Group Policy Management installation software properties bug found

Similar Messages

• WMI Filters Folder NOT Found in Group Policy Management Console.

  We have a Small Business Server 2011 Standard Edition install that is Hosting a Domain that was migrated to it from Windows Server 2003 Standard Edition. All seems to be working. We have a few problems that we are trying to work on one at a time when this
  issue was brought to light.
  We were trying to push the installation of a client software via group policy and in the process to have it pushed by the server, we had to configure several wmi filters in the group policy management in the SBS 2011.  We opened the console and found
  that the WMI Filters Folder is nowhere to be found.
  We would like to find out what can be the cause and resolution of this problem.  I would like to find out how to get the WMI Filters folder back in the Management Console and be able to create the filters that will help us deploy the client software
  we need to provide to our users using the group policies.
  Has anyone experienced this problem.  Can we just go into the group policy management console and create the object and then import the default filters into that object we created.  The filters were exported from another sbs 2011 standard edition
  install that has the wmi filters folder in the GPMC.
  Need help on this situation.  Have very little experience in troubleshooting GPO's and GPMC's issues.
  Thank you
  JFM

  Hi,
  >>I need to find out if there is a way to get the WMI Filters Object Folder back or find a way to recreate it.
  Based on the description, we can use LDP.exe to check if the following object is missing in Active Directory:
  CN=Windows2003Update, CN=DomainUpdates, CN=System, DC=domain, DC=com
  Regarding how to use LDP.exe to view AD object, the following article can be referred to as reference.
  How to Use Ldp.exe to View Entire Directory Tree and Locate the Microsoft Exchange Container
  http://support.microsoft.com/kb/252335
  If the object is missing, we can follow the solutions described in the following article to check if the object was deleted and we need to restore it if this is true.
  Step 2: Restore a Deleted Active Directory Object
  https://technet.microsoft.com/en-us/library/dd379509(v=ws.10).aspx
  If the object is there, we can check if proper access permissions have been configured for it.
  If the object is missing but not deleted, this may be related to the migration process. If this is true, we can ask for suggestions in the following SBS forum.
  Small Business Server
  https://social.technet.microsoft.com/Forums/en-US/home?forum=smallbusinessserver
  In addition, regarding migrating Active Directory to SBS 2011 Standard, the following articles can be referred to for more information.
  Prepare your Source Server for Windows SBS 2011 Standard migration
  https://technet.microsoft.com/en-us/library/gg615494.aspx
  SBS 2011 Standard Migrations – Keys to Success
  http://blogs.technet.com/b/sbs/archive/2011/07/01/sbs-2011-standard-migrations-keys-to-success.aspx
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Group Policy Managed Software Windows 8.1

  Hi
  Is software installation/assigned applications in group policy supported in Windows 8.1 as they don't seem to work correctly.  We either have them hanging at startup or they reinstall each time even though its already installed it.
  I can't find anything searching online regarding Windows 8.1 and deploying software this way with group policy.

  > Is software installation/assigned applications in group policy supported
  > in Windows 8.1 as they don't seem to work correctly.  We either have
  > them hanging at startup or they reinstall each time even though its
  > already installed it.
  Does it work correctly with older OS versions? Maybe it's not an issue
  of Win 8.1, but of the MSI itself?
  Unfortunately, GPO MSI deployment debug logging is broken in Windows 8
  and above, so you'll have a hard time digging that down...
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Group Policy Management | No such interface supported

  Running Windows Server 2008 R2 as a Domain Controller and when I open Group Policy Management, click on a GPO, then click on the Settings tab, it pops up an error message that says "No such interface supported".  I've found several articles
  that talk about registering .dll files and I've done that and nothing.  I've uninstalled GPMC and reinstalled and that didn't fix anything.  Can anyone help resolve this?

  Hi Jason,
  Before going further, do we have other domain controllers? If yes, does GPMC work correctly on these domain controller? GPMC reports the error "No Such interface supported" normally is due to a missing or corrupted Windows component.
  Besides, do we update the server to the latest? If not, we can update the server to the latest and then reinstall the GPMC to see if the issue persists.
  TechNet Subscriber Support
  If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
  Best regards
  Frank Shen

• Renamed Domain - Clients Still "joined" to old domain, can't open Group Policy Management on Server

  Performed a Domain Rename as per the following instructions:
  http://www.bauer-power.net/2011/05/renaming-windows-domain-with-rendom.html#.U4OZRPmSyTM
  and then after these issues I have gone through the related technet articles starting here:
  http://technet.microsoft.com/en-us/library/cc794793(v=ws.10).aspx
  specifically the Fix Group Policy Objects and Links.
  But still I have the following issues:
  At least for group policy clients believe they are on the old domain - despite even having renamed the computers with the new domain name.
  When I perform a gpresult the output file shows as being connected to the old Domain - despite manually going into computer properties and renaming the computer with the new domain name...
  CN=Allister Wade,OU=Users,OU=Home,DC=NEWDOMAIN,DC=local
  Last time Group Policy was applied: 27/05/2014 at 5:36:31 AM
  Group Policy was applied from:      finch.newdomain.local
  Group Policy slow link threshold:   500 kbps
  Domain Name:                        OLDDOMAIN
  Domain Type:                        WindowsNT 4
  On the server I cannot open Group Policy Management on the single Domain Controller as it is looking for a DC on the old Domain:
  Even though it has listed the new domain in the root of the management console when I attempt to expand it out I am prompted:
  "The specified domain controller could not be contacted. This affects the following domain in the console.
  Domain: olddomain.local
  The error was:
  The specified domain either does not exist or could not be contacted."
  I can select to remove the domain from the console but this does nothing - as said it already shows the new domain in the console.
  Far as I am aware the clients should not even of needing renaming or changing the domain, but were having authentication issues before I did this. Not sure what I have done wrong here..?

  Client's NSLookup shows "UnKnown" as DNS Server so thought to check DNS out.
  This is result of dcdiag /test:DNS.
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = finch
     * Identified AD Forest. 
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\FINCH
        Starting test: Connectivity
           ......................... FINCH passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\FINCH
        Starting test: DNS
           DNS Tests are running and not hung. Please wait a few minutes...
           ......................... FINCH passed test DNS
     Running partition tests on : ForestDnsZones
     Running partition tests on : DomainDnsZones
     Running partition tests on : Schema
     Running partition tests on : Configuration
     Running partition tests on : NEWDOMAIN
     Running enterprise tests on : NEWDOMAIN.local
        Starting test: DNS
           Test results for domain controllers:
              DC: finch.NEWDOMAIN.local
              Domain: NEWDOMAIN.local
                 TEST: Delegations (Del)
                    Error: DNS server: finch.olddomain.local. IP:<Unavailable>
                    [Missing glue A record]
           Summary of test results for DNS servers used by the above domain
           controllers:
              DNS server: 203.12.160.35 (<name unavailable>)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 203.12.160.35               
           Summary of DNS test results:
                                              Auth Basc Forw Del  Dyn  RReg Ext
              Domain: NEWDOMAIN.local
                 finch                        PASS PASS PASS FAIL PASS PASS n/a  
           ......................... NEWDOMAIN.local failed test DNS

• No longer see "Internet Explorer Maintenance" in Group Policy Management Console

  I am trying to configure Internet Explorer favorites on a GPO that I have already constructed.  I had already successfully created the GPO many months ago and wanted to go back and check on some things.
  However in the GPMC when I navigate to User Configuration-->Policies-->Windows Settings, I no longer see "Internet Explorer Maintenance" listed.  This is where I had previously configured Internet Explorer favorites.
  I uninstalled and reinstalled GPM using these instructions
  http://www.addictivetips.com/windows-tips/how-to-install-the-group-policy-management-in-windows-7/ but this did not help.
  Previously I had two Windows XP computers in the OU that this GPO was applied to.  I had no problems at all configuring it and getting the rules and favorites to apply to these two computers.  I just recently upgraded one of the computers to Windows
  7 and used the same machine name for the computer.  The computer gets some of the rules applied to it but not all.  In particular the IE favorites are not being applied which led me to check the policy in the GPMC.  However, as stated before
  I cannot even see "Internet Explorer Maintenance" which has me confused on what to do next.  Please help.

  Am 29.03.2013 14:15, schrieb FuFighter:
  > <?xml version="1.0" encoding="utf-8"?>
  > <Shortcut clsid="{4F2F7C55-2790-433e-8127-0739D1CFA327}"
  > userContext="1" name="Google" status="Google" image="0"
  > changed="2013-03-29 13:00:44"
  > uid="{648046B5-4019-4F32-8F0E-E691EA54E125}"><Properties pidl=""
  > targetType="URL" action="C" comment="" shortcutKey="0" startIn=""
  > arguments="" iconIndex="0" targetPath="http://www.google.com"
  > iconPath="" window=""
  > shortcutPath="%CommonFavoritesDir%\Google"/></Shortcut>
  I'm too tired at the moment to check all you already did, so just let me
  ask some further questions on that item:
  This is a user or a computer item? If it is a user item and "run in
  logged on users context" is checked, I believe it will fail, because a
  non administrator cannot add all users favorites.
  I'm unaware whether all users favorites works at all - never used it...
  For further clarification, I'd enable GPP debug logging:
  http://blogs.technet.com/b/askds/archive/2008/07/18/enabling-group-policy-preferences-debug-logging-using-the-rsat.aspx
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!

• Windows 7 Policy missing from Group Policy Management

  Hey all,
  I have 2 SBS 2008 clients that have Windows 7 Policy missing from Group Policy Management. I noticed that they have XP, Vista, and 8, but not 7.
  I came across this when I started to deploy some new support software. I deployed my package, the XP, Vista, and 8 policies as well as the "Windows SBS Client Policy" and workstation, but  Win 7 workstations do not get the software package
  and this is at both sites.
  I personally have SBS008 have tested this and same issue, XP, Vista, 8, 8.1, even my 10 get the software, but my Windows 7 does not.
  Do you have any ideas? I have attached a screenshot so you can see what I am talking about.

  Hi,
  Similar query answered :
  https://social.technet.microsoft.com/Forums/en-US/d6a6e3fa-fb15-4bcc-a5ca-449f69eeee5d/sbs-2008-missing-client-policy-for-windows-7?forum=smallbusinessserver
  https://www.microsoft.com/en-us/download/details.aspx?id=25250
  I hope that will help.
  Binu Kumar - MCP, MCITP, MCTS , MBA - IT , Director Aarbin Technology Pvt Ltd - Please remember to mark the replies as answers if they help and unmark them if they provide no help.

• Unable to see Remote App and Desktop Connection in Group Policy Management Editor

  I am unable to see the Remote App and Desktop Connection in Group Policy Management Editor on my 2012 R2 DC. I am therefore not able configure the connection URL in Access RemoteApp and desktops in our Windows 8.1 client environment.
  Within the Group Policy Under User Configuration, Administrative Templates, Windows Components all I see is:-
  RD Gateway
  Remote Desktop Connection Client
  Remote Desktop Session Host
  But NOT
  Remote App and Desktop Connection
  Which I need. Is there anyway of adding this?

  > I am unable to see the Remote App and Desktop Connection in Group Policy
  > Management Editor on my 2012 R2 DC. I am therefore not able configure
  > the connection URL in Access RemoteApp and desktops in our Windows 8.1
  > client environment.
  http://gpsearch.azurewebsites.net/#8113
  Do you use a central store for ADMX? Is this central store out of date?
  (Means "still contains ADMX from W7/2008R2")
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Server 2012 R2 Group policy management with older Domain servers

  Hi Guys,
  I need your expert assistance with a issue I'm facing.
  We have a client that has 3 domain controllers. The Primary DC is running Server 2003 R2, another one is running Server 2008, and the last DC is running Server 2008 R2. The forest functional level is Server 2000 & the domain functional level is Server
  2003.
  Currently Group policy is processing using a central store across the 3 domain controllers.
  We have installed a new Server 2012 R2 Terminal server and need to apply group policies to the Server to lock it down.
  We have a separate Server 2012 R2 server (say SERVER1) that is also joined to the domain that I have added the group policy management feature to so it can remotely manage group policy.
  It seems to be pulling the all the group policy details from the central store so I can't see any of the server 2012 related settings on
  SERVER1.
  Are we going about this the correct way? how would we best manage the Server 2012 policies? I was thinking either somehow making the specific TS group policy only load in a local policy or templates somehow..

  If you are using a central policy store, this is the expected (intended) behaviour.
  You willl need to update the central store with the latest versions of the adm(x/l) files.
  http://www.microsoft.com/en-us/download/details.aspx?id=36991
  or grab them from a 2012(r2) instalaltion c:\Windows\PolicyDefinitions
  MCP/MCSA/MCTS/MCITP

• What is the differents between Policies and Preferences in Group policy Management Editor

  What is the differents between Policies and Preferences in Group policy Management Editor?

  Policies: If you delete a policy in GPO it deletes its registry files form the clients. Policies don't tattoo the registry. Policies Settings are permanent as long policy is in effect i.e. Desktop Backgrond. Policies are applied at Computer
  Startup, User logon and Manual and automatic refresh. Takes Precedence over Preferences.
  Preferences: Even if you delete a policy form Preferences tab the registry files will still available on the systems. Preferences tattooed the registry if you want to remove the registry entries you have to do it manually. Preferences exampl
  is i.e. mapped drive. Settings applied with preferences are not grayed out. Not available in Local GPO.
  Usefull for
  Desktop Icons/Shortcuts
  Url
  Drive Map
  File Copy, Update, delete
  Thanks

• Group Policy Management Console Failes to open when one Domain Controller is powered down

  Hi All,
  This was an accidental discovery, but here's my dilemma. I have a site with 2 domain controllers(Windows 2008 R2), and if I shut down my second domain controller, when I try to open the Group Policy Management  Console on the 1st domain controller,
  it fails to open and I get the following error, "The specified domain either does not exist or could not be contacted" with 3 options to "retry", "choose another domain controller", or remove.   If I go to chose another domain
  controller and select the 1st domain controller it still fails.  Unless the 2nd DC is turned on, I have no issues opening the GP management console. Not sure, why this is happening, I've done it in the pass without issue.
  Any help would be appreciated.
  Thanks

  Well it seems that some how the PDC emulator is set to be the 2nd DC instead of the 1st DC on the 1st DC which explains why the failure after the 2nd DC went down. Why or should I say how could the PDC get switched from the primary DC without human intervention.
  Does the PDC automatically switch for any reason?

• Win 2K8 R2 - Group Policy Management - Failed to Open Group Policy Object. You may not have appropriate rights. The network path was not found.

  New to Windows Server 2008 R2 Administration.
  I setup this Windows 2008 R2 Server on a Dell 2950 Poweredge server and have been migrating users off of an old NT style domain running on Samba 3.6 on CentOS.
  I have the domain setup (nicholas.sacredheartsaratoga.org), added users, and have moved users / computers over to the new domain and working.
  When attempting to setup Group Policy Objects, I continually get the "Failed to Open Group Policy Object" Error.  This is driving me nuts and seems to be a 49 error.. which I have done a ton of research on but none of the suggested fixes seem
  to be working.
  I've been working at this for a couple of weeks and really need this fixed to be able to set GPO's correctly.
  Here is my IPCONFIG /ALL
  C:\Users\Administrator.NICHOLAS.000>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : NICHOLAS
     Primary Dns Suffix  . . . . . . . : sacredheartsaratoga.org
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : nicholas.sacredheartsaratoga.org
  Ethernet adapter Local Area Connection 2:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
   VBD Client) #2
     Physical Address. . . . . . . . . : 00-1D-09-27-F1-63
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::542:43f2:2aaf:d903%13(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.10.20.21(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.10.20.3
     DHCPv6 IAID . . . . . . . . . . . : 301997321
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-7D-DC-B6-00-1D-09-27-F1-61
     DNS Servers . . . . . . . . . . . : 10.10.20.21
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{41653A38-9372-4740-BB03-41950A9C9BC0}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Local Area Connection* 9:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes

  Will post the entire contents of my gpreport as soon as my account is verified... but this is the jist of the error being reported:
  Component Status<v:group alt="Error" class="vmlimage" coordsize="100,100" style="width:15px;height:15px;vertical-align:middle;"><v:oval class="vmlimage" fillcolor="red" strokecolor="red" style="width:100px;height:100px;"></v:oval><v:line
  class="vmlimage" from="25,25" strokecolor="white" strokeweight="3px" style="" to="75,75"></v:line><v:line class="vmlimage" from="75,25" strokecolor="white" strokeweight="3px" style="" to="25,75"></v:line></v:group>
  Component Name
  Status
  Last Process Time
  Group Policy Infrastructure
  Failed
  2/17/2014 2:50:06 PM
  Group Policy Infrastructure failed due to the error listed below.
  Logon failure: unknown user name or bad password. 
  Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
  Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 2/17/2014 2:50:05 PM and 2/17/2014 2:50:06 PM.
  Registry
  (N/A)
  1/4/2014 1:45:29 PM
  Security
  (N/A)
  1/4/2014 1:45:35 PM
  User Configuration Summary

• Group Policy - Issues deploying software packages through GPO

  Hello everyone,
  I am having issues successfully deploying MSI packages through group policy.  I have set my computer account up in its own test OU in my domain, but yet the software will not deploy.  Example, I'm trying to deploy AVG Anti-Virus and make sure it
  is installed on each and every PC in my domain.  As for the GPO, I set it up as an assigned package and pointed to the location of the package with the UNC file path (visible to both the DC and my computer that is part of the affected OU)
  On the domain controller, I get these messages in application event logs:
  Beginning a Windows Installer transaction: \\hs-dc2\software\avg\installavg.msi. Client Process Id: 9048.
  Ending a Windows Installer transaction: \\hs-dc2\software\avg\installavg.msi. Client Process Id: 9048.
  This shows up when I refresh GP on my computer.  I run gpresult /h GPReport.html and get the following message:
  Software Installation failed due to the error listed below.
  Fatal error during installation.
  Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between
  The software is in a share on the domain controller that is visible from my computer, and permissions are set where "Everyone" has read access.  I have tested the package on my computer and it installs
  correctly if I do it manually, so it's a good package. 
  I'm at a loss.  I am admitedly very new to GP management, but I'm pretty sure I have covered all my bases here.  I humbly ask for any and all help that you all can provide.
  Thank you all very much, have a great weekend!

  > Magnolia_Schools.exe
  What's that???
  > \\hs-dc2\software\avg\installavg.msi
  > <file://\\hs-dc2\software\avg\installavg.msi> /qb addeploy=1
  /qb ADDEPLOY=1
  Uppercase matters (:
  A bissle "Experience", a bissle GMV... Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
  I should have explained, my apologies.  The InstallAVG.msi is the package I have GP deploying.  it is a package that AVG wrote for us that goes in, uninstalls the two previous antivirus softwares we have on our network if it is present, and
  then wraps it to run magnolia_schools.exe which installs the AV software.  I am uninstalling AVG now and will try reinstalling with
  \\hs-dc2\software\avg\installavg.msi /qb ADDEPLOY=1 and report back.
  also, the only logs I found that were around the time of the install attempt were such as these:
  1: 2905 2: C:\windows\system32\appmgmt\MACHINE\{06ee0d46-cd5f-4216-a09f-2aeb573aa5ba}.aas
  1: 2905 2: C:\windows\system32\appmgmt\MACHINE\{06ee0d46-cd5f-4216-a09f-2aeb573aa5ba}.aas
  Does that tell you anything?
  I will say this, if this means anything...now that AVG is installed, the event logs are changing from an error %%1603 to this:
  Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274
  The removal of the assignment of application exe2msiSetupPackage from policy Install AVG failed. The error was : %%2
  So it acts like it's at least seeing that the package is installed...and reacting differently, correct?
  Thanks so much

• Advanced Group Policy Management - On privileges and roles

  Hello!
  We are rolling out AGPM 4.0 SP2.  Seems to work well enough.
  We currently have more than one set of standard permissions.  For example, our Citrix team controls GPOs for Citrix, our Desktop team controls GPOs for desktops, etc.
  Is there no way to delineate this in AGPM?
  My first thought was that I could use PowerShell to rapidly set, and regularly audit and auto-correct these privileges.  True to Group Policy form, there is limited PowerShell support - in this case, none at all.
  My second thought was that templates might include AGPM roles.  So I could say 'Group X has privileges to Template A,' 'Group Y and Z have privileges to Template B,' and so forth.  When I create a template, it would include those permissions.
   Nope.
  I'm all for opening up access, but this might be a tough sell.  Am I the only one who has disparate security boundaries around group policies?  Am I overlooking a solution to this?
  Thanks!
  RCM

  Have you thought about multiple AGPM Servers, one for each group? Each AGPM store could utilize separate standard permissions and control the subset of policies which are within the scope of the
  group. You can even
  use Group Policy itself to manage a multiple AGPM Server environment.
  Brandon
  MDOP on the Springboard Series on TechNet

• Policy Domain Root error during Policy Manager installation

  I am installing Policy manager for the first time and I am getting error at Policy domain root level.
  If I specify Policy Domain Root as / it gives me this error
  Unable to modify the entry with DN obapp=PSC,ou=Oblix,dc=SUPPLIER,DC=GLOBAL in the directory server - Object class violation in ModifyDBEntry_ADSI()
  The DN obapp=PSC,ou=Oblix,dc=SUPPLIER,DC=GLOBAL exists in the directory.
  My directory is Windows 2003 standard edition SP1 active directory. I am using Oracle access manager 10.1.4
  user and policy directory is the same directory supplier.global.
  Forest and domain functional level is Windows 2003
  My person object class is: user
  i have already installed webpass and identity server on same machine.
  I have removed and tried to reinstall the policy manager on the same machine and the same error.
  My identity server admin console is showing three directories:
  AccessManager_setup_user_profile
  AccessServer_default_user_profile
  default-IdentityServer_1_6022
  all of the directories have these settings dynamic auxiliary is yes and directory type is microsoft active directory (using adsi) without ldap for authentication checked.
  I am getting these errors in my access logs looks like the path is wrong and the files are missing but not sure from which part of setup its taking this.
  2007/02/06@19:22:35.265000     3040     1848     INIT     ERROR     0x000003B6     base\oblistrwutil.cpp:145     "Could not read file"     filename^C:\Program Files\NetPoint\WebComponent\access/oblix/lang/en-us/comm_servermsg.xml     
  2007/02/06@19:22:35.375000     3040     1848     INIT     ERROR     0x000003B6     base\oblistrwutil.cpp:145     "Could not read file"     filename^C:\Program Files\NetPoint\WebComponent\access/oblix/lang/en-us/sysmgmtmsg.xml     
  2007/02/06@19:22:36.015000     3040     1848     INIT     ERROR     0x000003B6     base\oblistrwutil.cpp:145     "Could not read file"     filename^C:\Program Files\NetPoint\WebComponent\access/oblix/lang/en-us/policysetupldifs_msg.xml     
  2007/02/06@19:22:37.843000     3040     1848     DB_RUNTIME     WARNING     0x00000007     \Oblix\coreid\np_common\db\ldap\util\ldap_util.cpp:1131     "Requested modify or add operation resulted in schema violation"     function^ModifyDBEntry()     dn^obapp=PSC,ou=Oblix,dc=SUPPLIER,DC=GLOBAL     
  2007/02/06@19:22:37.843000     3040     1848     DB_RUNTIME     WARNING     0x00000504     \Oblix\coreid\np_common\db\ldap\util\ldap_util.cpp:1217     "Exception during DB runtime code"     function^ModifyDBEntry()     dn^obapp=PSC,ou=Oblix,dc=SUPPLIER,DC=GLOBAL     
  2007/02/06@19:22:37.843000     3040     1848     DB_RUNTIME     WARNING     0x00000504     \Oblix\coreid\np_common\db\ldap\util\ldap_util3.cpp:837     "Exception during DB runtime code"     function^ModifyDBEntryWithDupCheck
  Thanks for helping me out.
  Message was edited by:
  user557359

  Hi,
  Go to Policy domain root for Activer directory
  Steps on how to resolve this are outlined there.
  Rgds,
  Boland