Re: event 1058 - group policy error



Hi Blake,
You DCdiag looks clean..
Are you still having the issue?
If so, see if this helps you track down a root cause:
http://technet2.microsoft.com/windowsserver2008/en/library/08ecc8cb-1bd3-4acd-b93e-75021b605cec1033.mspx?mfr=true


Regards,

Austin
"Duffey, Blake" <blake.duffey@xxxxxxxxxx> wrote in message
news:OLDMU4KFIHA.4028@xxxxxxxxxxxxxxxxxxxxxxx

Domain Controller Diagnosis

Performing initial setup:
* Connecting to directory service on server malamute.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\MALAMUTE
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... MALAMUTE passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\MALAMUTE
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration,DC=longwood,DC=edu
Latency information for 10 entries in the vector were
ignored.
10 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=longwood,DC=edu
Latency information for 10 entries in the vector were
ignored.
10 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=longwood,DC=edu
Latency information for 11 entries in the vector were
ignored.
10 were retired Invocations. 1 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... MALAMUTE passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC MALAMUTE.
* Security Permissions Check for
DC=DomainDnsZones,DC=ac,DC=longwood,DC=edu
(NDNC,Version 2)
* Security Permissions Check for
DC=ForestDnsZones,DC=longwood,DC=edu
(NDNC,Version 2)
* Security Permissions Check for
DC=ac,DC=longwood,DC=edu
(Domain,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=longwood,DC=edu
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=longwood,DC=edu
(Configuration,Version 2)
* Security Permissions Check for
DC=longwood,DC=edu
(Domain,Version 2)
......................... MALAMUTE passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\MALAMUTE\netlogon
Verified share \\MALAMUTE\sysvol
......................... MALAMUTE passed test NetLogons
Starting test: Advertising
The DC MALAMUTE is advertising itself as a DC and having a DS.
The DC MALAMUTE is advertising as an LDAP server
The DC MALAMUTE is advertising as having a writeable directory
The DC MALAMUTE is advertising as a Key Distribution Center
The DC MALAMUTE is advertising as a time server
The DS MALAMUTE is advertising as a GC.
......................... MALAMUTE passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=HUSKY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu
Role Domain Owner = CN=NTDS
Settings,CN=HUSKY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu
Role PDC Owner = CN=NTDS
Settings,CN=SCOOBY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu
Role Rid Owner = CN=NTDS
Settings,CN=SCOOBY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SCOOBY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu
......................... MALAMUTE passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2603 to 1073741823
* scooby.ac.longwood.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2103 to 2602
* rIDPreviousAllocationPool is 2103 to 2602
* rIDNextRID: 2130
......................... MALAMUTE passed test RidManager
Starting test: MachineAccount
Checking machine account for DC MALAMUTE on DC MALAMUTE.
* SPN found :LDAP/malamute.ac.longwood.edu/ac.longwood.edu
* SPN found :LDAP/malamute.ac.longwood.edu
* SPN found :LDAP/MALAMUTE
* SPN found :LDAP/malamute.ac.longwood.edu/AC
* SPN found
:LDAP/821eec5c-4a09-454e-9978-e3878b2e14b9._msdcs.longwood.edu
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/821eec5c-4a09-454e-9978-e3878b2e14b9/ac.longwood.edu
* SPN found :HOST/malamute.ac.longwood.edu/ac.longwood.edu
* SPN found :HOST/malamute.ac.longwood.edu
* SPN found :HOST/MALAMUTE
* SPN found :HOST/malamute.ac.longwood.edu/AC
* SPN found :GC/malamute.ac.longwood.edu/longwood.edu
......................... MALAMUTE passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... MALAMUTE passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
MALAMUTE is in domain DC=ac,DC=longwood,DC=edu
Checking for CN=MALAMUTE,OU=Domain
Controllers,DC=ac,DC=longwood,DC=edu in domain DC=ac,DC=longwood,DC=edu on
1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=MALAMUTE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu
in domain CN=Configuration,DC=longwood,DC=edu on 1 servers
Object is up-to-date on all servers.
......................... MALAMUTE passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... MALAMUTE passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... MALAMUTE passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... MALAMUTE passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... MALAMUTE passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=MALAMUTE,OU=Domain Controllers,DC=ac,DC=longwood,DC=edu and

backlink on


CN=MALAMUTE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu

are correct.
The system object reference (frsComputerReferenceBL)

CN=MALAMUTE,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=ac,DC=longwood,DC=edu

and backlink on

CN=MALAMUTE,OU=Domain Controllers,DC=ac,DC=longwood,DC=edu are

correct.
The system object reference (serverReferenceBL)

CN=MALAMUTE,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=ac,DC=longwood,DC=edu

and backlink on

CN=NTDS
Settings,CN=MALAMUTE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=longwood,DC=edu

are correct.
......................... MALAMUTE passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : ac
Starting test: CrossRefValidation
......................... ac passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ac passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running enterprise tests on : longwood.edu
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope

provided by the command line arguments provided.
......................... longwood.edu passed test Intersite
Starting test: FsmoCheck
GC Name: \\malamute.ac.longwood.edu
Locator Flags: 0xe00001fc
PDC Name: \\scooby.ac.longwood.edu
Locator Flags: 0xe00001fd
Time Server Name: \\malamute.ac.longwood.edu
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\malamute.ac.longwood.edu
Locator Flags: 0xe00001fc
KDC Name: \\malamute.ac.longwood.edu
Locator Flags: 0xe00001fc
......................... longwood.edu passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS


"Austin Osuide" <austin@xxxxxxxxxxx> wrote in message
news:bxbSi.68$up6.39@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi Blake,
Can you do a "dcdiag /s:<DC_Name> /v /f:dcdiag.txt" and post the results?

Regards,

Austin

"Duffey, Blake" <blake.duffey@xxxxxxxxxx> wrote in message
news:Oq6lk0oEIHA.4228@xxxxxxxxxxxxxxxxxxxxxxx
Windows cannot access the file gpt.ini for GPO
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ac,DC=longwood,DC=edu.
The file must be present at the location
<\\ac.longwood.edu\sysvol\ac.longwood.edu\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(Configuration information could not be read from the domain controller,
either because the machine is unavailable, or access has been denied. ).
Group Policy processing aborted.

I am getting this over and over - it just started recently and is
causing major problems

how to troubleshoot?

B







.



Relevant Pages

  • Re: event 1058 - group policy error
    ... Connecting to directory service on server malamute. ... Replication Site Latency Check ... Security Permissions check for all NC's on DC MALAMUTE. ... Starting test: CrossRefValidation ...
    (microsoft.public.windows.server.active_directory)
  • Re: You must be logged on using the built-in administrator account
    ... Starting test: CrossRefValidation ... domain or if the problem persists after replication has had ... Base Object Description: "SYSVOL FRS Member Object" ... Check if this server is deleted, ...
    (microsoft.public.windows.server.sbs)
  • Re: adprep /domainprep /gpprep fails
    ... Server 2008 x64 as domain controller in an existing 2003 forest. ... Failing SYSVOL replication problems may ... event log entries, and the second one the results of dcdiag ... Starting test: CrossRefValidation ...
    (microsoft.public.windows.server.active_directory)
  • Re: adprep /domainprep /gpprep fails
    ... Server 2008 x64 as domain controller in an existing 2003 forest. ... Failing SYSVOL replication problems may ... event log entries, and the second one the results of dcdiag ... Starting test: CrossRefValidation ...
    (microsoft.public.windows.server.active_directory)
  • Re: Not able to apply Group Policy....
    ... Are the DC and also the clients listed in DNS zones on the DC/DNS server? ... Replication Latency Check ... Latency information for 1 entries in the vector were ignored. ... Starting test: CrossRefValidation ...
    (microsoft.public.windows.group_policy)