Re: Windows cannot query for the list of Group Policy objects.
- From: "Johan Strange" <JohanStrange@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 19 Jan 2006 01:00:02 -0800
Hi, SBS supports only one DC.
"Christoffer Andersson [MVP]" wrote:
> Hello Johan,
> Can you please tell us little bit more about your environment. How many DCs
> do you have? if more than one is replication working? Is there a duplicated
> name on the network. Has there been two servers with the same name in the
> past?
>
> --
> Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
> ----------------------------------------------------------------
> "Johan Strange" <JohanStrange@xxxxxxxxxxxxxxxxxxxxxxxxx> skrev i meddelandet
> news:6ECD4842-6EF4-486F-8A14-4F1A5A11AD2E@xxxxxxxxxxxxxxxx
> > Hi,
> >
> > I have a Server running SBS2003. Yesterday users reported that they could
> > not log onto their Exchange mailboxes. The event logs showed many errors
> such
> > as:
> >
> > Event id: 7 .The Security Account Manager failed a KDC request in an
> > unexpected way. The error is in the data field. The account name was
> server1$
> > and lookup type 0x0.
> >
> > Event id: 4. The kerberos client received a KRB_AP_ERR_MODIFIED error from
> > the server host/emico1.emico.local. The target name used was
> > ldapserver1.domain.local/domain.local@xxxxxxxxxxxxx This indicates that
> the
> > password used to encrypt the kerberos service ticket is different than
> that
> > on the target server. Commonly, this is due to identically named machine
> > accounts in the target realm (domain.LOCAL), and the client realm.
> Please
> > contact your system administrator.
> >
> > Event id 5781. Dynamic registration or deletion of one or more DNS records
> > associated with DNS domain etc
> >
> > Event id. 40960. The Security System detected an authentication error for
> > the server cifs/server1. The failure code from authentication protocol
> > Kerberos was "The attempted logon is invalid. This is either due to a bad
> > username or authentication information.
> > (0xc000006d)".
> >
> > There where a lot of additional errors relating to the Servers failure to
> > access a GC and the Directory Services. For instance DNS would not display
> > its Active Directory Integrated zones.
> >
> > I am unsure what the cause was however I resolved this by resetting the
> > machine account using netdom resetpwd. However now I can not open GPOs is
> > GPMC. I get the error "Failed to open the group policy object. You may not
> > have appropriate right". I can open the SYSvol share without issue. I am
> also
> > getting event id: 1030.
> >
> > Windows cannot query for the list of Group Policy objects. Check the event
> > log for possible messages previously logged by the policy engine that
> > describes the reason for this.
> >
> > And event id 1058 . Windows cannot access the file gpt.ini for GPO
> >
> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC
> =local.
> > The file must be present at the location
> >
> <\\domain.local\sysvol\domain.local\Policies\{31B2F340-016D-11D2-945F-00C04F
> B984F9}\gpt.ini>.
> > (Configuration information could not be read from the domain controller,
> > either because the machine is unavailable, or access has been denied. ).
> > Group Policy processing aborted.
> >
> > Has anyone seen this before, I have exhausted web resources and tried a
> few
> > KBA's.
> >
> > Regards Johan
> >
> >
> >
> >
>
>
>
.
- References:
- Re: Windows cannot query for the list of Group Policy objects.
- From: Christoffer Andersson [MVP]
- Re: Windows cannot query for the list of Group Policy objects.
- Prev by Date: Re: ADMT V3 - Service Account Migration
- Next by Date: Opinions on Managing Accounts for Leavers
- Previous by thread: Re: Windows cannot query for the list of Group Policy objects.
- Next by thread: Re: ADMT V3 - Service Account Migration
- Index(es):
Relevant Pages
|
