Re: SBS2003 - Cannot restore GPO following Article 888943

Hi,

As far as I was able to gather information, there was no real
"recovery" that took place other than a "repair" - when the new drive
with the O/S "discovered" the original during the boot sequence, it
undertook to "repair" it so that it was readable. What that
constituted I'm not sure, but that doesn't sound like a restore from
backup of another installation, just a file system repair.

As to the second DNS setting, the system worked quite well prior to
the crash. As I understand, if primary DNS doesn't respond, the client
will automatically try the next DNS listed. I will, however, put in
forwarders on the SBS server DNS.

Since there is no recent backup, is there a way of identifying if the
SYSVOL has the respective junction points before doing a restore from
backup or do I have to do a repair install? Should I consider
following article 315457?

Thanks for the help.

AJ



On Tue, 06 Dec 2005 01:07:20 GMT, v-chayan@xxxxxxxxxxxxxxxxxxxx
("Charles Yang [MSFT]") wrote:

>HI,
>
>Thanks for updates.
>
>>From your description, it seems your currently system is recovery from
>another installation of SBS 2003? Could you clarify it more clearly, as I
>know, we can only restore the SBS 2003 from it own backup, if you restore
>it from another SBS 2003 installation, it will cause many known issue,
>especially in DNS and AD which will certainly cause the issue you
>encountered. If this is your situation, it is your best interest to do
>restore from its own backup or do a clean reinstall.
>
>Also I found your DNS setting on the SBS server have another DNS server
>entry, could you remove it from TCP/IP properties, as I know we recommend
>put on SBS internal NIC as the DNS server on all the client computer and
>server computer TCP/IP properties.
>
>As the issue seems to be an urgency issue, we suggest you call CSS for
>assistance.
>
>To obtain the phone numbers for specific technology request please take a
>look at the web site listed below.
>
>http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
>
>If you are outside the US please see http://support.microsoft.com for
>regional support phone numbers.
>
>Thanks so much for your understanding here. I am glad to be of assistance.
>Please feel free to post back the results.
>
>
>
>Best regards,
>
>Charles Yang (MSFT)
>
>Microsoft CSS Online Newsgroup Support
>
>Get Secure! - www.microsoft.com/security
>
>======================================================
>This newsgroup only focuses on SBS technical issues. If you have issues
>regarding other Microsoft products, you'd better post in the corresponding
>newsgroups so that they can be resolved in an efficient and timely manner.
>You can locate the newsgroup here:
>http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
>When opening a new thread via the web interface, we recommend you check the
>"Notify me of replies" box to receive e-mail notifications when there are
>any updates in your thread. When responding to posts via your newsreader,
>please "Reply to Group" so that others may learn and benefit from your
>issue.
>
>Microsoft engineers can only focus on one issue per thread. Although we
>provide other information for your reference, we recommend you post
>different incidents in different threads to keep the thread clean. In doing
>so, it will ensure your issues are resolved in a timely manner.
>
>For urgent issues, you may want to contact Microsoft CSS directly. Please
>check http://support.microsoft.com for regional support phone numbers.
>
>Any input or comments in this thread are highly appreciated.
>======================================================
>This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>=====================================================
>When responding to posts, please "Reply to Group" via your newsreader so
>that others may learn and benefit from your issue.
>=====================================================
>
>This posting is provided "AS IS" with no warranties, and confers no rights.
>
>--------------------
>| NNTP-Posting-Date: Mon, 05 Dec 2005 10:48:22 -0600
>| From: AJ <aj_king7@xxxxxxxxxxx>
>| Newsgroups: microsoft.public.windows.server.sbs
>| Subject: Re: SBS2003 - Cannot restore GPO following Article 888943
>| Date: Mon, 05 Dec 2005 11:48:23 -0500
>| Organization: IveBeenMoved
>| Message-ID: <qfq8p1t0pqb3420r79q9qag9q1iptuj9mo@xxxxxxx>
>| References: <np32p11ap2jha9v8fge24ar3e2f0hqpaul@xxxxxxx>
><H0$7v5U#FHA.832@xxxxxxxxxxxxxxxxxxxxx>
>| X-Newsreader: Forte Agent 2.0/32.652
>| MIME-Version: 1.0
>| Content-Type: text/plain; charset=us-ascii
>| Content-Transfer-Encoding: 7bit
>| Lines: 453
>| NNTP-Posting-Host: 72.56.43.183
>| X-Trace:
>sv3-FEEUApHNAgWFl00yD88OoFaw3LmoTkBLE4cAWvFkmq617qFBGRViXSZ9i2F6TmBuQkp6DDxv
>lLkINax!uyQpFLJkw4tJ6otg5C77s0FWZ8iqwqHSJJFJ+7IBccVIFAR6bNlprQJoc2XLk5Q+qn/G
>ocLs+Kvk!T98nn0o=
>| X-Complaints-To: abuse@xxxxxxxxxx
>| X-DMCA-Complaints-To: abuse@xxxxxxxxxx
>| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
>| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
>complaint properly
>| X-Postfilter: 1.3.32
>| Path:
>TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
>ne.de!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.gigan
>ews.com!local01.nntp.dca.giganews.com!nntp.rogers.com!news.rogers.com.POSTED
>!not-for-mail
>| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:227815
>| X-Tomcat-NG: microsoft.public.windows.server.sbs
>|
>| Hi Charles,
>|
>| Thanks for your response. In the meantime, a few things have been
>| tried, but the situation is basically the same. System is usable, but
>| serious conditions exist. Your continued help will be appreciated.
>|
>| Here's some more information that may assist in your understanding of
>| the problem.
>|
>| Preamble - Network configuration is as follows:
>|
>| Server-----------------Gigabit router----------cable modem
>| **********************|
>| **********************|
>| **********************|
>| 2 Workstation(s)********|
>|
>|
>| Server running SBS 2003 Std (ISA not installed)
>| motherboard is Tyan S2891 with Broadcom dual port Gbe (using port 2
>| for local net)
>| ip= 10.0.0.20
>|
>| Router ip=10.0.0.3 (defined as Gateway)
>|
>| Workstations running Win XP Pro w/ latest SP
>|
>| All NICs are configured with DNS Servers: 10.0.0.20 and 4.2.2.1 since
>| they want the workstations to continue to access the internet even if
>| the server is down.
>|
>| Situation:
>|
>| This configuration worked with no errors prior to a disk crash that
>| caused a CMOS change and perhaps other file changes/deletions (?).
>| System was recovered by a h/w tech using another installation of the
>| SBS 2003
>|
>| OS in another drive that was connected to the system long enough to
>| cause a rebuild/repair on the original drive. The temp drive was
>| removed and the original replaced in the system. The system booted ok
>| but GPO errors were noted. Since then, various efforts have been made
>| to re-establish the settings for the system state. Only system state
>| files availble are ones taken as a backup after the initial install.
>|
>|
>| results of running Netdia at server:
>|
>| ////////////////////////
>|
>| Microsoft Windows [Version 5.2.3790]
>| (C) Copyright 1985-2003 Microsoft Corp.
>|
>| C:\Documents and Settings\Administrator>netdiag
>|
>| .....................................
>|
>| Computer Name: THORNHILL1
>| DNS Host Name: thornhill1.BRK.local
>| System info : Windows 2000 Server (Build 3790)
>| Processor : x86 Family 15 Model 5 Stepping 10, AuthenticAMD
>| List of installed hotfixes :
>| Q147222
>|
>|
>| Netcard queries test . . . . . . . : Passed
>|
>|
>|
>| Per interface results:
>|
>| Adapter : Server Local Area Connection
>|
>| Netcard queries test . . . : Passed
>|
>| Host Name. . . . . . . . . : thornhill1
>| IP Address . . . . . . . . : 10.0.0.20
>| Subnet Mask. . . . . . . . : 255.255.255.0
>| Default Gateway. . . . . . : 10.0.0.3
>| Primary WINS Server. . . . : 10.0.0.20
>| Dns Servers. . . . . . . . : 10.0.0.20
>| 4.2.2.1
>|
>|
>| AutoConfiguration results. . . . . . : Passed
>|
>| Default gateway test . . . : Passed
>|
>| NetBT name test. . . . . . : Passed
>| [WARNING] At least one of the <00> 'WorkStation Service', <03>
>| 'Messenger Service', <20> 'WINS'
>|
>| names is missing.
>| No remote names have been found.
>|
>| WINS service test. . . . . : Passed
>|
>|
>| Global results:
>|
>|
>| Domain membership test . . . . . . : Failed
>| [WARNING] Ths system volume has not been completely replicated to
>| the local machine. This machine is
>|
>| not working properly as a DC.
>|
>|
>| NetBT transports test. . . . . . . : Passed
>| List of NetBt transports currently configured:
>| NetBT_Tcpip_{671FBE3B-DF2F-4666-9448-8DB80F7A26DD}
>| 1 NetBt transport currently configured.
>|
>|
>| Autonet address test . . . . . . . : Passed
>|
>|
>| IP loopback ping test. . . . . . . : Passed
>|
>|
>| Default gateway test . . . . . . . : Passed
>|
>|
>| NetBT name test. . . . . . . . . . : Passed
>| [WARNING] You don't have a single interface with the <00>
>| 'WorkStation Service', <03> 'Messenger
>|
>| Service', <20> 'WINS' names defined.
>|
>|
>| Winsock test . . . . . . . . . . . : Passed
>|
>|
>| DNS test . . . . . . . . . . . . . : Passed
>| PASS - All the DNS entries for DC are registered on DNS server
>| '10.0.0.20'.
>| [WARNING] The DNS entries for this DC are not registered correctly
>| on DNS server '4.2.2.1'. Please
>|
>| wait for 30 minutes for DNS server replication.
>|
>|
>| Redir and Browser test . . . . . . : Passed
>| List of NetBt transports currently bound to the Redir
>| NetBT_Tcpip_{671FBE3B-DF2F-4666-9448-8DB80F7A26DD}
>| The redir is bound to 1 NetBt transport.
>|
>| List of NetBt transports currently bound to the browser
>| NetBT_Tcpip_{671FBE3B-DF2F-4666-9448-8DB80F7A26DD}
>| The browser is bound to 1 NetBt transport.
>|
>|
>| DC discovery test. . . . . . . . . : Failed
>| [FATAL] Cannot find DC in domain 'BRK'. [ERROR_NO_SUCH_DOMAIN]
>|
>|
>| DC list test . . . . . . . . . . . : Failed
>| 'BRK': Cannot find DC to get DC list from [test skipped].
>|
>|
>| Trust relationship test. . . . . . : Skipped
>|
>|
>| Kerberos test. . . . . . . . . . . : Skipped
>| 'BRK': Cannot find DC to get DC list from [test skipped].
>|
>|
>| LDAP test. . . . . . . . . . . . . : Failed
>| Cannot find DC to run LDAP tests on. The error occurred was: The
>| specified domain either does not
>|
>| exist or could not be contacted.
>|
>| [WARNING] Cannot find DC in domain 'BRK'.
>| [ERROR_NO_SUCH_DOMAIN]
>|
>|
>| Bindings test. . . . . . . . . . . : Passed
>|
>|
>| WAN configuration test . . . . . . : Skipped
>| No active remote access connections.
>|
>|
>| Modem diagnostics test . . . . . . : Passed
>|
>| IP Security test . . . . . . . . . : Skipped
>|
>| Note: run "netsh ipsec dynamic show /?" for more detailed
>| information
>|
>|
>| The command completed successfully
>|
>|
>| C:\Documents and Settings\Administrator>gpupdate
>| Refreshing Policy...
>|
>| User Policy Refresh has completed.
>| Computer Policy Refresh has completed.
>|
>| To check for errors in policy processing, review the event log.
>|
>|
>| C:\Documents and Settings\Administrator>
>| ///////////////////////////////
>|
>| Users (2) can still log in and gain access to Exchange server,
>| although I'm not sure how.
>|
>| Because the DC is not recognized in the domain, continue to get 1030 &
>| 1006 errors. Also, FRS reports JRNL_WRAP-ERROR 13561 after 13516
>| 13501 133503 13502. (attempted to do a gpupdate cmd). This makes sense
>| if it can't contact the DC.
>|
>| I tried to verify that I could access the DC at
>| \\brk.local\sysvol\brk.local and received a response that
>| configuration information was not available because the DC was not
>| accessible. How do I correct this? This seems to be the major cause of
>| the problems.
>|
>| I've read through 887303 (in summary, 1-4 are ok, 5-7 I don't know how
>| to do). At Step five: using net share, can't locate SYSVOL and
>| NETLOGON in the list of folders.
>|
>| In 315457, a list of folders for SYSVOL includes \domain and
>| \SYSVOL\SYSVOL. When I check \sysvol with Explorer, these directories
>| are missing.
>|
>| Can any of these be restored from the Windows system tools backup
>| that saved the system state files following the initial installation?
>|
>| Thanks for your inputs.
>|
>| AJ
>|
>| On Mon, 05 Dec 2005 03:46:08 GMT, v-chayan@xxxxxxxxxxxxxxxxxxxx
>| ("Charles Yang [MSFT]") wrote:
>|
>| >HI AJ,
>| >
>| >Welcome to SBS newsgroup.
>| >
>| >
>| >I am sorry for the delayed response due to weekend. Please understand
>that
>| >the newsgroups are staffed weekdays by Microsoft Support professionals
>to
>| >answer your systems and applications questions. Your understanding is
>| >greatly appreciated!
>| >
>| >Issue description:
>| >=============
>| >
>| >I understand that you encountered 1030 and 1058 error after a CMOS
>changed
>| >and boot file lost even you use the repair function on SBS 2003.
>| >
>| >Analyzing and suggestion:
>| >============
>| >
>| >Before we go any further, please understand that the repair function
>might
>| >not repair all the problems. If this is the serious issue, you might
>have
>| >to call CSS for urgency help. You can refer to information below:
>| >
>| >To obtain the phone numbers for specific technology request please take
>a
>| >look at the web site listed below.
>| >
>| >http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
>| >
>| >If you are outside the US please see http://support.microsoft.com for
>| >regional support phone numbers.
>| >
>| >Here I would like to give you some general suggestion on the 1030 and
>1058
>| >error.
>| >
>| >1. Examine the DNS settings and network properties on the servers and
>| >client computers, make sure that there is only one DNS entries in the
>| >TCP/IP properties, it need to point to the SBS internal NIC. Add the ISP
>| >DNS server as forward DNS server when run CEICW. Refer to the KB article
>| >below for more information:
>| >
>| >825763 How to configure Internet access in Windows Small Business Server
>| >2003
>| >http://support.microsoft.com/?id=825763
>| >
>| >2. Examine the Server Message Block signing settings on the client
>| >computers. You can refer to the KB article below for SMB signing:
>| >3. Make sure that the TCP/IP NetBIOS Helper service, the Net Logon
>service,
>| >and the Remote Procedure Call (RPC) service are started on all
>computers.
>| >4. Make sure that Distributed File System (DFS) is enabled on all
>computers.
>| >5. Examine the contents and the permissions of the Sysvol folder. Make
>sure
>| >that the domain administrator local system services and network services
>| >have full control permission.
>| >
>| >6. Run the dfsutil /purgemupcache command.
>| >7. We have some known issue on that NICs, You can refer to the KB
>article
>| >below to disable the media sense on your Intel NIC to see if the issue
>can
>| >be cleared.
>| >
>| >326152 PRB: Cannot Connect to Domain Controller and Cannot Apply Group
>| >Policy
>| >http://support.microsoft.com/?id=326152
>| >
>| >239924 How to disable Media Sense for TCP/IP in Windows
>| >http://support.microsoft.com/?id=239924
>| >
>| >
>| >More info:
>| >============
>| >
>| >887303 Applying Group Policy causes Userenv errors and events to occur
>on
>| >your
>| >http://support.microsoft.com/?id=887303
>| >
>| >842804:Group Policy processing does not work and events 1030 and 1058 are
>| >http://support.microsoft.com/?id=842804
>| >
>| >
>| >I appreciate your understanding on this issue, please feel free to post
>| >back the results. I am glad to be of further assistance.
>| >
>| >
>| >
>| >Best regards,
>| >
>| >Charles Yang (MSFT)
>| >
>| >Microsoft CSS Online Newsgroup Support
>| >
>| >Get Secure! - www.microsoft.com/security
>| >
>| >======================================================
>| >This newsgroup only focuses on SBS technical issues. If you have issues
>| >regarding other Microsoft products, you'd better post in the
>corresponding
>| >newsgroups so that they can be resolved in an efficient and timely
>manner.
>| >You can locate the newsgroup here:
>| >http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>| >
>| >When opening a new thread via the web interface, we recommend you check
>the
>| >"Notify me of replies" box to receive e-mail notifications when there
>are
>| >any updates in your thread. When responding to posts via your
>newsreader,
>| >please "Reply to Group" so that others may learn and benefit from your
>| >issue.
>| >
>| >Microsoft engineers can only focus on one issue per thread. Although we
>| >provide other information for your reference, we recommend you post
>| >different incidents in different threads to keep the thread clean. In
>doing
>| >so, it will ensure your issues are resolved in a timely manner.
>| >
>| >For urgent issues, you may want to contact Microsoft CSS directly.
>Please
>| >check http://support.microsoft.com for regional support phone numbers.
>| >
>| >Any input or comments in this thread are highly appreciated.
>| >======================================================
>| >This posting is provided "AS IS" with no warranties, and confers no
>rights.
>| >
>| >
>| >=====================================================
>| >When responding to posts, please "Reply to Group" via your newsreader so
>| >that others may learn and benefit from your issue.
>| >=====================================================
>| >
>| >This posting is provided "AS IS" with no warranties, and confers no
>rights.
>| >
>| >--------------------
>| >| NNTP-Posting-Date: Fri, 02 Dec 2005 21:30:41 -0600
>| >| From: AJ <aj_king7@xxxxxxxxxxx>
>| >| Newsgroups: microsoft.public.windows.server.sbs
>| >| Subject: SBS2003 - Cannot restore GPO following Article 888943
>| >| Date: Fri, 02 Dec 2005 22:36:23 -0500
>| >| Organization: IveBeenMoved
>| >| Message-ID: <np32p11ap2jha9v8fge24ar3e2f0hqpaul@xxxxxxx>
>| >| X-Newsreader: Forte Agent 2.0/32.652
>| >| MIME-Version: 1.0
>| >| Content-Type: text/plain; charset=us-ascii
>| >| Content-Transfer-Encoding: 7bit
>| >| Lines: 54
>| >| NNTP-Posting-Host: 72.56.43.183
>| >| X-Trace:
>|
>>sv3-HfLQYRWyKh6QPnGEhFBwicWZCSlTGHgK5BQcrjXKTknZU/VTes6ZLjmAaLEUvO+k/z7W5R1
>R
>|
>>aAoWj4R!A9YbAquyAiBo/KHcalbPoW/RcwmDgEcdOMkbkMjfj1QTKxoxujh9l/Ej2DzzVDYBlDL
>Y
>| >UIKsNL7e!GFSp5/c=
>| >| X-Complaints-To: abuse@xxxxxxxxxx
>| >| X-DMCA-Complaints-To: abuse@xxxxxxxxxx
>| >| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
>| >| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
>| >complaint properly
>| >| X-Postfilter: 1.3.32
>| >| Path:
>|
>>TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onl
>i
>|
>>ne.de!news.glorb.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local0
>1
>|
>>.nntp.dca.giganews.com!nntp.rogers.com!news.rogers.com.POSTED!not-for-mail
>| >| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:227416
>| >| X-Tomcat-NG: microsoft.public.windows.server.sbs
>| >|
>| >| We've had a system lockup. CMOS settings changed by motherboard and
>| >| lost files on boot drive. Did a system repair from a install/repair.
>| >| Now have the system up and running, but... getting Event 1030 & event
>| >| 1058 every 5 minutes. The Group Policy snap-in starts, but can't
>| >| repair Group Policy Objects (trying to follow Article ID 88894-3).
>| >| Here's the messages in the Application Error log files:
>| >|
>| >| Event Type: Error
>| >| Event Source: Userenv
>| >| Event Category: None
>| >| Event ID: 1058
>| >| Date: 02/12/2005
>| >| Time: 12:09:48 PM
>| >| User: NT AUTHORITY\SYSTEM
>| >| Computer: SERVER1
>| >| Description:
>| >| Windows cannot access the file gpt.ini for GPO
>| >|
>|
>>CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=BRK,DC=l
>o
>| >cal.
>| >| The file must be present at the location
>| >|
>|
>><\\company.local\sysvol\company.local\Policies\{31B2F340-016D-11D2-945F-00C
>0
>| >4FB984F9}\gpt.ini>.
>| >| (Configuration information could not be read from the domain
>| >| controller, either because the machine is unavailable, or access has
>| >| been denied. ). Group Policy processing aborted.
>| >|
>| >| For more information, see Help and Support Center at
>| >| http://go.microsoft.com/fwlink/events.asp.
>| >|
>| >| Event Type: Error
>| >| Event Source: Userenv
>| >| Event Category: None
>| >| Event ID: 1030
>| >| Date: 02/12/2005
>| >| Time: 12:09:48 PM
>| >| User: NT AUTHORITY\SYSTEM
>| >| Computer: SERVER1
>| >| Description:
>| >| Windows cannot query for the list of Group Policy objects. Check the
>| >| event log for possible messages previously logged by the policy engine
>| >| that describes the reason for this.
>| >|
>| >| For more information, see Help and Support Center at
>| >| http://go.microsoft.com/fwlink/events.asp.
>| >|
>| >| The system root appears to be correct and the path to the sysvol is
>| >| correct. The DC is not being replaced by a Random_Domain_Name as per
>| >| the article. However, there's no policy.
>| >|
>| >| Do I need to reset GPO to the Default settings in order to get to a
>| >| base starting point?
>| >|
>| >| Any suggestions would be appreciated.
>| >|
>| >| Thanks.
>| >| AJ
>| >|
>|
>|

.

Relevant Pages