USERENV Events 1030/1058 Access Denied to GPT.ini

OK... I have been reading through countless articles to figure out if
I should be troubleshooting the DC or something else. Let me fill you
in:

AD 2003 SP2, two DC's. Only one DC getting the event errors. Errors
started appearing after I applied HP's Proliant Service Pack (drivers)
to fix a BSOD issue I was getting with their NIC teaming software.

Since then, I am getting a pile of Userenv errors and I am at a loss
as to where I should be focusing my efforts. Here is what I have done
so far:

- Ensured the HP teamed interface is at the top of the NIC binding
order.
- Ensured that I can make a change to the GPO via GPMC and get no
errors
- Ensured that once I make those changes, the GPO updates in the
\Policies folders on each DC
- FRS and DS logs are nice and clean (above test shows FRS working
correcltly)
- DCDIAG and NETDIAG come back nice and clean on both DCs
- Ensured that the privileges on the SYSVOL matched the privileges
from the DC that is not having an issue.
- Ensured that the privileges on the SYSVOL match that of another
working AD2003 install.
- Ensured that Computer and User objects have Read privs to the SYSVOL
folder.
- Ensured that I can access \policies using unc paths like \\FQDN
\sysvol and \\DC-01\sysvol

Now what I haven't done is:

- use the /PurgeMupCache due it being only a temp fix
- break the NIC team and run it with only one NIC enabled
- been able to understand from KB842804 if the WaitForNetwork is a PC
or DC "fix"

My greatest frustration is trying to determine exactly why only one DC
is reporting the error. Am I to assume that workstations that are
trying to read the GPOs from this DC are getting an Access Denied and
it's being logged every 5 minutes? The fact that it is every 5
minutes makes me suspect the DC is having a problem but it can browse
it's own c:\windows\sysvol structure just fine.

Thanks for taking the time to read.
Kevin

.

Relevant Pages

  • Re: USERENV Events 1030/1058 Access Denied to GPT.ini
    ... to fix a BSOD issue I was getting with their NIC teaming software. ... Ensured that I can make a change to the GPO via GPMC and get no ... Ensured that the privileges on the SYSVOL matched the privileges ...
    (microsoft.public.windows.server.active_directory)
  • Re: New GPO Not Recognized by Clients
    ... The most likely scenario here is that the SYSVOL portion of the GPO is not replicating to those DCs. ... Script Group Policy Settings with the GPExpert Scripting Toolkit for PowerShell! ...
    (microsoft.public.windows.server.active_directory)
  • Re: Group Policy Sysvol Disk Space
    ... By far the biggest consumer of disk space in SYSVOL is likely the ADM files that get stored with each GPO. ... Most of the other GP settings storage in SYSVOL takes up much less space, at least an order of magnitude smaller. ... You can also configure policy in XP/2003 such that no ADMs are stored per GPO, but unfortunately that currently requires all GPO editing be done from 2003 systems, because that is the only version where the policy directing GP Editor to look locally for ADMs takes effect. ...
    (microsoft.public.windows.server.active_directory)
  • Re: problem with replication of GPO
    ... create a new GPO on DC2 and see if it replicates on DC1. ... in fact it is created in DC1 sysvol share and not on DC2. ...
    (microsoft.public.win2000.active_directory)
  • Re: windows file association types in registry?
    ... I am using a default user profile in the sysvol folder to fix ... this, it is for future installs only, so that will do it. ... MS should make a GPO to do this. ... > registry changes. ...
    (microsoft.public.win2000.registry)
Loading