Re: Windows SBS 2003 SP1 /w ISA Server 2004

Thanks for all your help. I fixed the issue by going through the Internet
Configuration Wizard.

"Edward Tian" <v-edtian@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:txElUffsFHA.3308@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi Rajiv:
> Thanks for posting here.
>
> Let's follow the steps below to troubleshoot the issue:
>
> 1. Have you run the CEICW to configure your network settings? Please
> re-run
> the CEICW as per the following Knowledge Base article:
>
> 825763 How to configure Internet access in Windows Small Business Server
> 2003
> http://support.microsoft.com/?id=825763
>
> 2. Are you able to open Group Policy snap-ins such as the Domain
> Controller
> Security Policy snap-in or the Domain Security Policy snap-in? If not,
> this
> often is because the server's SMB signing settings for its Server and
> Workstation services contradict each other. For more information about
> this
> issue, see the following KB article:
>
> 839499 You cannot open file shares or Group Policy snap-ins when you
> disable SMB signing for the Workstation or Server service on a domain
> controller
> http://support.microsoft.com/?id=839499
>
> 3. Is the TCP/IP NetBIOS Helper service running?
>
> 4. Is the Distributed File System service running? Please make sure the
> service has been set "Automatic" and started.
>
> 5. Make sure that the antivirus is not scanning the sysvol folder.
>
> 822158 Virus scanning recommendations on a Windows 2000 or on a Windows
> Server 2003 domain controller
> http://support.microsoft.com/?id=822158
>
> 6. Check the contents and the permissions of the Sysvol folder
>
> By default, the Sysvol folder is located in the %systemroot% folder. Syvol
> contains the domain's group policy objects, the Sysvol and Netlogon
> shares,
> and the file replication service (FRS) staging folder. If the permissions
> on the Sysvol folder or the Sysvol share are too restrictive, this can
> cause group policies to fail with Userenv errors. Additionally, Userenv
> errors can occur if the Sysvol share or group policy objects are missing.
>
> To make sure the Sysvol share is available, run the "net share" command on
> the SBS server. SYSVOL should appear in the list of shares. Also, make
> sure
> that the Netlogon share is listed. If the Sysvol or Netlogon share is
> missing, see the following articles for information about troubleshooting
> this problem:
>
> 257338 Troubleshooting Missing SYSVOL and NETLOGON Shares on Windows 2000
> Domain Controllers
> http://support.microsoft.com/?id=257338
>
> After you make sure the Sysvol share is available, make sure that the
> Sysvol folder, the Sysvol share, and the root of the volume that contains
> the Sysvol folder are configured with the the correct permissions.
>
> On Windows Server 2003, the Everyone group should have the Read & Execute
> special permission applied to "This folder only", and the domain\Users
> group should have the following standard permissions:
>
> Read & Execute
> List Folder Contents
> Read
>
> Additionally, on Windows Server 2003, the domain\Users group should have
> the following special permissions:
>
> Read & Execute applied to "This folder, subfolders and files"
> Create Folder / Append Data applied to "This folder and subfolders"
> Create Files / Write Data applied to "Subfolders only"
>
> For the permissions required for the Sysvol folder and the Sysvol share,
> see the following KB article:
>
> 290647 Event ID 1000, 1001 Is Logged Every Five Minutes in the Application
> Event Log
> http://support.microsoft.com/?id=290647
>
> 7. Make sure that the "Bypass traverse checking" right is granted to the
> required groups. To do so:
>
> A. On the SBS server, click Start, point to Programs or All Programs,
> point
> to Administrative Tools, and then click Domain Controller Security Policy.
> B. Expand Security Settings, expand Local Policies, and then click User
> Rights Assignment.
> C. Double-click the "Bypass traverse checking" policy setting.
> E. Click to check the "Define these policy settings" box, if the option is
> not enabled already.
> F. The following groups should be listed for this policy setting:
>
> Administrators
> Authenticated Users
> Everyone
> Pre-Windows 2000 Compatible Access
>
> If any of these groups are missing, click Add, type the name of the
> missing
> group, and then click OK.
>
> G. Click OK to close the policy setting.
> H. Run the "gpupdate /force" command.
>
>
> Based on my research, the following KB articles have described this issue:
>
> 842804 Group Policy processing does not work and events 1030 and 1058 are
> http://support.microsoft.com/?id=842804
>
> 834649 Client computers record Event ID 1030 and Event ID 1058 when DFS is
> not
> http://support.microsoft.com/?id=834649
>
> 314494 Group policies are not applied the way you expect; "Event ID 1058"
> and
> http://support.microsoft.com/?id=314494
>
> Thanks for your time.
>
> I'm looking forward to your update.
>
> Have a nice day!
>
> Best Regards
> Edward Tian(MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
> | From: "Rajiv Baxi" <rajiv@xxxxxxxxxxxxxxx>
> | References: <#7cl1DyrFHA.1252@xxxxxxxxxxxxxxxxxxxx>
> <OA8GzFyrFHA.3092@xxxxxxxxxxxxxxxxxxxx>
> <OlVpSx1rFHA.1028@xxxxxxxxxxxxxxxxxxxx>
> | Subject: Re: Windows SBS 2003 SP1 /w ISA Server 2004
> | Date: Fri, 2 Sep 2005 08:46:16 -0400
> | Lines: 70
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> | X-RFC2646: Format=Flowed; Response
> | Message-ID: <OSQnQx7rFHA.2212@xxxxxxxxxxxxxxxxxxxx>
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: ppp-69-216-124-121.dsl.sfldmi.ameritech.net
> 69.216.124.121
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:150212
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | The ISA 2004 SP1 is from the SBS 2003 SP1 CD #3. SBS 2003 SP1 is
> installed
> | as well.
> |
> | "David Copeland [MSFT]" <davidcop@xxxxxxxxxxxxxxxxxxxx> wrote in message
> | news:OlVpSx1rFHA.1028@xxxxxxxxxxxxxxxxxxxxxxx
> | > Rajiv,
> | >
> | > The ISA 2004 that you installed.. was that from the SBS 2003 SP1 cd
> #3?
> | > or SBS 2003 with SP1 Premium Technologies cd? If it's not did you
> | > install ISA 2004 SP1 as well? Is SBS 2003 SP1 installed?
> | >
> | >
> | > --
> | >
> | > Hope that helps,
> | > David Copeland
> | > Microsoft Small Business Server Support
> | >
> | > This posting is provided "AS IS" with no warranties, and confers no
> | > rights.
> | >
> | >
> | > SBS Newsgroups:
> | >
> | > SBS v4.x: microsoft.public.backoffice.smallbiz
> | > SBS 2000: microsoft.public.backoffice.smallbiz2000
> | > SBS 2003: microsoft.public.windows.server.sbs
> | >
> | > "Matt Gibson" <mattg@xxxxxxxxxxxxxxx> wrote in message
> | > news:OA8GzFyrFHA.3092@xxxxxxxxxxxxxxxxxxxxxxx
> | >> Have you run the connect to internet wizard again?
> | >>
> | >> Matt Gibson - GSEC
> | >>
> | >> "Rajiv Baxi" <rajiv@xxxxxxxxxxxxxxx> wrote in message
> | >> news:%237cl1DyrFHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
> | >>>I have recently installed ISA Server 2004 on Windows SBS 2003 (along
> with
> | >>>the other service packs). Now, I get the following event:
> | >>>
> | >>> Windows cannot access the file gpt.ini for GPO
> | >>>
> CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=server,DC
> =local.
> | >>> The file must be present at the location
> | >>>
> <\\server.local\sysvol\server.local\Policies\{31B2F340-016D-11D2-945F-00C04F
> B984F9}\gpt.ini>.
> | >>> (Configuration information could not be read from the domain
> controller,
> | >>> either because the machine is unavailable, or access has been
> denied.
> ).
> | >>> Group Policy processing aborted.
> | >>>
> | >>> I also get a message in Group Policy Object Editor:
> | >>>
> | >>> The Group policy snapin was unable to save your changes due to the
> | >>> following error:
> | >>>
> | >>> Configuration information could not be read from the domain
> controller,
> | >>> either because the machine is unavailable, or access has been
> denied.
> | >>>
> | >>> The server has two network cards (one for the internal network and
> one
> | >>> for the external network). I have set to allow LDAP(S) and RPC.
> | >>>
> | >>> Any help would be greatly appreciated.
> | >>>
> | >>> Thanks,
> | >>>
> | >>> Raj
> | >>>
> | >>
> | >>
> | >
> | >
> |
> |
> |
>


.

Relevant Pages

  • Re: Crashed DC, reinstalled and now server cant find domain - Please help!
    ... server a DC, I read I had some problems with replication. ... Now I only have one problem: When recreating the SYSVOL, ... access the Domain Controller Security Policy, I get the "The system cannot ... > If you don't have the tools installed load them from your install disk. ...
    (microsoft.public.win2000.active_directory)
  • Re: Crashed DC, reinstalled and now server cant find domain - Please help!
    ... > server a DC, I read I had some problems with replication. ... > Now I only have one problem: When recreating the SYSVOL, ... > to access the Domain Controller Security Policy, ... >> If you don't have the tools installed load them from your install disk. ...
    (microsoft.public.win2000.active_directory)
  • Re: EventID 1030 & 1058 after Desaster Recovery Restore
    ... Make sure that the antivirus is not scanning the sysvol folder. ... > contains the domain's group policy objects, ... > On Windows Server 2003, the Everyone group should have the Read & Execute ...
    (microsoft.public.windows.server.sbs)
  • RE: Group Policy processing aborted error message in Event Application log
    ... >Subject: RE: Group Policy processing aborted error message in Event ... >825763 How to configure Internet access in Windows Small Business Server ... Make sure that the antivirus is not scanning the sysvol folder. ...
    (microsoft.public.windows.server.sbs)
  • Re: How to recover from DC without GC?
    ... all the files in the SYSVOL folder though? ... A Global Catalog Server could not be located - All GC's are ... You've got DNS problems. ...
    (microsoft.public.windows.server.active_directory)
Loading