RE: DFS & GPO Problems
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Wed, 18 Jan 2006 02:57:23 GMT
Hi,
Thank you for posting in SBS newsgroup.
>From the description, I understand you received the event 1030 and 1058 in
event log. If I have misunderstood your concerns, please do not hesitate to
let me know.
As I know, you only need to check Distributed File System (DFS) service is
started on SBS. There is no DFS service on client computers.
Generally, this issue may be caused by the following problem:
1. DNS settings and network properties on the server and client computers.
For example: DNS Server address is not configured correctly on the affected
computer.
2. This issue may occur if SMB signing is enabled.
3. Server Message Block signing settings on the client computers.
4. The TCP/IP NetBIOS Helper service, the Net Logon service, and the Remote
Procedure Call (RPC) service are not started on all computers.
5. Distributed File System (DFS) service is not enabled on DC.
6. The contents and the permissions of the Sysvol folder.
7. The Bypass traverse checking right is not granted to the required groups.
8. The domain controllers are in a journal wrap state.
9. Run the dfsutil /purgemupcache command.
Please check the above information one by one to see how thing goes.
I suggest that you firstly check if the internal DNS Service of SBS is
configured to be the DNS server on the problematic client computer.
For making sure that the "Bypass traverse checking" right is granted to the
required groups:
1. On the SBS server, click Start, point to Programs or All Programs, point
to Administrative Tools, and then click Domain Controller Security Policy.
2. Expand Security Settings, expand Local Policies, and then click User
Rights Assignment.
3. Double-click the "Bypass traverse checking" policy setting.
4. Click to check the "Define these policy settings" box, if the option is
not enabled already.
5. The following groups should be listed for this policy setting:
Administrators
Authenticated Users
Everyone
Pre-Windows 2000 Compatible Access
If any of these groups are missing, click Add, type the name of the
missing group, and then click OK.
6. Click OK to close the policy setting.
7. Run the "gpupdate /force" command on SBS.
For detailed steps of disabling the SMB signing, please refer to:
839499 You cannot open file shares or Group Policy snap-ins when you disable
http://support.microsoft.com/?id=839499
Related information:
834649 Client computers record Event ID 1030 and Event ID 1058 when DFS is
not
http://support.microsoft.com/?id=834649
842804 Group Policy processing does not work and events 1030 and 1058 are
http://support.microsoft.com/?id=842804
888943 Event 1030 and event 1058 may be logged, and you may not be able to
http://support.microsoft.com/?id=888943
We can also try to disable the Windows Firewall on the problematic
computers to see if it helps.
In addition, please make sure you have configured SBS as following:
1. Leave the Default Gateway of the internal NIC blank.
2. Configure both the internal NIC and the external NIC to use the internal
DNS Service as the DNS Server.
3. On the DNS Server, create the DNS Forwarder to forward the external DNS
resolution requests to the ISP's DNS server. See:
323380 How to configure DNS for Internet access in Windows Server 2003
http://support.microsoft.com/?id=323380
4. Strictly followed the instructions in the KB article below to run CEICW:
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763
I appreciate your time and look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: DFS & GPO Problems
| | From: "=?Utf-8?B?dTEwMTQ0MA==?=" <u101440@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: DFS & GPO Problems
| Date: Tue, 17 Jan 2006 05:30:04 -0800
| | Newsgroups: microsoft.public.windows.server.sbs
||
| I'm having a few problems with my SBS 2003 Premium box at the moment and
was
| hoping that someone can help. My users are currently receiving 1030 &
1058
| errors at the moment (more detail below) and I'm wondering if this is a
DFS
| issue.
|
| The exact errors my users receive are:
|
| Error 1030
| Windows cannot query for the list of Group Policy objects. A message that
| describes the reason for this was previously logged by the policy engine.
|
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.
|
| &
|
| Error 1058
| Windows cannot access the file gpt.ini for GPO
|
cn={1E394A97-1634-4D53-837C-5B005998BC6A},cn=policies,cn=system,DC=headoffic
e,DC=psybt,DC=local.
| The file must be present at the location
|
<\\headoffice.psybt.local\SysVol\headoffice.psybt.local\Policies\{1E394A97-1
634-4D53-837C-5B005998BC6A}\gpt.ini>.
| (Access is denied. ). Group Policy processing aborted.
|
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.
|
| I've tried a number of issues to resolve this including:
|
| Applying Group Policy causes Userenv errors and events to occur on your
| computers that are running Windows Server 2003, Windows XP, or Windows
2000
| http://support.microsoft.com/kb/887303/en-us
|
| Event ID 1000, 1001 is logged every five minutes in the Application event
log
| http://support.microsoft.com/kb/290647/
|
| Group policies are not applied the way you expect; "Event ID 1058" and
| "Event ID 1030" errors in the application log
| http://support.microsoft.com/kb/314494/en-us
|
| So far nothing appears to have worked. However, I note that some of these
| articles state that DFS needs to be running on both the server and the
| client. On the server DFS is running perfectly fine but when I check the
| services of all my workstations none of them appear to have DFS as a
service.
| Should it appear in Services?
|
| If so, how do I go about sorting this problem? If it's not that, can
anyone
| else think of a reason why this would be happening?
|
.
- Prev by Date: Re: Deactivate email delivery report
- Next by Date: Re: SBS 2003 auto reboot problem
- Previous by thread: RE: Public IP becomes unpingable after time
- Next by thread: Re: SBS 2003 auto reboot problem
- Index(es):
Relevant Pages
|
