Re: Enormous security problem

From: Glenn L (the.only(delete)_at_gmail)
Date: 01/25/05 

Date: Mon, 24 Jan 2005 19:30:10 -0800

I suggest you work through the 1030 and 1058 errors on your DC first.
http://eventid.net/display.asp?eventid=1058&eventno=1752&source=Userenv&phase=1

Then work through the 1053s on the workstation.
http://eventid.net/display.asp?eventid=1053&eventno=1584&source=Userenv&phase=1

Once these are resolved, I suspect your issue will go away. 

-- 
Glenn L
CCNA, MCSE 2000/2003 + Security
"wosully" <wosully@discussions.microsoft.com> wrote in message 
news:9E3020DD-DBAE-4C76-827D-CC5B53A1C82C@microsoft.com...
> The Dc has these two errors 1030 and 1058 in the application log:
>
> Event Type: Error
> Event Source: Userenv
> Event Category: None
> Event ID: 1030
> Date: 1/24/2005
> Time: 20:57:44
> User: NT AUTHORITY\SYSTEM
> Computer: SOCRATES
> Description:
> Windows cannot query for the list of Group Policy objects. Check the event
> log for possible messages previously logged by the policy engine that
> describes the reason for this.
>
> Event Type: Error
> Event Source: Userenv
> Event Category: None
> Event ID: 1058
> Date: 1/24/2005
> Time: 21:00:39
> User: OSULLIVAN\bosully
> Computer: SOCRATES
> Description:
> Windows cannot access the file gpt.ini for GPO
> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=osullivans,DC=local.
> The file must be present at the location
> <\\osullivans.local\sysvol\osullivans.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
> (Configuration information could not be read from the domain controller,
> either because the machine is unavailable, or access has been denied. ).
> Group Policy processing aborted.
>
> I have tried to unlink the default dc policy and that has not been 
> successful.
>
> "Glenn L" wrote:
>
>> Not sure what is happening.
>> What is the LDAP failure return code in Netdiag?
>>
>> Try the following test.
>> use kerbtray from the resource kit.
>> Log in as a domain admin user.
>> lauch kerbtray and view the tickets. Do they look good?
>> launch LDP.EXE  (part of support tools)
>> connect to for DC and bind to the DC with the currently logged in creds.
>> Does this fail?  What is the exact error in LDP.EXE
>> now purge your kerberos tickets.
>> Attempt the LDAP bind again.
>> Does it fail? same error?
>>
>> please post the contents of the 680s and 529s to this thread.
>> Are there errors on the file server perhaps kerberos errors in the system
>> log.
>>
>>
>> -- 
>> Glenn L
>> CCNA, MCSE 2000/2003 + Security
>>
>> "wosully" <wosully@discussions.microsoft.com> wrote in message
>> news:90E9C6D1-7910-4C2B-8F80-72326D5953CF@microsoft.com...
>> > Hi all,
>> >
>> > I have one 2003 DC without any service pack, and one 2003 file server 
>> > with
>> > SP1 RC1, and I have run netdiag from the command line on the file 
>> > server
>> > and
>> > the LDAP tests have continually failed; no other tests fail.  Any 
>> > account
>> > (even domain admin) that I log onto the file server with and use 
>> > computer
>> > mgt
>> > snap in to manage the DC, shows up in the DC's security log as a failed
>> > authentication (680 and 529 errors).  Eventually the accounts are 
>> > locked
>> > out
>> > every time.  I had to disable account lock out in the defualt domain
>> > policy.
>> > I have tried changing the accounts passwords.  I have even taken the 
>> > file
>> > server out of the domain and renamed it prior to inserting it back into
>> > the
>> > domain, but the problem persists.  I have tested this with other domain
>> > admin
>> > accounts and the result is the same.
>> >
>> > When I open up comp mgt from the file server pointed at the DC and 
>> > scroll
>> > to
>> > the security log, all I have to do is select the security log and hit
>> > refresh
>> > and a new pair of failure audits pop up until the account is locked 
>> > again.
>> >
>> > What would cause this problem and who do I need to pay off to fix it?
>> >
>> >
>> >
>> >
>> > -- 
>> > MCSE: Security, CCNA, A+, Network +, Security+
>>
>>
>>

Relevant Pages

  • Re: Enormous security problem
    ... What is the LDAP failure return code in Netdiag? ... Are there errors on the file server perhaps kerberos errors in the system ... I had to disable account lock out in the defualt domain> policy. ... > the security log, all I have to do is select the security log and hit> refresh ...
    (microsoft.public.windows.server.general)
  • Enormous security problem
    ... and I have run netdiag from the command line on the file server and ... I had to disable account lock out in the defualt domain policy. ... domain, but the problem persists. ... the security log, all I have to do is select the security log and hit refresh ...
    (microsoft.public.windows.server.general)
  • Re: Bug check: 0x000000d1 (0x77f68b33, 0x000000ff, 0x00000000, 0x77f68b33)
    ... Only one renamed Admiinstrator account. ... > [System Log] PM 07:48:13 ... > [Security Log] PM 07:48:13 ... > Audit Policy Change: ...
    (microsoft.public.windows.server.general)
  • Re: Manage 30 XP, 2000, 98 without Domain Controller
    ... account on 98 machines) ... folders on the File Server, setup NTFS permission on each folder. ... How to prevent them from share out local folders, ... So is it possible to make the workgroup change ...
    (microsoft.public.windowsxp.security_admin)
  • old user account preventing networking
    ... Our office just got a new file server, ... network printer. ... everyone has a user account on ...
    (microsoft.public.windowsxp.network_web)