Re: Help with GPO problem! PLEASE!!
- From: "Adam" <Adam@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 22 Sep 2005 21:08:01 -0700
I know it sounds like a sysvol share issue or permissions, but I checked it
ten times.
The DNS looks like this:
Name Type Data
APEX HostA 192.168.10.3
APEX HostA WAN IP (Static)
(same as parent) HostA 192.168.10.3
(same as parent) HostA WAN IP (Static)
(same as parent) Name Server (NS) apex.executivereports.com
(same as parent) Start of Authority (SOA) [51585] apex.executivereports.com
"Steven L Umbach" wrote:
> It still sounds like a problem with the sysvol share or permissions to it.
> The other thing to check is to make sure that dns is configured on your
> domain controller in that it should point to itself by it's static IP
> address as it's preferred dns server and to make sure that there are NO ISP
> dns servers listed there. Also use services.msc to make sure that the
> distributed file system, file replication service, and tcp/ip netbios helper
> service services are all started and try rebooting the server if you have
> not done such lately. Beyond that I am running out of ideas and suggest that
> you may also want to post in the Active Directory newsgroup. --- Steve
>
>
> "Adam" <Adam@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:4FEEAA6B-CC1E-43A3-996B-671F6F5DF6B8@xxxxxxxxxxxxxxxx
> > If I try the GPMC and create a new GPO, I get:
> >
> > Windows cannot find the network path. Verify that the network path is
> > correct and the destination computer is not busy or turned off. If Windows
> > still cannot find the network path, contact your network administrator.
> >
> >
> >
> > "Steven L Umbach" wrote:
> >
> >> What I mean by a new GPO is not one to replace one of the default GPO's
> >> but
> >> an additional one. The procedure differs depending on if you have the
> >> Group
> >> Policy Man Console or not. If you don't use GPMC then open ADUC to select
> >> the domain or an Organizational Unit, right click and select properties,
> >> select Group Policy, select new and choose a name for your new Group
> >> Policy.
> >> If you are using GPMC open it, select the domain or an OU, right click
> >> and
> >> select create an link a GPO here. You should also be able to access the
> >> sysvol share in My Network Places and drill down to the Group Polices and
> >> all the subfolders including opening the registry.pol file in the machine
> >> folder for the default domain policy that starts with 31B2F... You should
> >> be
> >> able to open it with notepad though it will look like gibberish text with
> >> the exception of the top line might display
> >> \software\polices\Microsoft\systemcertificates. --- Steve
> >>
> >>
> >> "Adam" <Adam@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:1D25114E-F7A8-49C7-9DA1-78C14F3931C3@xxxxxxxxxxxxxxxx
> >> >I did dcdiag, but I will try replmon. How do I create a new GPO? I tried
> >> >to
> >> > do DCGPOFIX. I did fix the sysvol share to full control and everything
> >> > for
> >> > the SYSTEM and administrator. I did what I found on the TechNET. This
> >> > is
> >> > why
> >> > I am stumped.
> >> >
> >> > "Steven L Umbach" wrote:
> >> >
> >> >> Can you create a new GPO?? If so use it to compare permissions to the
> >> >> two
> >> >> default GPO's by going to [in Active Directory Users and Computers]
> >> >> system/policies where you will see the guids of the GPO's. Advanced
> >> >> features
> >> >> in view will need to be enabled if it is not already. You can right
> >> >> click
> >> >> a
> >> >> guid and select properties/security to see and manage security on a
> >> >> GPO.
> >> >> You
> >> >> also might try using replmon, add your domain controller to the list
> >> >> of
> >> >> monitored servers and check "show Group Policy status" to see what is
> >> >> shown
> >> >> there. If you have not done so yet also run the support tool dcdiag.
> >> >> Make
> >> >> sure that administrators and system have full control ntfs permissions
> >> >> to
> >> >> the full sysvol folder structure and all files and that administrators
> >> >> have
> >> >> full control share permissions for sysvol share. --- Steve
> >> >>
> >> >>
> >> >> "Adam" <Adam@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> >> news:7AD7E9E8-D06A-4795-8D41-FD85D08EF7A2@xxxxxxxxxxxxxxxx
> >> >> > Hi all! I am racking my brain on this problem with a Windows 2003
> >> >> > Standard
> >> >> > server. Basically, it was setup fresh by another IT company and this
> >> >> > problem
> >> >> > never got corrected. I cannot setup permissions and security in the
> >> >> > Domain
> >> >> > Controller Security Policy or the GPO. I have done and searched
> >> >> > every
> >> >> > thing
> >> >> > on the board that I can find. I have done a lot of things. i was
> >> >> > wondering
> >> >> > if
> >> >> > anyone could HELP!! I do not want to have to redo an entire server
> >> >> > this
> >> >> > weekend!!
> >> >> >
> >> >> > Here is everything that I have done! Thanks for any insight to this
> >> >> > problem!!
> >> >> >
> >> >> > NetDiag - ALL PASSED
> >> >> >
> >> >> > NetBT name test - PASSED
> >> >> > [WARNING] You don't have a single interface with the <00>
> >> >> > 'Workstation
> >> >> > Service', <03> Messenger Service, <20> WINS names defined
> >> >> >
> >> >> > GPOTOOL:
> >> >> > Validating DCs...
> >> >> > Error: DC list is empty
> >> >> >
> >> >> > SysVol: has all correct subfolders and folders associated with GUIDs
> >> >> > and
> >> >> > domain name
> >> >> >
> >> >> > Attempted to manually restore the policies
> >> >> > Attempted to automatically restore to default policies
> >> >> >
> >> >> > DCGPOFIX: Unable to read EFS certificates from Registry.pol file of
> >> >> > the
> >> >> > Default Domain Policy. The error was
> >> >> > Configuration information could not be read from the domain
> >> >> > controller,
> >> >> > either because the machine is unavailable, or access has been
> >> >> > denied.
> >> >> > The restore failed.
> >> >> >
> >> >> > Domain Controller Security Policy: Failed to open the Group Policy
> >> >> > Object.
> >> >> > You may not have approriate rights.
> >> >> > Windows cannot find the network path. Verify that the network path
> >> >> > is
> >> >> > correct and the destination computer is not busy or turned off. If
> >> >> > Windows
> >> >> > still cannot find the network path, contact your network
> >> >> > administrator
> >> >> >
> >> >> > Event Log errors: 1030 & 1058
> >> >> > Windows cannot query for the list of Group Policy objects. Check the
> >> >> > event
> >> >> > log for possible messages previously logged by the policy engine
> >> >> > that
> >> >> > describes the reason for this.
> >> >> >
> >> >> > Windows cannot access the file gpt.ini for GPO
> >> >> > CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=executivereports,DC=com.
> >> >> > The file must be present at the location
> >> >> > <\\executivereports.com\sysvol\executivereports.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
> >> >> > (Configuration information could not be read from the domain
> >> >> > controller,
> >> >> > either because the machine is unavailable, or access has been
> >> >> > denied. ).
> >> >> > Group Policy processing aborted.
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
.
- References:
- Re: Help with GPO problem! PLEASE!!
- From: Steven L Umbach
- Re: Help with GPO problem! PLEASE!!
- From: Adam
- Re: Help with GPO problem! PLEASE!!
- From: Steven L Umbach
- Re: Help with GPO problem! PLEASE!!
- From: Adam
- Re: Help with GPO problem! PLEASE!!
- From: Steven L Umbach
- Re: Help with GPO problem! PLEASE!!
- Prev by Date: Re: Help with GPO problem! PLEASE!!
- Next by Date: Re: Local Administrators group
- Previous by thread: Re: Help with GPO problem! PLEASE!!
- Next by thread: Re: Help with GPO problem! PLEASE!!
- Index(es):
Relevant Pages
|
Loading
