RE: USERENV error - Group Policy

Thankyou for your reply David,

Yes, checked those already... Netlogon and DFS services were started, Domain
controllers already have read/apply on the Default Domain Controller policy
and on other policies.

Interestingly, I've moved the affected server into a different container,
with no AD policies attached. I don't get the error. As soon as I add a
policy to this container and do a gpupdate, I get the error on the server.
None of my other servers are affected with this problem.



"David" wrote:

Hello Nadia,

Have you tried basically with:
Netlogon and DFS services are started and
Domain controllers have the read and apply rights to the Domain Controllers
Policy.

Otherwise, whether the DC has two NICs, Have you check the Bindings(Opening
Network Connections and going to Advanced -> Advanced Setings) and execute
gpupdate /force command.


--
Good luck!!

David Martinez
MCSE, MCSA 2003, 2000



"Nadia" wrote:

I'm getting the following error on two of my domain member

servers (both win2k3sp1):

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 6.12.2006
Time: 9:01:57
User: NT AUTHORITY\SYSTEM
Computer: RIVER03
Description:
Windows cannot access the file gpt.ini for GPO

CN={33B07064-3C8C-4337-BD6A-3425D3FB0B18},CN=Policies,CN=System,DC=river,DC=local.
The file must be present at the location
<\\river.local\SysVol\river.local\Policies\{33B07064-3C8C-4337-BD6A-3425D3FB0B18}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

I've checked numerous settings as follows:

- that the folder is actually accessible, and the file actually exists
- registry settings on these client machines pertaining to SMB signing:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
enablesecuritysignature 1
requiresecuritysignature 0
- SMB signing group policy at
Computer Configuration/Windows Settings/Security Settings/Local
Policies/Security Options
- DNS settings
- Permissions on the SYSVOL share
- NetBIOS helper service


Everything appears to be in order, but I'm still getting the USERENV error
either every 1.5 hours or so, or when I force a GP update.

Please help!


.

Relevant Pages

  • Re: Default Domain password policy issue
    ... The domain controllers are members of authenticated users. ... as for applied Group Policy objects for computer settings. ... Policy replication/version problems. ... The settings in this GPO can only apply to the following groups, users, ...
    (microsoft.public.windows.group_policy)
  • Re: Registry tatooing
    ... I'm working on a utility that will clean up GP policies and preferences. ... Speed Group Policy Troubleshooting with the NEW GPHealth Reporter tool at http://www.sdmsoftware.com/products.php ... Administrative policies work very similar to NT4 System Policies. ... Well, to his disliking, the settings remained. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Local GPO refreshes outside of refresh interval
    ... I looked through my GPO's Windows Settings section ... > Some policies, including IE policies, have a checkbox that defines if this ... > it should apply EVEN if the value defined in GPO did not change since the ... we are talking about one particular policy: ...
    (microsoft.public.windows.group_policy)
  • Re: Default Domain Policy Doesnt Apply
    ... Also to add that Group Policies are by default applied in this ... level will be overriden by any defined settings at the site, domain, OU ... account policies] are not being applied to the domain controllers since they ... > password and lockout policy can ony be set at the domain level for domain ...
    (microsoft.public.win2000.group_policy)
  • Re: Registry tatooing
    ... It can list and clean true policies, ... Speed Group Policy Troubleshooting with the NEW GPHealth Reporter tool at http://www.sdmsoftware.com/products.php ... Well, to his disliking, the settings remained. ...
    (microsoft.public.windows.server.active_directory)