Re: Intermittant GPO failure to apply
- From: v-chayan@xxxxxxxxxxxxxxxxxxxx ("Charles Yang [MSFT]")
- Date: Mon, 19 Sep 2005 01:15:16 GMT
HI Nick,
Thanks for updates.
If you have backup your group policy before, you can restore it from the
tape, it should be the quick way to do that. If you have not backup the
group policy individually, we may troubleshoot the issue one by one:
1 Access denied: dial in properties:
I would like to let you follow the KB article below to double confirmit, as
I know the permission is relate to local services account, notthe
administrator account. Please refer to the article below:
842695 You may receive an error message when you try to open the Dial-intab
http://support.microsoft.com/?id=842695
If the permission is set correctly, please also check the followingregistry
to see if it set correctly:
HKLM\SYSTEM\ControlSet001\Control\SecurePipeServers\winreg
HKLM\SYSTEM\ControlSet001\Control\SecurePipeServers\winreg\AllowedPaths
The local services should also have read permission.
By default, if only error 1030 occurs, we may safely ignore, as this might
relate to cached credential issue:
I. You can configure this security setting by opening the appropriate
policy and expanding the console tree as such: Computer
Configuration\Windows
Settings\Security Settings\Local Policies\Security Options Network access:
Do not allow storage of credentials or .NET Passports for network
authentication
II. Following Registry value removes the "Remember My Password" option from
all prompts for authentication:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
Value Name: disabledomaincreds
Value Type: REG_DWORD
Values: 0 = allow domain credentials to be stored
1 = do not store domain credentials
Set the disabledomaincreds value to "0" to restore the "Remember My
Password" checkbox on the prompt for authentication.
III. Set Kerberos to use TCP
244474 How to force Kerberos to use TCP instead of UDP in Windows Server
2003,
http://support.microsoft.com/?id=244474
The steps #1 and #2 I introduced in my last reply are all used to delete
the store credential. The step #1 could be applied to group policy that
cover the SBS server such as domain controller policy and you will find the
policy below
Computer Configuration\Windows Settings\Security Settings\Local
Policies\Security Options\Network access: Do not allow storage of
credentials or .NET Passports for network authentication
The step #2 is used registry key way. The "0" is the default value. When
you set this key to 1, to purge the original credential to clear the store
and restart the machine.
If you do not want the above steps, you could use the following way to
delete the cached credential directly.
1. On the SBS server open control panel
2. Open 'Stored User Names and Passwords'
3. Remove all entries in the list, as the problem could be caused by the
incorrect credential cached here.
If the problem could not be resolved, we may need to set the Kerberos to
TCP only, because of the following reasons.
The Windows Kerberos authentication package is the default authentication
package in Microsoft Windows Server 2003. By default, the maximum size of
datagram packets for which Windows Server 2003 uses UDP is 1,465 bytes.
Depending on a variety of factors including security identifier (SID)
history and group membership, some accounts will have larger Kerberos
authentication packet sizes. Depending on hardware of your SBS network,
these larger packets may have to be fragmented when going through. The
problem is caused by fragmentation of these large UDP Kerberos packets.
Because UDP is a connectionless protocol, fragmented UDP packets will be
dropped if they arrive at the destination out of order.
Then, this issue could be occur that you logon to the SBS server remotely,
and the UDP package is dropped at this situation. So, we could set the
Kerberos to use TCP only, as Kerberos is designed to work under both UDP
and TCP.
For the error, you could not edit group policy, it should relate to
updates, you have not applied, please refer to my suggestion below: (This
should be the article that refer to your issue)
839499 You cannot open file shares or Group Policy snap-ins when you disable
http://support.microsoft.com/?id=839499
For the trend software, please try to resolve the above the issue to see if
this issue can be clear.
Hope the above information helpful. I am glad to help you.
Best regards,
Charles Yang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "NickC" <NoSpam@xxxxxxxxxxxxxx>
| References: <#0yb8FPlFHA.1608@xxxxxxxxxxxxxxxxxxxx>
<qk#JxlllFHA.3472@xxxxxxxxxxxxxxxxxxxxx>
<u$KSRhnlFHA.1412@xxxxxxxxxxxxxxxxxxxx>
<lF03VAwlFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
<eyM9CI1lFHA.1948@xxxxxxxxxxxxxxxxxxxx>
<3NgMzq8lFHA.3120@xxxxxxxxxxxxxxxxxxxxx>
<bdNyKYNmFHA.940@xxxxxxxxxxxxxxxxxxxxx>
<OUgO7kOmFHA.1232@xxxxxxxxxxxxxxxxxxxx>
<LEzjLcVmFHA.944@xxxxxxxxxxxxxxxxxxxxx>
<eInxpswpFHA.2904@xxxxxxxxxxxxxxxxxxxx>
<frb2Q85pFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
<#SZQAPZqFHA.3540@xxxxxxxxxxxxxxxxxxxx>
<yK#Vz$dqFHA.3800@xxxxxxxxxxxxxxxxxxxxx>
<#ba#kpyrFHA.260@xxxxxxxxxxxxxxxxxxxx>
<QGRcwO1rFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
<#iSY7DJuFHA.1364@xxxxxxxxxxxxxxxxxxxx>
<NJlagMZuFHA.896@xxxxxxxxxxxxxxxxxxxxx>
<efvRZZhuFHA.1572@xxxxxxxxxxxxxxxxxxxx>
<5uW8ArluFHA.580@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Intermittant GPO failure to apply
| Date: Fri, 16 Sep 2005 20:09:59 +0100
| Lines: 1119
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uz4uJJvuFHA.2948@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: mail.stkittsnevisregistry.net 194.164.85.19
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:154068
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| 1). ADS user properties Dial-In tab reports 'Could not load Dial-in
profile
| for this user because: Access is denied'.
| 2). Trend Micro Scammail 'cannot logon to server'.
| 3). We are now getting a lot of these in the Application log:
| Event Type: Error
| Event Source: Userenv
| Event Category: None
| Event ID: 1030
| Date: 16/09/2005
| Time: 19:37:43
| User: NT AUTHORITY\SYSTEM
| Computer: OURSERVER
| Description:
| Windows cannot query for the list of Group Policy objects. Check the
event
| log for possible messages previously logged by the policy engine that
| describes the reason for this.
|
| 4). Cannot edit any GPOs because 'You do not have permission to perform
this
| operation - Access is denied'.
|
| The SMB GPOs are set back to the original defaults (which I wrote down
| before changing them) as follows:
| Default Domain policy
| Network Client digitally sign communications (always): Not Defined
| Network Client digitally sign communications (if server agrees): Not
| Defined
| Network Server digitally sign communications (always): Not Defined
| Network Server digitally sign communications (if client agrees): Not
| Defined
| Default Domain Controllers policy
| Network Client digitally sign communications (always): Not Defined
| Network Client digitally sign communications (if server agrees): Not
| Defined
| Network Server digitally sign communications (always): Enabled
| Network Server digitally sign communications (if client agrees):
Enabled
|
| Others have suggested that changing these may have altered some registry
| settings that need to be set back to their previous defaults again.
|
| Any ideas, do I need to restore from tape again?
|
| Nick
|
|
| ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:5uW8ArluFHA.580@xxxxxxxxxxxxxxxxxxxxxxxx
| > HI Nick,
| >
| > Due to the issue you have referred, could you help me check your event
| > view
| > to see if there are any other error events.
| >
| > Could you describe the issue more clearly, could you tell me what is the
| > "AD dial in access properties" not available, is there any error message
| > when you access it.
| >
| > For the trend software, please make sure that you have client software
to
| > be the same setting as the server side.
| >
| > For the attachments, it should be the problem of our newsgroup server, I
| > could not open it. If there are some information contains in it, please
| > paste it as possible.
| >
| > I am glad to help you. Thanks a lot for your effort.
| >
| >
| >
| > Best regards,
| >
| > Charles Yang (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| > --------------------
| > | From: "NickC" <NoSpam@xxxxxxxxxxxxxx>
| > | References: <#0yb8FPlFHA.1608@xxxxxxxxxxxxxxxxxxxx>
| > <qk#JxlllFHA.3472@xxxxxxxxxxxxxxxxxxxxx>
| > <u$KSRhnlFHA.1412@xxxxxxxxxxxxxxxxxxxx>
| > <lF03VAwlFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
| > <eyM9CI1lFHA.1948@xxxxxxxxxxxxxxxxxxxx>
| > <3NgMzq8lFHA.3120@xxxxxxxxxxxxxxxxxxxxx>
| > <bdNyKYNmFHA.940@xxxxxxxxxxxxxxxxxxxxx>
| > <OUgO7kOmFHA.1232@xxxxxxxxxxxxxxxxxxxx>
| > <LEzjLcVmFHA.944@xxxxxxxxxxxxxxxxxxxxx>
| > <eInxpswpFHA.2904@xxxxxxxxxxxxxxxxxxxx>
| > <frb2Q85pFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
| > <#SZQAPZqFHA.3540@xxxxxxxxxxxxxxxxxxxx>
| > <yK#Vz$dqFHA.3800@xxxxxxxxxxxxxxxxxxxxx>
| > <#ba#kpyrFHA.260@xxxxxxxxxxxxxxxxxxxx>
| > <QGRcwO1rFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
| > <#iSY7DJuFHA.1364@xxxxxxxxxxxxxxxxxxxx>
| > <NJlagMZuFHA.896@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: Intermittant GPO failure to apply
| > | Date: Thu, 15 Sep 2005 17:55:37 +0100
| > | Lines: 957
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <efvRZZhuFHA.1572@xxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: host81-130-24-138.in-addr.btopenworld.com
| > 81.130.24.138
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:153713
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | I have now set according to the following which is what I thing we
had
| > by
| > | default:
| > |
| > | Default Domain Controllers policy, both Network Server Digitally Sign
| > | Communications items should be ENABLED.
| > | The Network Client: Digitally Sign Communications items are NOT
DEFINED.
| > | Default Domain policy, all four should be set to NOT DEFINED
| > | as per the attached message.
| > |
| > | Problem is that something is still not correct, now Trend Micro
Scanmail
| > | cannot logon to the server also Active Directory Dial-in access
| > properties
| > | are not available.
| > |
| > | Nick
| > |
| > |
| > | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in
message
| > | news:NJlagMZuFHA.896@xxxxxxxxxxxxxxxxxxxxxxxx
| > | > Hi Nick,
| > | >
| > | > This problem should relate to SMB signing, as we checked it on our
SBS
| > | > test
| > | > machine, all are set to not defined. So it should be your SBS domain
| > need
| > | > special setting.
| > | >
| > | > You can check to make sure that the policy for SMB signing is same
on
| > the
| > | > client side and server side, then you can successfully authorize
with
| > the
| > | > shared folder browsing.
| > | >
| > | > You can either enable or disable the SMB signing on both server and
| > client
| > | > side. Please also edit the group policy setting on the client side.
| > (using
| > | > gpedit.msc to configure the policy setting.)
| > | >
| > | > I also check your event log, I only found some warring which cause
by
| > the
| > | > third party tools. For the warning 5008 for exchange, I am
currently
| > on
| > | > researching now.
| > | >
| > | > Thanks for your understanding.
| > | >
| > | >
| > | >
| > | > Best regards,
| > | >
| > | > Charles Yang (MSFT)
| > | >
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > ======================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
| > issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
| > check
| > | > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although
| > we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > | > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | > ======================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | >
| > | >
| > | > =====================================================
| > | > When responding to posts, please "Reply to Group" via your
newsreader
| > so
| > | > that others may learn and benefit from your issue.
| > | > =====================================================
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | >
| > | > --------------------
| > | > | From: "NickC" <NoSpam@xxxxxxxxxxxxxx>
| > | > | References: <#0yb8FPlFHA.1608@xxxxxxxxxxxxxxxxxxxx>
| > | > <qk#JxlllFHA.3472@xxxxxxxxxxxxxxxxxxxxx>
| > | > <u$KSRhnlFHA.1412@xxxxxxxxxxxxxxxxxxxx>
| > | > <lF03VAwlFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
| > | > <eyM9CI1lFHA.1948@xxxxxxxxxxxxxxxxxxxx>
| > | > <3NgMzq8lFHA.3120@xxxxxxxxxxxxxxxxxxxxx>
| > | > <bdNyKYNmFHA.940@xxxxxxxxxxxxxxxxxxxxx>
| > | > <OUgO7kOmFHA.1232@xxxxxxxxxxxxxxxxxxxx>
| > | > <LEzjLcVmFHA.944@xxxxxxxxxxxxxxxxxxxxx>
| > | > <eInxpswpFHA.2904@xxxxxxxxxxxxxxxxxxxx>
| > | > <frb2Q85pFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
| > | > <#SZQAPZqFHA.3540@xxxxxxxxxxxxxxxxxxxx>
| > | > <yK#Vz$dqFHA.3800@xxxxxxxxxxxxxxxxxxxxx>
| > | > <#ba#kpyrFHA.260@xxxxxxxxxxxxxxxxxxxx>
| > | > <QGRcwO1rFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
| > | > | Subject: Re: Intermittant GPO failure to apply
| > | > | Date: Tue, 13 Sep 2005 19:28:25 +0100
| > | > | Lines: 680
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | > | X-RFC2646: Format=Flowed; Original
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | > | Message-ID: <#iSY7DJuFHA.1364@xxxxxxxxxxxxxxxxxxxx>
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: host81-130-40-182.in-addr.btopenworld.com
| > | > 81.130.40.182
| > | > | Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.server.sbs:153008
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | Charles, could you please check these settings. If I set all
these
| > for
| > | > both
| > | > | 'Default Domain Policy' and 'Default Domain Controllers Policy' to
| > 'not
| > | > | defined' it causes the serious server lock-out as described in the
| > | > newsgroup
| > | > | message attached and requires a restore from tape to fix it.
| > | > |
| > | > | Thanks,
| > | > | Nick
| > | > |
| > | > |
| > | > | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in
| > message
| > | > | news:QGRcwO1rFHA.1208@xxxxxxxxxxxxxxxxxxxxxxxx
| > | > | > HI Nick,
| > | > | >
| > | > | > Thanks for updates.
| > | > | >
| > | > | > The default setting of these GPO is "not defined" for all the
| > policy
| > | > | > below:
| > | > | >
| > | > | > Network Client digitally sign communications (always)
| > | > | > Network Client digitally sign communications (if server
agrees)
| > | > | > Network Server digitally sign communications (always)
| > | > | > Network Server digitally sign communications (if client
agrees)
| > | > | > In addition, have you tried my steps in previous reply, I will
| > also
| > | > post
| > | > | > here:
| > | > | >
| > | > | > As you referred, you have enabled the roaming profiles and
folder
| > | > | > redirection on SBS domain. Also in your userenv log we found it
| > still
| > | > | > refer
| > | > | > to the same problem in ntuser.pol, by default this files will be
| > | > recreate
| > | > | > when logon the domain again, it seems the files is corrupt and
the
| > | > | > registry
| > | > | > is not correct.
| > | > | >
| > | > | > Please temporally delete that files or rename the files to see
if
| > the
| > | > | > issue
| > | > | > can be clear. If you using roaming profiles, please check it on
| > the
| > | > | > server.
| > | > | >
| > | > | > More info:
| > | > | >
| > | > | > 269378 Differences in the User Profiles in Windows
| > | > | > http://support.microsoft.com/?id=269378
| > | > | >
| > | > | >
| > | > | > Hope the above information helpful.
| > | > | >
| > | > | >
| > | > | >
| > | > | > Best regards,
| > | > | >
| > | > | > Charles Yang (MSFT)
| > | > | >
| > | > | > Microsoft CSS Online Newsgroup Support
| > | > | >
| > | > | > Get Secure! - www.microsoft.com/security
| > | > | >
| > | > | > ======================================================
| > | > | > This newsgroup only focuses on SBS technical issues. If you have
| > | > issues
| > | > | > regarding other Microsoft products, you'd better post in the
| > | > corresponding
| > | > | > newsgroups so that they can be resolved in an efficient and
timely
| > | > manner.
| > | > | > You can locate the newsgroup here:
| > | > | >
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | >
| > | > | > When opening a new thread via the web interface, we recommend
you
| > | > check
| > | > | > the
| > | > | > "Notify me of replies" box to receive e-mail notifications when
| > there
| > | > are
| > | > | > any updates in your thread. When responding to posts via your
| > | > newsreader,
| > | > | > please "Reply to Group" so that others may learn and benefit
from
| > your
| > | > | > issue.
| > | > | >
| > | > | > Microsoft engineers can only focus on one issue per thread.
| > Although
| > | > we
| > | > | > provide other information for your reference, we recommend you
| > post
| > | > | > different incidents in different threads to keep the thread
clean.
| > In
| > | > | > doing
| > | > | > so, it will ensure your issues are resolved in a timely manner.
| > | > | >
| > | > | > For urgent issues, you may want to contact Microsoft CSS
directly.
| > | > Please
| > | > | > check http://support.microsoft.com for regional support phone
| > numbers.
| > | > | >
| > | > | > Any input or comments in this thread are highly appreciated.
| > | > | > ======================================================
| > | > | > This posting is provided "AS IS" with no warranties, and
confers
| > no
| > | > | > rights.
| > | > | >
| > | > | >
| > | > | > =====================================================
| > | > | > When responding to posts, please "Reply to Group" via your
| > newsreader
| > | > so
| > | > | > that others may learn and benefit from your issue.
| > | > | > =====================================================
| > | > | >
| > | > | > This posting is provided "AS IS" with no warranties, and
confers
| > no
| > | > | > rights.
| > | > | >
| > | > | > --------------------
| > | > | > | From: "NickC" <NoSpam@xxxxxxxxxxxxxx>
| > | > | > | References: <#0yb8FPlFHA.1608@xxxxxxxxxxxxxxxxxxxx>
| > | > | > <qk#JxlllFHA.3472@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > <u$KSRhnlFHA.1412@xxxxxxxxxxxxxxxxxxxx>
| > | > | > <lF03VAwlFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > <eyM9CI1lFHA.1948@xxxxxxxxxxxxxxxxxxxx>
| > | > | > <3NgMzq8lFHA.3120@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > <bdNyKYNmFHA.940@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > <OUgO7kOmFHA.1232@xxxxxxxxxxxxxxxxxxxx>
| > | > | > <LEzjLcVmFHA.944@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > <eInxpswpFHA.2904@xxxxxxxxxxxxxxxxxxxx>
| > | > | > <frb2Q85pFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > <#SZQAPZqFHA.3540@xxxxxxxxxxxxxxxxxxxx>
| > | > | > <yK#Vz$dqFHA.3800@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > | Subject: Re: Intermittant GPO failure to apply
| > | > | > | Date: Thu, 1 Sep 2005 20:21:32 +0100
| > | > | > | Lines: 465
| > | > | > | X-Priority: 3
| > | > | > | X-MSMail-Priority: Normal
| > | > | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | > | > | X-RFC2646: Format=Flowed; Original
| > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | > | > | Message-ID: <#ba#kpyrFHA.260@xxxxxxxxxxxxxxxxxxxx>
| > | > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | > | NNTP-Posting-Host: host81-130-59-23.in-addr.btopenworld.com
| > | > 81.130.59.23
| > | > | > | Path:
| > | > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
| > | > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > microsoft.public.windows.server.sbs:150019
| > | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | > |
| > | > | > | Hi Charles,
| > | > | > |
| > | > | > | As the SMB signing doesn't seem to make any difference I would
| > like
| > | > to
| > | > | > set
| > | > | > | them back to their defaults. Could you tell me what the
default
| > | > | > settings
| > | > | > | were for the 'Default Domain Policy' and 'Default Domain
| > Controllers
| > | > | > Policy'
| > | > | > | GPOs for:
| > | > | > | Network Client digitally sign communications (always)
| > | > | > | Network Client digitally sign communications (if server
| > agrees)
| > | > | > | Network Server digitally sign communications (always)
| > | > | > | Network Server digitally sign communications (if client
| > agrees)
| > | > | > |
| > | > | > | Thanks,
| > | > | > | Nick
| > | > | > |
| > | > | > | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote
in
| > | > message
| > | > | > | news:yK%23Vz$dqFHA.3800@xxxxxxxxxxxxxxxxxxxxxxxx
| > | > | > | > Hi Nick,
| > | > | > | >
| > | > | > | > Thanks for updates.
| > | > | > | >
| > | > | > | > I will waiting for your results, as I mentioned we could not
| > | > | > troubleshoot
| > | > | > | > the root cause of this problem via newsgroup, it might be a
| > | > complex
| > | > | > | > problem, as I referred many factors might blocked the GPO
| > updates,
| > | > | > | > firewall
| > | > | > | > anti-virus software or SMB signing.
| > | > | > | >
| > | > | > | > Sorry for inconvenience, and thanks for your efforts.
| > | > | > | >
| > | > | > | >
| > | > | > | >
| > | > | > | > Best regards,
| > | > | > | >
| > | > | > | > Charles Yang (MSFT)
| > | > | > | >
| > | > | > | > Microsoft CSS Online Newsgroup Support
| > | > | > | >
| > | > | > | > Get Secure! - www.microsoft.com/security
| > | > | > | >
| > | > | > | > ======================================================
| > | > | > | > This newsgroup only focuses on SBS technical issues. If you
| > have
| > | > | > issues
| > | > | > | > regarding other Microsoft products, you'd better post in the
| > | > | > corresponding
| > | > | > | > newsgroups so that they can be resolved in an efficient and
| > timely
| > | > | > manner.
| > | > | > | > You can locate the newsgroup here:
| > | > | > | >
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | > | >
| > | > | > | > When opening a new thread via the web interface, we
recommend
| > you
| > | > | > check
| > | > | > | > the
| > | > | > | > "Notify me of replies" box to receive e-mail notifications
| > when
| > | > there
| > | > | > are
| > | > | > | > any updates in your thread. When responding to posts via
your
| > | > | > newsreader,
| > | > | > | > please "Reply to Group" so that others may learn and benefit
| > from
| > | > your
| > | > | > | > issue.
| > | > | > | >
| > | > | > | > Microsoft engineers can only focus on one issue per thread.
| > | > Although
| > | > | > we
| > | > | > | > provide other information for your reference, we recommend
you
| > | > post
| > | > | > | > different incidents in different threads to keep the thread
| > clean.
| > | > In
| > | > | > | > doing
| > | > | > | > so, it will ensure your issues are resolved in a timely
| > manner.
| > | > | > | >
| > | > | > | > For urgent issues, you may want to contact Microsoft CSS
| > directly.
| > | > | > Please
| > | > | > | > check http://support.microsoft.com for regional support
phone
| > | > numbers.
| > | > | > | >
| > | > | > | > Any input or comments in this thread are highly appreciated.
| > | > | > | > ======================================================
| > | > | > | > This posting is provided "AS IS" with no warranties, and
| > confers
| > | > no
| > | > | > | > rights.
| > | > | > | >
| > | > | > | >
| > | > | > | > =====================================================
| > | > | > | > When responding to posts, please "Reply to Group" via your
| > | > newsreader
| > | > | > so
| > | > | > | > that others may learn and benefit from your issue.
| > | > | > | > =====================================================
| > | > | > | >
| > | > | > | > This posting is provided "AS IS" with no warranties, and
| > confers
| > | > no
| > | > | > | > rights.
| > | > | > | >
| > | > | > | > --------------------
| > | > | > | > | From: "NickC" <NoSpam@xxxxxxxxxxxxxx>
| > | > | > | > | References: <#0yb8FPlFHA.1608@xxxxxxxxxxxxxxxxxxxx>
| > | > | > | > <qk#JxlllFHA.3472@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > | > <u$KSRhnlFHA.1412@xxxxxxxxxxxxxxxxxxxx>
| > | > | > | > <lF03VAwlFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > | > <eyM9CI1lFHA.1948@xxxxxxxxxxxxxxxxxxxx>
| > | > | > | > <3NgMzq8lFHA.3120@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > | > <bdNyKYNmFHA.940@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > | > <OUgO7kOmFHA.1232@xxxxxxxxxxxxxxxxxxxx>
| > | > | > | > <LEzjLcVmFHA.944@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > | > <eInxpswpFHA.2904@xxxxxxxxxxxxxxxxxxxx>
| > | > | > | > <frb2Q85pFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > | > | Subject: Re: Intermittant GPO failure to apply
| > | > | > | > | Date: Thu, 25 Aug 2005 17:40:34 +0100
| > | > | > | > | Lines: 305
| > | > | > | > | X-Priority: 3
| > | > | > | > | X-MSMail-Priority: Normal
| > | > | > | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | > | > | > | X-RFC2646: Format=Flowed; Original
| > | > | > | > | Message-ID: <#SZQAPZqFHA.3540@xxxxxxxxxxxxxxxxxxxx>
| > | > | > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | > | > | NNTP-Posting-Host: 194.164.85.19
| > | > | > | > | Path:
| > | > | > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
| > | > | > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > | > microsoft.public.windows.server.sbs:147801
| > | > | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | > | > |
| > | > | > | > | Hi Charles,
| > | > | > | > |
| > | > | > | > | Disabling the rename administrator account GPO and others
| > didn't
| > | > | > seem
| > | > | > to
| > | > | > | > | help so have now re-enabled them.
| > | > | > | > |
| > | > | > | > | All SMB signing GPO settings are now set to disabled so
will
| > | > wait
| > | > | > and
| > | > | > | > see
| > | > | > | > | what effect that has (must remember to reboot the server
a
| > few
| > | > | > times).
| > | > | > | > |
| > | > | > | > | Workstations do indeed have Trend Micro CSM for SMB
remotely
| > | > | > installed
| > | > | > | > and
| > | > | > | > | updating from the SBS server. Problem is these
workstations
| > are
| > | > all
| > | > | > | > live
| > | > | > | > so
| > | > | > | > | I cannot safely leave virus checking disabled. Do you
have
| > any
| > | > more
| > | > | > | > | information about this possible Trend Micro problem?
| > | > | > | > |
| > | > | > | > | UPHClean is installed and reports the following error but
I
| > | > can't
| > | > | > see
| > | > | > | > how
| > | > | > | > to
| > | > | > | > | identify which application is actually causing this:
| > | > | > | > | The following handles opened in user profile hive
| > | > | > | > <DOMAINNAME>\<username>
| > | > | > | > | (S-1-5-21-3513629081-3873135916-3088626867-1364) are
| > preventing
| > | > the
| > | > | > | > profile
| > | > | > | > | from unloading:
| > | > | > | > | svchost.exe (888)
| > | > | > | > | HKCU (0x3a0)
| > | > | > | > |
| > | > | > | > |
| > | > | > | > | Regards,
| > | > | > | > | Nick
| > | > | > | > |
| > | > | > | > |
| > | > | > | > |
| > | > | > | > | Hi,
| > | > | > | > |
| > | > | > | > | Thanks for updates.
| > | > | > | > |
| > | > | > | > | From the information you gave to me, we can not identify
the
| > | > root
| > | > | > cause,
| > | > | > | > | have you try my suggestion in my last reply, I would like
to
| > | > paste
| > | > | > them
| > | > | > | > | again:
| > | > | > | > |
| > | > | > | > |
| > | > | > | > | FYI:
| > | > | > | > |
| > | > | > | > | What I means about Trend is to disable it on the client
| > computer
| > | > if
| > | > | > you
| > | > | > | > | have also deploy it on client computer, as I know there is
| > some
| > | > | > problem
| > | > | > | > on
| > | > | > | > | this software if you deploy it on client computer.
| > | > | > | > |
| > | > | > | > | As this is an intermittent issue, so it might need some
time
| > to
| > | > | > | > | troubleshoot. in my previous reply, I suggest you disable
| > all
| > | > the
| > | > | > SMB
| > | > | > | > | signing on both client computer and server, please also
make
| > | > sure
| > | > | > that
| > | > | > | > you
| > | > | > | > | have disable all the SMB signing on the group policy. You
| > can
| > | > refer
| > | > | > to
| > | > | > | > the
| > | > | > | > | article below to disable it.
| > | > | > | > |
| > | > | > | > | Please refer to the following link to disable the SMB
| > signing
| > to
| > | > see
| > | > | > if
| > | > | > | > the
| > | > | > | > | slow network access issue will be resolved:
| > | > | > | > | http://www.smallbizserver.net/Default.aspx?tabid=98
| > | > | > | > |
| > | > | > | > | I appreciate your effort on this issue.
| > | > | > | > |
| > | > | > | > |
| > | > | > | > |
| > | > | > | > | Best regards,
| > | > | > | > |
| > | > | > | > | Charles Yang (MSFT)
| > | > | > | > |
| > | > | > | > |
| > | > | > | > | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx>
| > wrote
| > in
| > | > | > message
| > | > | > | > | news:frb2Q85pFHA.1208@xxxxxxxxxxxxxxxxxxxxxxxx
| > | > | > | > | > Hi,
| > | > | > | > | >
| > | > | > | > | > Thanks for updates.
| > | > | > | > | >
| > | > | > | > | > From the information you gave to me, we can not
identify
| > the
| > | > root
| > | > | > | > cause,
| > | > | > | > | > have you try my suggestion in my last reply, I would
like
| > to
| > | > paste
| > | > | > | > them
| > | > | > | > | > again:
| > | > | > | > | >
| > | > | > | > | >
| > | > | > | > | > FYI:
| > | > | > | > | >
| > | > | > | > | > What I means about Trend is to disable it on the client
| > | > computer
| > | > | > if
| > | > | > | > you
| > | > | > | > | > have also deploy it on client computer, as I know there
is
| > | > some
| > | > | > | > problem
| > | > | > | > on
| > | > | > | > | > this software if you deploy it on client computer.
| > | > | > | > | >
| > | > | > | > | > As this is an intermittent issue, so it might need some
| > time
| > | > to
| > | > | > | > | > troubleshoot. in my previous reply, I suggest you
disable
| > all
| > | > the
| > | > | > SMB
| > | > | > | > | > signing on both client computer and server, please also
| > make
| > | > sure
| > | > | > that
| > | > | > | > you
| > | > | > | > | > have disable all the SMB signing on the group policy.
You
| > can
| > | > | > refer
| > | > | > to
| > | > | > | > the
| > | > | > | > | > article below to disable it.
| > | > | > | > | >
| > | > | > | > | > Please refer to the following link to disable the SMB
| > signing
| > | > to
| > | > | > see
| > | > | > | > if
| > | > | > | > | > the
| > | > | > | > | > slow network access issue will be resolved:
| > | > | > | > | > http://www.smallbizserver.net/Default.aspx?tabid=98
| > | > | > | > | >
| > | > | > | > | > I appreciate your effort on this issue.
| > | > | > | > | >
| > | > | > | > | >
| > | > | > | > | >
| > | > | > | > | > Best regards,
| > | > | > | > | >
| > | > | > | > | > Charles Yang (MSFT)
| > | > | > | > | >
| > | > | > | > | > Microsoft CSS Online Newsgroup Support
| > | > | > | > | >
| > | > | > | > | > Get Secure! - www.microsoft.com/security
| > | > | > | > | >
| > | > | > | > | > ======================================================
| > | > | > | > | > This newsgroup only focuses on SBS technical issues. If
| > you
| > | > have
| > | > | > | > issues
| > | > | > | > | > regarding other Microsoft products, you'd better post
in
| > the
| > | > | > | > corresponding
| > | > | > | > | > newsgroups so that they can be resolved in an efficient
| > and
| > | > timely
| > | > | > | > manner.
| > | > | > | > | > You can locate the newsgroup here:
| > | > | > | > | >
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > | > | > | >
| > | > | > | > | > When opening a new thread via the web interface, we
| > recommend
| > | > you
| > | > | > | > check
| > | > | > | > | > the
| > | > | > | > | > "Notify me of replies" box to receive e-mail
notifications
| > | > when
| > | > | > there
| > | > | > | > are
| > | > | > | > | > any updates in your thread. When responding to posts via
| > your
| > | > | > | > newsreader,
| > | > | > | > | > please "Reply to Group" so that others may learn and
| > benefit
| > | > from
| > | > | > your
| > | > | > | > | > issue.
| > | > | > | > | >
| > | > | > | > | > Microsoft engineers can only focus on one issue per
| > thread.
| > | > | > Although
| > | > | > | > we
| > | > | > | > | > provide other information for your reference, we
recommend
| > you
| > | > | > post
| > | > | > | > | > different incidents in different threads to keep the
| > thread
| > | > clean.
| > | > | > In
| > | > | > | > | > doing
| > | > | > | > | > so, it will ensure your issues are resolved in a timely
| > | > manner.
| > | > | > | > | >
| > | > | > | > | > For urgent issues, you may want to contact Microsoft CSS
| > | > directly.
| > | > | > | > Please
| > | > | > | > | > check http://support.microsoft.com for regional support
| > phone
| > | > | > numbers.
| > | > | > | > | >
| > | > | > | > | > Any input or comments in this thread are highly
| > appreciated.
| > | > | > | > | > ======================================================
| > | > | > | > | > This posting is provided "AS IS" with no warranties, and
| > | > confers
| > | > | > no
| > | > | > | > | > rights.
| > | > | > | > | >
| > | > | > | > | >
| > | > | > | > | > =====================================================
| > | > | > | > | > When responding to posts, please "Reply to Group" via
your
| > | > | > newsreader
| > | > | > | > so
| > | > | > | > | > that others may learn and benefit from your issue.
| > | > | > | > | > =====================================================
| > | > | > | > | >
| > | > | > | > | > This posting is provided "AS IS" with no warranties, and
| > | > confers
| > | > | > no
| > | > | > | > | > rights.
| > | > | > | > | >
| > | > | > | > | > --------------------
| > | > | > | > | > | From: "NickC" <NoSpam@xxxxxxxxxxxxxx>
| > | > | > | > | > | References: <#0yb8FPlFHA.1608@xxxxxxxxxxxxxxxxxxxx>
| > | > | > | > | > <qk#JxlllFHA.3472@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > | > | > <u$KSRhnlFHA.1412@xxxxxxxxxxxxxxxxxxxx>
| > | > | > | > | > <lF03VAwlFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > | > | > <eyM9CI1lFHA.1948@xxxxxxxxxxxxxxxxxxxx>
| > | > | > | > | > <3NgMzq8lFHA.3120@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > | > | > <bdNyKYNmFHA.940@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > | > | > <OUgO7kOmFHA.1232@xxxxxxxxxxxxxxxxxxxx>
| > | > | > | > | > <LEzjLcVmFHA.944@xxxxxxxxxxxxxxxxxxxxx>
| > | > | > | > | > | Subject: Re: Intermittant GPO failure to apply
| > | > | > | > | > | Date: Mon, 22 Aug 2005 12:17:58 +0100
| > | > | > | > | > | Lines: 120
| > | > | > | > | > | X-Priority: 3
| > | > | > | > | > | X-MSMail-Priority: Normal
| > | > | > | > | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | > | > | > | > | X-MimeOLE: Produced By Microsoft MimeOLE
V6.00.3790.1830
| > | > | > | > | > | X-RFC2646: Format=Flowed; Original
| > | > | > | > | > | Message-ID: <eInxpswpFHA.2904@xxxxxxxxxxxxxxxxxxxx>
| > | > | > | > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | > | > | > | NNTP-Posting-Host: mail.stkittsnevisregistry.net
| > | > 194.164.85.19
| > | > | > | > | > | Path:
| > | > | > | >
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | > | > | > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > | > | > | > microsoft.public.windows.server.sbs:146589
| > | > | > | > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > | > | > | > |
| > | > | > | > | > | Hi Charles,
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > | UPHClean now installed and logging the following
errors:
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > | Event Type: Information
| > | > | > | > | > |
| > | > | > | > | > | Event Source: UPHClean
| > | > | > | > | > |
| > | > | > | > | > | Event Category: None
| > | > | > | > | > |
| > | > | > | > | > | Event ID: 1501
| > | > | > | > | > |
| > | > | > | > | > | Date: 18/08/2005
| > | > | > | > | > |
| > | > | > | > | > | Time: 16:32:11
| > | > | > | > | > |
| > | > | > | > | > | User: <DOMAINNAME>\<username>
| > | > | > | > | > |
| > | > | > | > | > | Computer: <DOMAINNAME>5
| > | > | > | > | > |
| > | > | > | > | > | Description:
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > | The following handles opened in user profile hive
| > | > | > | > | > <DOMAINNAME>\<username>
| > | > | > | > | > | (S-1-5-21-3513629081-3873135916-3088626867-1364) are
| > | > preventing
| > | > | > the
| > | > | > | > | > profile
| > | > | > | > | > | from unloading:
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > | svchost.exe (888)
| > | > | > | > | > |
| > | > | > | > | > | HKCU (0x3a0)
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > | How can I tell what application is causing this?
| > | > | > | > | > |
| > | > | > | > | > | Thanks,
| > | > | > | > | > | Nick
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > | ""Charles Yang [MSFT]""
<v-chayan@xxxxxxxxxxxxxxxxxxxx>
| > | > wrote
| > | > in
| > | > | > | > message
| > | > | > | > | > | news:LEzjLcVmFHA.944@xxxxxxxxxxxxxxxxxxxxxxxx
| > | > | > | > | > | > HI NICK,
| > | > | > | > | > | >
| > | > | > | > | > | > Thanks for quickly updates.
| > | > | > | > | > | >
| > | > | > | > | > | > After researching the error 1517, I found it might
| > relate
| > | > to
| > | > | > group
| > | > | > | > | > policy
| > | > | > | > | > | > is not update, you can refer to my suggestion below:
| > | > | > | > | > | >
| > | > | > | > | > | > Many system and service processes do work on behalf
of
| > | > users.
| > | > | > | > When
| > | > | > | > | > the
| > | > | > | > | > | > work is done the system or service process is
| > responsible
| > | > for
| > | > | > | > | > releasing
| > | > | > | > | > | > handles it has to the user profile hive. If this
is
| > not
| > | > done
| > | > | > by
| > | > | > | > the
| > | > | > | > | > | > service as the user logs off the profile cannot be
| > | > unloaded.
| > | > | > | > | > | >
| > | > | > | > | > | > This problem in code can be caused by improper
coding
| > | > either
| > | > | > in
| > | > | > | > | > Microsoft
| > | > | > | > | > | > software or 3rd party software (e.g. printer
drivers,
| > | > virus
| > | > | > | > scanner
| > | > | > | > | > | > service, etc). With the information provided by the
| > | > system
| > | > | > there
| > | > | > | > is
| > | > | > | > | > no
| > | > | > | > | > | > way
| > | > | > | > | > | > to find out what software needs to be corrected to
| > allow
| > | > | > profiles
| > | > | > | > to
| > | > | > | > | > | > unload.
| > | > | > | > | > | >
| > | > | > | > | > | > Why we use UPHCLEAN
| > | > | > | > | > | > ====================
| > | > | > | > | > | > In the past these issues have been fixed by code
| > changes
| > | > to
| > | > | > | > release
| > | > | > | > | > the
| > | > | > | > | > | > registry handle. The disadvantage of this approach
is
| > | > that
| > | > in
| > | > | > | > many
| > | > | > | > | > cases
| > | > | > | > | > | > multiple issues (different code paths) are causing
the
| > | > | > profiles
| > | > | > to
| > | > | > | > not
| > | > | > | > | > | > unload. Unless all problem code paths are fixed
| > profiles
| > | > do
| > | > | > not
| > | > | > | > | > unload.
| > | > | > | > | > | >
| > | > | > | > | > | > The concept of UPHClean is to deal with these the
same
| > way
| > | > the
| > | > | > | > | > operating
| > | > | > | > | > | > system deals with other resource issues: when a
task
| > is
| > | > done
| > | > | > | > resources
| > | > | > | > | > | > (memory, handles, etc) are automatically reclaimed.
| > | > UPHClean
| > | > | > | > | > | > accomplishesthis simply by monitoring for users to
log
| > off
| > | > and
| > | > | > | > | > verifying
| > | > | > | > | > | > that unused resources are reclaimed. If they are
not
| > it
| > | > | > reclaims
| > | > | > | > the
| > | > | > | > | > | > resource and logsits action. This approach is
| > superior
| > as
| > | > it
| > | > | > | > works
| > | > | > | > | > for
| > | > | > | > | > | > any
| > | > | > | > | > | > known reason that profiles do not unload and also
will
| > | > keep
| > | > | > | > working
| > | > | > | > to
| > | > | > | > | > | > address new unknown issues.
| > | > | > | > | > | >
| > | > | > | > | > | > Another advantage to UPHClean is that no computer
| > restart
| > | > is
| > | > | > | > required
| > | > | > | > | > to
| > | > | > | > | > | > install it or remove it (except on Windows NT 4).
You
| > can
| > | > | > install
| > | > | > | > and
| > | > | > | > | > | > remove UPHClean to find out whether it helps with a
| > | > profile
| > | > | > unload
| > | > | > | > | > problem
| > | > | > | > | > | > or not. You can do this without having to worry
about
| > | > what
| > | > | > | > hotfix,
| > | > | > | > | > | > service
| > | > | > | > | > | > pack, feature pack, etc has been installed. Set it
| > and
| > | > forget
| > | > | > is
| > | > | > | > the
| > | > | > | > | > goal
| > | > | > | > | > | > ofUPHClean.
| > | > | > | > | > | >
| > | > | > | > | > | > By default UPHClean takes action to allow profiles
to
| > | > unload.
| > | > | > You
| > | > | > | > can
| > | > | > | > | > | > choose to have UPHClean only report what processes
it
| > | > finds
| > | > | > | > preventing
| > | > | > | > | > | > profiles from unloading. To do this, install
UPHClean
| > and
| > | > use
| > | > | > the
| > | > | > | > | > | > registry
| > | > | > | > | > | > editor to set:
| > | > | > | > | > | >
| > | > | > | > | > | >
| > | > | > | >
| > | >
HKLM\System\CurrentControlSet\Services\UPHClean\Parameters\REPORT_ONLY
| > | > | > | > | > to
| > | > | > | > | > | > 1
| > | > | > | > | > | >
| > | > | > | > | > | > 837115 Troubleshooting profile unload issues
| > | > | > | > | > | > http://support.microsoft.com/?id=837115
| > | > | > | > | > | >
| > | > | > | > | > | > If possible please perform my steps above and paste
| > any
| > | > | > progress
| > | > | > | > to
| > | > | > | > | > | > newsgroup, thanks for your effort in this issue.
| > | > | > | > | > | >
| > | > | > | > | > | >
| > | > | > | > | > | >
| > | > | > | > | > | > Best regards,
| > | > | > | > | > | >
| > | > | > | > | > | > Charles Yang (MSFT)
| > | > | > | > | > | >
| > | > | > | > | > | > Microsoft CSS Online Newsgroup Support
| > | > | > | > | > | >
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | > |
| > | > | > | > | >
| > | > | > | > |
| > | > | > | > |
| > | > | > | > |
| > | > | > | >
| > | > | > |
| > | > | > |
| > | > | > |
| > | > | >
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|
.
- References:
- Re: Intermittant GPO failure to apply
- From: NickC
- Re: Intermittant GPO failure to apply
- From: "Charles Yang [MSFT]"
- Re: Intermittant GPO failure to apply
- From: "Charles Yang [MSFT]"
- Re: Intermittant GPO failure to apply
- From: NickC
- Re: Intermittant GPO failure to apply
- Prev by Date: RE: Help & Support
- Next by Date: RE: Windows 2003 Setup fails on component 25 in add or remove prog
- Previous by thread: Re: Intermittant GPO failure to apply
- Next by thread: Re: Intermittant GPO failure to apply
- Index(es):
Relevant Pages
|
