Re: event 1058 - group policy error



Hi Blake,
You DCdiag looks clean..
Are you still having the issue?
If so, see if this helps you track down a root cause:
http://technet2.microsoft.com/windowsserver2008/en/library/08ecc8cb-1bd3-4acd-b93e-75021b605cec1033.mspx?mfr=true


Regards,

Austin
"Duffey, Blake" <blake.duffey@xxxxxxxxxx> wrote in message
news:OLDMU4KFIHA.4028@xxxxxxxxxxxxxxxxxxxxxxx

Domain Controller Diagnosis

Performing initial setup:
* Connecting to directory service on server malamute.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\MALAMUTE
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... MALAMUTE passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\MALAMUTE
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration,DC=longwood,DC=edu
Latency information for 10 entries in the vector were
ignored.
10 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=longwood,DC=edu
Latency information for 10 entries in the vector were
ignored.
10 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=longwood,DC=edu
Latency information for 11 entries in the vector were
ignored.
10 were retired Invocations. 1 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... MALAMUTE passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC MALAMUTE.
* Security Permissions Check for
DC=DomainDnsZones,DC=ac,DC=longwood,DC=edu
(NDNC,Version 2)
* Security Permissions Check for
DC=ForestDnsZones,DC=longwood,DC=edu
(NDNC,Version 2)
* Security Permissions Check for
DC=ac,DC=longwood,DC=edu
(Domain,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=longwood,DC=edu
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=longwood,DC=edu
(Configuration,Version 2)
* Security Permissions Check for
DC=longwood,DC=edu
(Domain,Version 2)
......................... MALAMUTE passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\MALAMUTE\netlogon
Verified share \\MALAMUTE\sysvol
......................... MALAMUTE passed test NetLogons
Starting test: Advertising
The DC MALAMUTE is advertising itself as a DC and having a DS.
The DC MALAMUTE is advertising as an LDAP server
The DC MALAMUTE is advertising as having a writeable directory
The DC MALAMUTE is advertising as a Key Distribution Center
The DC MALAMUTE is advertising as a time server
The DS MALAMUTE is advertising as a GC.
......................... MALAMUTE passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=HUSKY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu
Role Domain Owner = CN=NTDS
Settings,CN=HUSKY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu
Role PDC Owner = CN=NTDS
Settings,CN=SCOOBY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu
Role Rid Owner = CN=NTDS
Settings,CN=SCOOBY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SCOOBY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu
......................... MALAMUTE passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* scooby.ac.longwood.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2130
......................... MALAMUTE passed test RidManager
Starting test: MachineAccount
Checking machine account for DC MALAMUTE on DC MALAMUTE.
* SPN found :LDAP/malamute.ac.longwood.edu/ac.longwood.edu
* SPN found :LDAP/malamute.ac.longwood.edu
* SPN found :LDAP/MALAMUTE
* SPN found :LDAP/malamute.ac.longwood.edu/AC
* SPN found
:LDAP/821eec5c-4a09-454e-9978-e3878b2e14b9._msdcs.longwood.edu
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/821eec5c-4a09-454e-9978-e3878b2e14b9/ac.longwood.edu
* SPN found :HOST/malamute.ac.longwood.edu/ac.longwood.edu
* SPN found :HOST/malamute.ac.longwood.edu
* SPN found :HOST/MALAMUTE
* SPN found :HOST/malamute.ac.longwood.edu/AC
* SPN found :GC/malamute.ac.longwood.edu/longwood.edu
......................... MALAMUTE passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... MALAMUTE passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
MALAMUTE is in domain DC=ac,DC=longwood,DC=edu
Checking for CN=MALAMUTE,OU=Domain
Controllers,DC=ac,DC=longwood,DC=edu in domain DC=ac,DC=longwood,DC=edu on
1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=MALAMUTE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu
in domain CN=Configuration,DC=longwood,DC=edu on 1 servers
Object is up-to-date on all servers.
......................... MALAMUTE passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... MALAMUTE passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... MALAMUTE passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... MALAMUTE passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... MALAMUTE passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=MALAMUTE,OU=Domain Controllers,DC=ac,DC=longwood,DC=edu and

backlink on


CN=MALAMUTE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu

are correct.
The system object reference (frsComputerReferenceBL)

CN=MALAMUTE,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=ac,DC=longwood,DC=edu

and backlink on

CN=MALAMUTE,OU=Domain Controllers,DC=ac,DC=longwood,DC=edu are

correct.
The system object reference (serverReferenceBL)

CN=MALAMUTE,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=ac,DC=longwood,DC=edu

and backlink on

CN=NTDS
Settings,CN=MALAMUTE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu

are correct.
......................... MALAMUTE passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : ac
Starting test: CrossRefValidation
......................... ac passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ac passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running enterprise tests on : longwood.edu
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope

provided by the command line arguments provided.
......................... longwood.edu passed test Intersite
Starting test: FsmoCheck
GC Name: \\malamute.ac.longwood.edu
Locator Flags: 0xe00001fc
PDC Name: \\scooby.ac.longwood.edu
Locator Flags: 0xe00001fd
Time Server Name: \\malamute.ac.longwood.edu
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\malamute.ac.longwood.edu
Locator Flags: 0xe00001fc
KDC Name: \\malamute.ac.longwood.edu
Locator Flags: 0xe00001fc
......................... longwood.edu passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS


"Austin Osuide" <austin@xxxxxxxxxxx> wrote in message
news:bxbSi.68$up6.39@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi Blake,
Can you do a "dcdiag /s:<DC_Name> /v /f:dcdiag.txt" and post the results?

Regards,

Austin

"Duffey, Blake" <blake.duffey@xxxxxxxxxx> wrote in message
news:Oq6lk0oEIHA.4228@xxxxxxxxxxxxxxxxxxxxxxx
Windows cannot access the file gpt.ini for GPO
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ac,DC=longwood,DC=edu.
The file must be present at the location
<\\ac.longwood.edu\sysvol\ac.longwood.edu\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(Configuration information could not be read from the domain controller,
either because the machine is unavailable, or access has been denied. ).
Group Policy processing aborted.

I am getting this over and over - it just started recently and is
causing major problems

how to troubleshoot?

B







.