RE: Userenv Error
- From: v-mzhuan@xxxxxxxxxxxxxxxxxxxx (Manfred Zhuang [MSFT])
- Date: Tue, 19 Feb 2008 06:12:28 GMT
Hello James,
Thank you for posting here.
From your post, I understand that many entries of error 1058 are found inevent log.
Since the issue can be caused by several factors, the troubleshooting can
be time-consuming. Your patience and cooperation will be appreciated.
Firstly I would like to confirm if SBS 2003 Service Pack 1 has been
installed on the server. If not, I suggest you install it first.
Microsoft Windows Small Business Server 2003 Service Pack 1 (SP1)
http://www.microsoft.com/downloads/details.aspx?FamilyID=b6f8a4c0-b707-4161-
adeb-44f1b756119f&DisplayLang=en
If SBS 2003 SP1 has already been installed on the server, let's move on:
Please check both the Share Permissions of the Group folder, and the NTFS
permissions of the group, to ensure the users have the right permissions.
Technical speaking these are two different permissions:
- NTFS Permissions (on the Security tab).
- Share Permissions (on the Sharing tab).
NTFS Permissions will always be checked when a user attempts to access the
folder, no matter locally or remotely.
Share Permissions are only checked when a user attempts to access the
shares remotely.
Therefore, to ensure a certain share folder can be accessed by a certain
user via the network, we need to consider both the NTFS Permissions and
Share Permissions. In other words, the user must have necessary permissions
on both the NTFS and the Share levels. Otherwise, they will be unable to
read/create/delete the folders.
If the permission settings are correct, let's try following steps. if the
steps do not meet your concern, please gather corresponding information for
further analysis:
Step 1: Please locate the GUID in the event 1058 via ADSI EDIT and correct
the domain name of gPCFileSysPath
=====================================================================
The detailed steps are described in the following KB, see if it has been
changed correctly:
Event 1030 and event 1058 may be logged, and you may not be able to start
the Group Policy snap-in on your Windows Small Business Server 2003 computer
http://support.microsoft.com/default.aspx?scid=kb;en-us;888943
Note: Please run "gpupdate" after saving and exiting the Adsiedit.
Step 2: let's check the permission of the group policy {GUID} in 1058
EVENT on SBS Server.
==========================================================
1. Open SBS Server's Explorer.
2. Go to C:\Windows\Sysvol\sysvol\domain.local\policies\
3. Right click {31B2F340-016D-11D2-945F-00C04FB984F9} folder and click
Properties.
4. Click Security tab.
5. Check the permissions:
CREATOR OWNER - Full Control - Subfolders and files only.
Domain Admins - Full Control - This folder, subfolders and files.
Enterprise Admins - Full Control - This folder, subfolders and files.
ENTERPRISE DOMAIN CONTROLLERS - Read & Execute - This folder, subfolders
and files.
NETWORK SERVICE - Read & Execute - This folder, subfolders and files.
EVERYONE - Read & Execute - This folder, subfolders and files.
SYSTEM - Full Control - This folder, subfolders and files.
Note that I suggest you to temporary add the everyone Read & Execute
permission, this will ensure that all users are able to read this and it
will not cause error 5 (access denied). In addition, the permissions are
not inherited from parent folders. If you have other permissions configured
here, please don't remove them.
After that let's check AD permission:
1. Run dsa.msc on your SBS Server.
2. Click View and click Advanced Features.
3. Go to Domain.local/System/Policies/{GUID}.
4. Right click {GUID} and click Properties.
5. Click Security tab.
6. Check the permissions:
Domain Admins: All except - Full Control, All Extended Rights, Apply Group
Policy.
CREATOR OWNER: All except - Full Control, All Extended Rights, Apply Group
Policy.
SYSTEM: All except - Full Control, All Extended Rights, Apply Group Policy.
Authenticated Users: List Contents, Read All Properties, Read Permissions,
Apply Group Policy
ENTERPRISE DOMAIN CONTROLLERS: List Contents, Read All Properties, Read
Permissions
Enterprise Admins: All except - Full Control, All Extended Rights, Apply
Group Policy.
[Note] The permissions are not inherited from parent folder.
If this issue persists, let's move on to the next steps
Step 3: This issue can happen when "File and Printer Sharing for Microsoft
Networks" is not enabled on SBS internal NIC. To correct this:
============================================================================
==========
1. Open Network Connections.
2. Double click "Server Local Area Connection".
3. Click Properties.
4. Make sure that "File and Printer Sharing for Microsoft Networks" box is
checked.
5. Check whether you're able to access the shared folder now.
Step 4: Checking the binding order of the NICs:
=================================
1. Click Start, click Run, type ncpa.cpl , and then click OK.
2. On the Advanced menu, click Advanced Settings, and then click the
Adapters and Bindings tab.
3. Please ensure the Server Local Area Connection is at the top.
Step 5: Refer to following article to check the settings
==================================
Applying Group Policy causes Userenv errors and events to occur on your
computers that are running Windows Server 2003, Windows XP, or Windows 2000
http://support.microsoft.com/kb/887303
Step 6: Force Kerberos to use TCP:
=====================
Please refer to following KB article to force Kerberos to use TCP:
How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in
Windows XP, and in Windows 2000
http://support.microsoft.com/kb/244474
I hope the above information is helpful to you. If the problem still
occurs, please help me gather following information:
1. Before the issue occurred, was there any changes made on the server or
in the network?
2. If you log on the server as an domain administrator, does the issue
occur?
3. Registry keys:
a. Click Start -> Run, type regedit and click OK.
b. Locate the following keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\param
eters
c. Right click these keys and select Export, save the registry key.
d. Rename the exported file from .reg to .old, email me the files.
4. Please download the MPS Report tool from the following link, reproduce
the issue, then run it on both the problematic client workstation and the
SBS server, then send the generated CAB file to my mailbox
v-mzhuan@xxxxxxxxxxxxx for further investigation so that we can find what
the root cause is:
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE
For your information:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CEBF3C7C-7CA5-408F-
88B7-F9C79B7306C0&displaylang=en
Please try the above steps at your earliest convenience. If you have any
concern, please feel free to let me know.
Best regards,
Manfred Zhuang(MSFT)
Microsoft Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Userenv Error
| thread-index: AchwLwPLXOsG6FrjSSCoPScS6ZvfvA==
| X-WBNR-Posting-Host: 207.46.193.207
| From: =?Utf-8?B?SmFtZXM=?= <James@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Userenv Error
| Date: Fri, 15 Feb 2008 16:01:00 -0800
| Lines: 30
| Message-ID: <0091799E-E78B-4F1F-8021-665AE7D76001@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:92688
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I keep getting the following error over and again in the event log:
|
| Event Type: Error
| Event Source: Userenv
| Event Category: None
| Event ID: 1058
| Date: 2/15/2008
| Time: 3:40:54 PM
| User: NT AUTHORITY\SYSTEM
| Computer: VILDENCRMSERVER
| Description:
| Windows cannot access the file gpt.ini for GPO
|
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=vilden-sa
les,DC=com.
| The file must be present at the location
|
<\\vilden-sales.com\sysvol\vilden-sales.com\Policies\{31B2F340-016D-11D2-945
F-00C04FB984F9}\gpt.ini>.
| (Windows cannot find the network path. Verify that the network path is
| correct and the destination computer is not busy or turned off. If
Windows
| still cannot find the network path, contact your network administrator.
).
| Group Policy processing aborted.
|
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.
|
| No clients connect to this server and we havent done anything with GPO's.
My
| goal is to get the error to stop filling up the event logs.
|
| Thanks,
| James
|
|
|
.
- Prev by Date: RE: OWA not working
- Next by Date: Re: Event 1011- multiple domain controllers detected
- Previous by thread: Re: Userenv Error
- Next by thread: How to read any post from 15995 posts via Wmail client
- Index(es):
Relevant Pages
|
