Re: Re: Event IDs 1030 & 1058 (again)
From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 08/06/04
- Next message: Mark Renoden [MSFT]: "Re: Duplicating Policy"
- Previous message: Sidney: "using global policy in a windows 2000 domain"
- In reply to: admin_at_pclantechs.com: "Re: Re: Event IDs 1030 & 1058 (again)"
- Next in thread: Jerry Beers: "Re: Re: Event IDs 1030 & 1058 (again)"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 6 Aug 2004 12:16:12 +1000
Hi JC
I'd suggest loggin a case with Microsoft. I've covered everything I know of
as a cause of this issue and if you've still got it, it'll probably take
some reasonably involved troubleshooting.
Kind regards
-- Mark Renoden [MSFT] Windows Platform Support Team Email: markreno@online.microsoft.com Please note you'll need to strip ".online" from my email address to email me; I'll post a response back to the group. This posting is provided "AS IS" with no warranties, and confers no rights. "admin@pclantechs.com" <anonymous@discussions.microsoft.com> wrote in message news:019b01c47b12$9bd5e2d0$3a01280a@phx.gbl... > Just applied this update to our DC and it still did not > resolve the issue. I followed your directions exact! > What now? > > Thanks > JC > > > >>-----Original Message----- >>Hi all >> >>The hotfix is now correctly packaged and associated with > the following >>article: >> >>842804 Group Policy processing does not work and events > 1030 and 1058 are >>http://support.microsoft.com/?id=842804 >> >>Kind regards >>-- >>Mark Renoden [MSFT] >>Windows Platform Support Team >>Email: markreno@online.microsoft.com >> >>Please note you'll need to strip ".online" from my email > address to email >>me; I'll post a response back to the group. >> >>This posting is provided "AS IS" with no warranties, and > confers no rights. >> >>"JohnC." <johnnychandler1@hotmail.com> wrote in message >>news:%23PDYMG7TEHA.1472@TK2MSFTNGP12.phx.gbl... >>> Hi, I ran into a problem similar to this. It turned out > that the error was >>> related to the fact that we were running a logon.bat > that redirected the >>> computer to \\Central-7\... the problem was that > somebody had fat figured >>> an >>> entry in a host file. Check and make sure that you > don't have any entries >>> in >>> your host file. Just a thought >>> "Mark Renoden [MSFT]" <markreno@online.microsoft.com> > wrote in message >>> news:uxWWc0CSEHA.1936@TK2MSFTNGP10.phx.gbl... >>>> Hi Anthony >>>> >>>> To clarify your questions: >>>> >>>> 3. Open Active Directory Users and Computers and right- > click the Domain >>>> Controllers container. Navigate to the Group Policy > tab and edit the >>>> "Domain Controller Security Policy". Navigate to > Windows Settings -> >>>> Security Settings -> Local Policies -> User Rights > Assignment. Ensure >>> that >>>> "Bypass Traverse Checking" includes the "Everyone" > group (Apologies for >>>> missing this earlier). >>>> >>>> 7. I've attached a full list of ACL's from C:\ down to > GPT.ini as they >>>> appear by default on Windows Server 2003. >>>> >>>> 8. Not sure why this is (haven't seen it before). > Have you applied any >>>> security templates to this server? >>>> >>>> 9. and 10. It's worth testing these steps just to see > if this is related >>> to >>>> the issue. >>>> >>>> As I mentioned in a follow up post earlier, the hotfix > that's available >>>> is >>>> specific to the "Access Denied" error described in > 830676. If this isn't >>>> the event description you're seeing, please provide > the event >>>> descriptions >>>> for the 1030's and the 1058's. >>>> >>>> Kind regards >>>> -- >>>> Mark Renoden [MSFT] >>>> Windows Platform Support Team >>>> Email: markreno@online.microsoft.com >>>> >>>> Please note you'll need to strip ".online" from my > email address to email >>>> me; I'll post a response back to the group. >>>> >>>> This posting is provided "AS IS" with no warranties, > and confers no >>> rights. >>>> >>>> >>>> <boxster@antamy.com> wrote in message >>>> news:dZGdnUdDIJ9tPyHd3cwC-g@speakeasy.net... >>>> > >>>> > On 31-May-2004, "Mark Renoden [MSFT}" > <markreno@online.microsoft.com> >>>> > wrote: >>>> > >>>> >> Hi Anthony >>>> >> >>>> >> To my knowledge, there are a number of factors that > may be the cause >>>> >> of >>>> >> this issue. One of these is a bug but it's best to > check the >>>> >> following >>>> >> before >>>> >> obtaining the related fix from Microsoft: >>>> > >>>> > >>>> > Mark - thanks for the response. I've gone through > your list and have >>> some >>>> > additional questions / clarifications (see below). >>>> > >>>> > Anthony >>>> > >>>> >> 1. That both DC's point to the same server as the > preferred DNS >>>> >> server. >>>> > >>>> > I only have one DC - it points to itself as the DNS > server >>>> > >>>> > >>>> >> 2. Ensure that "Digitally sign server communication > (always)" and >>>> >> "Digitally sign server communication (when > possible)" match on all >>>> >> DC's >>>> >> in >>>> >> the "Local >>>> >> >>>> >> Security Policy" -> Windows Settings -> Security > Settings -> Local >>>> >> Policies -> Security Options. Default settings are: >>>> >> >>>> >> Microsoft Network Client: Digitally Sign > Communication (always) >>>> >> Microsoft Network Client: Digitally Sign > Communication (if server >>>> >> agrees) >>>> >> Microsoft Network Server: Digitally Sign > Communication (always) >>>> >> Microsoft Network Server: Digitally Sign > Communication (if client >>>> >> agrees) >>>> >> >>>> > >>>> > These are all set to "Disabled" >>>> > >>>> >> 3. In the "Domain Controller Security Policy", > ensure that Windows >>>> >> Settings -> Security Settings -> Local Policies -> > User Rights >>> Assignment >>>> >> includes the "Everyone" group. >>>> > >>>> > Can you clarify which policy / policies should have > Everyone assigned >>>> > to >>>> > them ? >>>> > >>>> >> 4. If any DC's use a Gigabit NIC, try updating the > driver or an >>> alternate >>>> >> device? >>>> > >>>> > Not applicable >>>> > >>>> >> 5. Ensure that the Netlogon service on all DC's is > set to "Automatic" >>>> >> startup and that the service is successfully > starting. >>>> > >>>> > It is >>>> > >>>> >> 6. Ensure that the Distributed File System service > on all DC's is set >>> to >>>> >> "Automatic" startup and that the service is > successfully starting. >>>> > >>>> > It is >>>> > >>>> >> 7. Ensure that Administrators and System have Full > Control access to >>> the >>>> >> GPT.INI file and the full directory path specified > in the events? >>>> > >>>> > Done, although I had to add Administrators to the > list (the directory >>>> > wasn't >>>> > inheriting from the parent) >>>> > >>>> >> 8. Provided you don't currently have anything > important set in the >>>> >> Default >>>> >> >>>> >> Domain or Default Domain Controllers policies, try > running the >>> following >>>> >> on the PDC emulator. NOTE: This will completely > replace the existing >>>> >> policies with the defaults. >>>> >> >>>> >> dcgpofix /target:both >>>> > >>>> > This fails with the message : >>>> > >>>> > Unable to read EFS certificates from Registry.pol > file of Default >>>> > Domain >>>> > Policy. The error was >>>> > The network path was not found. >>>> > >>>> > I assume that this is related to the underlying > issue. I ran dcgpofix >>> on >>>> > the DC. >>>> > >>>> >> 9. Ensure that Remote Desktop Sharing is not > enabled (Properties of My >>>> >> Computer -> Remote Tab -> Uncheck "Allow users to > connect remotely to >>>> >> this >>>> >> >>>> >> computer." Click OK. >>>> > >>>> > This is enabled (for admin purposes). Is it really > a factor in this >>>> > problem >>>> > ? >>>> > >>>> >> >>>> >> 10. Ensure that Offline Files are enabled (Open > Windows Explorer -> >>> Tools >>>> >> Menu -> Folder Options -> Offline Files Tab -> > check "Enable Offline >>>> >> Files" >>>> >> and "Synchronize all offline files when logging > on."). Click OK. >>>> > >>>> > This can't be enabled due to the Remote Desktop > sharing >>>> > >>>> >> >>>> >> Failing these steps, contact Microsoft and request > the hotfix >>> associated >>>> >> with knowledge the following knowledge base article: >>>> >> >>>> >> 830676 Group Policy processing fails with > Events 1058 and 1030 in >>>> >> Windows >>>> >> http://support.microsoft.com/?id=830676 >>>> >> >>>> >> While this article does not specifically state > there is a hotfix >>>> >> available >>>> >> >>>> >> for the issue, I've provided it in a couple of > cases and this has >>>> >> resolved >>>> >> >>>> >> the problem. >>>> >> >>>> >> Kind regards >>>> >> -- >>>> >> Mark Renoden [MSFT] >>>> >> Windows Platform Support Team >>>> >> Email: markreno@online.microsoft.com >>>> >> >>>> >> Please note you'll need to strip ".online" from my > email address to >>> email >>>> >> me; I'll post a response back to the group. >>>> > >>>> >> and "Synchronize all offline files when logging > on."). Click OK. >>>> >> >>>> >> Failing these steps, contact Microsoft and request > the hotfix >>> associated >>>> >> with knowledge the following knowledge base article: >>>> >> >>>> >> 830676 Group Policy processing fails with > Events 1058 and 1030 in >>>> >> Windows >>>> >> http://support.microsoft.com/?id=830676 >>>> >> >>>> >> While this article does not specifically state > there is a hotfix >>>> >> available >>>> >> >>>> >> for the issue, I've provided it in a couple of > cases and this has >>>> >> resolved >>>> >> >>>> >> the problem. >>>> >> >>>> >> Kind regards >>>> >> -- >>>> >> Mark Renoden [MSFT] >>>> >> Windows Platform Support Team >>>> >> Email: markreno@online.microsoft.com >>>> > . >>>> >>>> >>>> >>> >>> >> >> >>. >>
- Next message: Mark Renoden [MSFT]: "Re: Duplicating Policy"
- Previous message: Sidney: "using global policy in a windows 2000 domain"
- In reply to: admin_at_pclantechs.com: "Re: Re: Event IDs 1030 & 1058 (again)"
- Next in thread: Jerry Beers: "Re: Re: Event IDs 1030 & 1058 (again)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
