> Kind regards
>> >> -- 
>> >> Mark Renoden [MSFT]
>> >> Windows Platform Support Team
>> >> Email: markreno@online.microsoft.com
>> > .
>>
>>
>>
>
>

Next message: Bill Grant: "Re: XP slow login on '03 domain & linked GP question"
Previous message: Michael Dennis[MSFT]: "GP settings info..."
In reply to: JohnC.: "Re: Re: Event IDs 1030 & 1058 (again)"
Next in thread: boxster_at_antamy.com: "Re: Re: Event IDs 1030 & 1058 (again)"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Re: Event IDs 1030 & 1058 (again)
... > Windows Platform Support Team ... That both DC's point to the same server as the preferred DNS server. ... >> "Digitally sign server communication " match on all DC's ... >> Microsoft Network Client: ...
(microsoft.public.windows.group_policy)
Re: Re: Event IDs 1030 & 1058 (again)
... >>Windows Platform Support Team ... appear by default on Windows Server 2003. ... As I mentioned in a follow up post earlier, the hotfix ... > Communication (if server ...
(microsoft.public.windows.group_policy)
Re: Re: Event IDs 1030 & 1058 (again)
... > Microsoft Network Client: ... > with knowledge the following knowledge base article: ... > While this article does not specifically state there is a hotfix available ... > Windows Platform Support Team ...
(microsoft.public.windows.group_policy)
Re: Question regarding hotfix 905214
... Homework for another server job coming up. ... hotfix and SenderID filtering appears to be working fine. ... then 914103 is needed by Exchange for SenderID. ...
(microsoft.public.windows.server.sbs)
Re: R2 quotas email notification failing
... I have sent an email notification regarding this patch to all users who ... The instructions on how to get the hotfix can be found from the above link. ... Microsoft MVP: Windows Server ... Quota threshold reached. ...
(microsoft.public.windows.server.general)