Re: GP to force Daily Restart
- From: Paul <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 21 Aug 2006 19:45:02 -0700
I have seen this list many times and still does not resolve my issue; I have
spent a lot of time on these ideas to no avail.
I just prefer if possible to set a GPO to automatically restart the
computers every 24 hours.
Anyone know how to do this?
Thanks
Paul
"jesmin ningthoujam" wrote:
Perhaps this might help !!.
************************
Event ID :
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 10/27/2004
Time: 1:00:50 PM
User: N/A
Computer: COMPUTER
Description: The Security System could not establish a secured connection with the server ldap/DC01.corp.com/corp.com@xxxxxxxxx No authentication protocol was available.
http://support.microsoft.com/?kbid=885887
You cannot access network resources after you try to log on to a Windows XP Service Pack 2-based computer
User ENV 1030 / 1065 is a very very generic Error which could be triggered due to several factors. Some of them are listed below :
*************************************************************************************************
SYMPTOMS
========
Windows XP Professional and Windows Server 2003 computers may log events in the
application log that are similar to the following:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: Date
Time: Time
User: DOMAINNAME\Username
Computer: COMPUTERNAME
Description:
Windows cannot access the file gpt.ini for GPO
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domainname,DC=com
.. The file must be present at the location
<\\domainname.com\sysvol\domainname.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984
F9}\gpt.ini>. (<Error message> ). Group Policy processing aborted.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: Date
Time: Time
User: DOMAINNAME\Username
Computer: COMPUTERNAME
Description:
Windows cannot query for the list of Group Policy objects. A message that describes
the reason for this was previously logged by the policy engine.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Note: The specific error message in the Description field of the Userenv 1058 event
appears in the parentheses after the gpt.ini file location. The following are some
of the common error messages that occur:
The network path was not found.
Access is denied.
Configuration information could not be read from the domain controller, either
because the machine is unavailable, or access has been denied.
Typically, client computers and member servers log these events at startup, and
domain controllers log these events every five minutes.
Also, Windows 2000 Professional, Windows 2000 Server, and Windows 2000 Advanced
Server computers may log an event in the application log that is similar to the
following:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: COMPUTERNAME
Description:
Windows cannot access the registry information at
\\domainname.com\sysvol\domainname.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F
9}\Machine\registry.pol with (<Error code>).
Note: The specific error code in the Description field of the Userenv 1000 event
appears in the parentheses after the registry.pol file location. Some of the common
error codes are 5, 51, 53, 1231, 1240, and 1722.
When these errors occur, group policy settings fail to apply to the affected
computers, or group policy replication fails between the domain controllers on the
network. In some cases, you are not able to open group policy snap-ins such as the
Domain Controller Security Policy snap-in or the Domain Security Policy snap-in.
For example, the group policy snap-ins may fail to open with an error message that
is similar to one of the following:
Failed to open the Group Policy Object. You may not have the appropriate rights.
Details:
The account is not authorized to log in from this station.
-or-
You do not have permission to perform this operation.
Details:
Access is denied.
-or-
Failed to open the Group Policy Object. You may not have the appropriate rights.
Details:
The system cannot find the path specified.
*************************************
You also may receive errors when accessing file shares on domain controllers, even
if you are logged on to the server's console and trying to access a share that is
local. In particular, this may affect access to a domain controller's Sysvol share.
When you try to access the file shares, you may receive repeated password prompts,
or you may receive an error message that is similar to the following:
\\servername\sharename is not accessible. You might not have permission to use this
network resource. Contact the administrator of this server to find out if you have
access permissions.
The account is not authorized to log in from this station.
-or-
\\servername\sharename is not accessible.
The account is not authorized to log in from this station.
-or-
The network path was not found.
CAUSE
=========================
These errors may occur when computers on the network are not able to connect to the
group policy objects in the Sysvol folders on the domain controllers.
RELATED ISSUES
==============
If a DC is logging these Userenv errors, and you are not able to open the group
policy snap-ins on the DC, this often is because the server's SMB signing settings
for its Server and Workstation services contradict each other. For example, SMB
signing may be disabled for the Workstation service on a domain controller, but SMB
signing is required for the Server service on the same domain controller. For more
information about this issue, see the following KB article:
839499 You cannot open file shares or Group Policy snap-ins when you disable SMB
signing for the Workstation or Server service on a domain controller
http://support.microsoft.com/?id=839499
Additionally, the issue that is described in Window SE bug 79284 may cause a
Windows Server computer to log these Userenv events. In this case, the server may
stop responding after resuming from standby, and the "Applying Personal Settings"
message box may appear for up to an hour before the desktop appears. For additional
information about this issue, see the following KB article:
842804 Group Policy processing does not work and events 1030 and 1058 are logged in
the application log of a domain controller
http://support.microsoft.com/?id=842804
On an OEM copy of Windows Small Business Server 2003, the gpt.ini file path that
appears in the Userenv 1058 description may list a domain that starts with "OEM"
instead of the domain name that you selected during mini-setup. For example, the
gpt.ini path may be similar to
\\OEMSBSDN-9601.local\sysvol\OEMSBSDN-9601.local\Policies\{GUID}. If this is the
case, see SOX040119700097 for the cause and resolution to this issue.
On a Windows XP Professional computer, if the specific error message in the Userenv
1058 description is "Logon failure: unknown user name or bad password", this may
be the result of the computer using cached credentials. To troubleshoot this error,
open User Accounts in Control Panel, click the Advanced tab, click Manage
Passwords, and then remove all of the cached credentials by selecting the
credentials and clicking Remove.
RESOLUTION
==========
If none of the related issues that are described earlier apply, follow these steps
to troubleshoot the Userenv errors:
===============================================================================
Step 1: Check the DNS settings and network properties on the servers and client
computers
===============================================================================
In the local area connection properties, the Client for Microsoft Networks must be
enabled on all servers and client computers, and the File and Printer Sharing for
Microsoft Networks component must be enabled on all domain controllers. In
addition, every computer on the network must use DNS servers that can resolve SRV
records and host names for the Active Directory forest that the computer is a
member of. A common misconfiguration is for client computers to use the DNS servers
that belong to your ISP. Check these settings on all computers that are logging the
Userenv errors. Additionally, check these settings on all domain controllers,
whether they are logging Userenv errors or not.
To check DNS settings and network properties, follow these steps:
1. Click Start, point to Settings, and then click Control Panel.
2. On Windows XP, if Control Panel is in Category View, click Switch to Classic
View.
3. On Windows 2000, double-click Network and Dial-up Connections. On Windows Server
2003 and Windows XP, double-click Network Connections.
4. Right-click the icon for the local area connection, and then click Properties.
5. On the General tab of the connection properties, make sure that Client for
Microsoft Networks is checked in the list of components. On domain controllers,
also make sure that File and Printer Sharing for Microsoft Networks is checked. If
these components are not checked, click to check them.
NOTE: On multi-homed Remote Access and ISA servers, you can disable the File and
Printer Sharing component for the network adapter that is connected to the
Internet. However, the Client for Microsoft Networks component must be enabled for
all of the server's adapters.
6. Click to select Internet Protocol (TCP/IP), and then click Properties (do not
un-check the box for this component).
7. If the "Use the following DNS server addresses" option is selected, make sure
that the IP addresses for the preferred and alternate DNS servers are the IP
addresses of DNS servers that can resolve SRV records and host names in the AD. In
particular, the computer must *not* use the DNS servers that belong to your ISP. If
the DNS server addresses are not correct, enter the IP addresses of the correct DNS
servers.
8. Click Advanced.
9. Click the DNS tab.
10. Click to check the "Register this connection's addresses in DNS" option.
11. Click OK three times.
12. Run the command "ipconfig /flushdns".
13. Run the command "ipconfig /registerdns".
14. If you enabled one of the networking components on step 5, reboot the computer
for this change to take effect.
If client computers are configured to obtain their IP addresses automatically, make
sure that the DHCP server is assigning the IP addresses of DNS servers that can
resolve SRV records and host names in the AD. To find out what IP addresses a
computer is using for DNS, run the command "ipconfig /all". If computers that are
configured to obtain IP addresses automatically are not using the correct DNS
servers, see the documentation for your DHCP server for information about how to
configure the DNS servers option.
Also, make sure that each computer can resolve the IP address of the domain. To
test this, run the command "ping domainname.local" or the command "nslookup
domainname.local", where domainname.local is the name of the domain that the
computer is a member of. This host name should should resolve to the IP address of
one of the domain controllers on the network. If the computer cannot resolve this
name, or if the name resolves to the wrong IP address, make sure that the forward
lookup zone for the domain contains valid "(same as parent folder)" Host (A)
records. To do so, follow these steps:
1. On a DC in the domain that is running DNS, click Start, point to Programs or All
Programs, point to Administrative Tools, and then click DNS.
2. Expand the server object, expand the Forward Lookup Zones folder, and then click
the forward lookup zone for the domain.
3. Look for Host (A) records with the name "(same as parent folder)".
4. If a Host (A) record with this name does not exist, use these steps to create
one:
a. On the Action menu, click New Host.
b. In the "IP address" text box, type the IP address of the domain controller's
local network adapter.
c. Leave the Name box empty, click Create Associated PTR Record, and then click Add
Host.
d. When you receive the "(same as parent folder) is not a valid host name. Are you
sure you want to add this record?" message, click Yes.
5. If one or more "(same as parent folder)" Host (A) records contains an invalid IP
address, double-click the invalid record to change the IP address, or delete the
invalid record. To delete a record, right-click the record, and then click Delete.
If the DNS server is a domain controller that is also a Routing and Remote Access
server, see the following KB article:
- Prev by Date: Re: Ejecting a tape?
- Next by Date: Re: Acces companyweb from Internet
- Previous by thread: Re: GP to force Daily Restart
- Next by thread: Partition size
- Index(es):
Relevant Pages
|
