Re: Windows cannot query for the list of Group Policy objects.
- From: "Christoffer Andersson [MVP]" <nospam_christoffer@xxxxxxxxxx>
- Date: Wed, 18 Jan 2006 11:01:09 +0100
Hello Johan,
Can you please tell us little bit more about your environment. How many DCs
do you have? if more than one is replication working? Is there a duplicated
name on the network. Has there been two servers with the same name in the
past?
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
----------------------------------------------------------------
"Johan Strange" <JohanStrange@xxxxxxxxxxxxxxxxxxxxxxxxx> skrev i meddelandet
news:6ECD4842-6EF4-486F-8A14-4F1A5A11AD2E@xxxxxxxxxxxxxxxx
> Hi,
>
> I have a Server running SBS2003. Yesterday users reported that they could
> not log onto their Exchange mailboxes. The event logs showed many errors
such
> as:
>
> Event id: 7 .The Security Account Manager failed a KDC request in an
> unexpected way. The error is in the data field. The account name was
server1$
> and lookup type 0x0.
>
> Event id: 4. The kerberos client received a KRB_AP_ERR_MODIFIED error from
> the server host/emico1.emico.local. The target name used was
> ldapserver1.domain.local/domain.local@xxxxxxxxxxxxx This indicates that
the
> password used to encrypt the kerberos service ticket is different than
that
> on the target server. Commonly, this is due to identically named machine
> accounts in the target realm (domain.LOCAL), and the client realm.
Please
> contact your system administrator.
>
> Event id 5781. Dynamic registration or deletion of one or more DNS records
> associated with DNS domain etc
>
> Event id. 40960. The Security System detected an authentication error for
> the server cifs/server1. The failure code from authentication protocol
> Kerberos was "The attempted logon is invalid. This is either due to a bad
> username or authentication information.
> (0xc000006d)".
>
> There where a lot of additional errors relating to the Servers failure to
> access a GC and the Directory Services. For instance DNS would not display
> its Active Directory Integrated zones.
>
> I am unsure what the cause was however I resolved this by resetting the
> machine account using netdom resetpwd. However now I can not open GPOs is
> GPMC. I get the error "Failed to open the group policy object. You may not
> have appropriate right". I can open the SYSvol share without issue. I am
also
> getting event id: 1030.
>
> Windows cannot query for the list of Group Policy objects. Check the event
> log for possible messages previously logged by the policy engine that
> describes the reason for this.
>
> And event id 1058 . Windows cannot access the file gpt.ini for GPO
>
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC
=local.
> The file must be present at the location
>
<\\domain.local\sysvol\domain.local\Policies\{31B2F340-016D-11D2-945F-00C04F
B984F9}\gpt.ini>.
> (Configuration information could not be read from the domain controller,
> either because the machine is unavailable, or access has been denied. ).
> Group Policy processing aborted.
>
> Has anyone seen this before, I have exhausted web resources and tried a
few
> KBA's.
>
> Regards Johan
>
>
>
>
.
- Follow-Ups:
- Re: Windows cannot query for the list of Group Policy objects.
- From: Johan Strange
- Re: Windows cannot query for the list of Group Policy objects.
- Prev by Date: Re: ISA 2004 on DC computer?
- Next by Date: Re: Restricting AD Client requests from un-mapped subnets
- Previous by thread: Re: Passfilt questions
- Next by thread: Re: Windows cannot query for the list of Group Policy objects.
- Index(es):
Relevant Pages
|
