Re: USERENV error - Group Policy

Thanks for your reply Jorge,
-Netlogon and DFS were already started
-Domain controllers have read/apply on DC policy (this policy includes the
correct bypass traverse settings)
-SYSVOL share/NTFS permissions are set correctly (inc. special permissions
and subfolders)
-EventID 1000/1001 is not logged in the App Log.
-DNS records for Domain Controllers is correct
-dfsutil /purgemupcache performed several times with no effect.
-latest SP & latest updates installed.
-I added the WaitForNetwork setting to the registry with no effect
-I've also examined the SMB signing settings, added the registry settings
with no effect.

I've also confirmed it isn't a problem with the policy itself, I've created
new policies all with the same result.

Anything else I should have looked at?


"Jorge Silva" wrote:

Hi
If Domain Controller
*Make sure that the following components are started:
-Netlogon and DFS services are started.
-Domain controllers have the read and apply rights to the Domain Controllers
Policy.
-NTFS file system permissions and share permissions are set correctly on the
Sysvol share.
Event ID 1000, 1001 is logged every five minutes in the Application event
log
http://support.microsoft.com/Default.aspx?id=290647
-DNS entries are correct for the domain controllers
-From cmd, type dfsutil /PurgeMupCache, and then press ENTER.
Make sure that you’ve the latest Service Pack Installed.
http://support.microsoft.com/kb/889100/
Also take a look ate Registry Change (WaitForNetwork) as described here
Group Policy processing does not work and events 1030 and 1058 are logged in
the Application log of a domain controller
http://support.microsoft.com/kb/842804/en-us
Some situations a warning is also logged in Event Viewer:
Event ID: 3019
Source: MRxSmb
Description: The redirector failed to determine the connection type.
Error message: "The redirector failed to determine the connection type"
http://support.microsoft.com/kb/315244/en-us
-------------------------------------------------
If Clients Windows 2003,Xp,2000:
Applying Group Policy causes Userenv errors and events to occur on your
computers that are running Windows Server 2003, Windows XP, or Windows 2000
http://support.microsoft.com/kb/887303
Group policies are not applied the way you expect; "Event ID 1058" and
"Event ID 1030" errors in the application log
http://support.microsoft.com/kb/314494/en-us
-------------------------------------------------
SBSSmall Business Server 2003 computer
http://support.microsoft.com/kb/888943/en-us
--
*************************************************
I hope that the information above helps you
Good Luck

Jorge Silva

MCSA + Exchange + MSCE
*************************************************

"Nadia" <Nadia@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DE0EFD98-6D0F-47EF-8E90-3485D11ECC7D@xxxxxxxxxxxxxxxx
I'm getting the following error on two of my domain member

servers (both win2k3sp1):

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 6.12.2006
Time: 9:01:57
User: NT AUTHORITY\SYSTEM
Computer: RIVER03
Description:
Windows cannot access the file gpt.ini for GPO

CN={33B07064-3C8C-4337-BD6A-3425D3FB0B18},CN=Policies,CN=System,DC=river,DC=local.
The file must be present at the location
<\\river.local\SysVol\river.local\Policies\{33B07064-3C8C-4337-BD6A-3425D3FB0B18}\gpt.ini>.
(Access is denied. ). Group Policy processing aborted.

I've checked numerous settings as follows:

- that the folder is actually accessible, and the file actually exists
- registry settings on these client machines pertaining to SMB signing:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
enablesecuritysignature 1
requiresecuritysignature 0
- SMB signing group policy at
Computer Configuration/Windows Settings/Security Settings/Local
Policies/Security Options
- DNS settings
- Permissions on the SYSVOL share
- NetBIOS helper service


Everything appears to be in order, but I'm still getting the USERENV error
either every 1.5 hours or so, or when I force a GP update.

Please help!




.

Relevant Pages

  • Re: Automated logoff using Winexit.scr
    ... New OU - New Policy ... Settings: Configure this key then Propogate inheritable permissions to ... Permissions granted: Authenticated Users: Read/Special ... test GPO linked to it trying to accomplish that and move a couple computers ...
    (microsoft.public.windows.group_policy)
  • Re: USERENV error - Group Policy
    ... However, as per instructions, I've set these permissions correctly. ... policy object in AD. ... folder and GPO, returning the security to normal settings, did another GP ... -Domain controllers have the read and apply rights to the Domain Controllers ...
    (microsoft.public.windows.server.active_directory)
  • Re: USERENV error - Group Policy
    ... policy object in AD. ... folder and GPO, returning the security to normal settings, did another GP ... -Domain controllers have read/apply on DC policy (this policy includes the ... If Clients Windows 2003,Xp,2000: ...
    (microsoft.public.windows.server.active_directory)
  • Re: Automated logoff using Winexit.scr
    ... Permissions on Existing Subkeys" radio button, ... New OU - New Policy ... Settings: Configure this key then Propogate inheritable permissions to ... Permissions(Set Value and Create Subkey) on This key and subkeys. ...
    (microsoft.public.windows.group_policy)
  • Re: File perms & group policy problem
    ... >> I think you have the solution already, which is to force policy ... >> The worst case scenario is that you have the settings open for 90 ... >>> I'm setting the file permissions on some files on a PC using the ... >>> alongside the software installation then the file's don't get their ...
    (microsoft.public.windows.group_policy)