Group Policy failing intermittently on one of my servers
Have you checked the event logs to see if a specific thing is triggering it?
CMOS battery been changed (if the date/time is being reset this can be the cause)?
Or GPResult to check that what should be applied is being applied?
I have a server-2008 R2 box where Group Policy fails intermittently. The result is the server looses it's domain trust connection, exact error message is: Remote Desktop cannot verify the ID of the remote computer because there is a time or date difference....
I can reboot the server and it's fixed, but a month later it will have the same issue.
What can I look for to troubleshoot resolve, and what can I monitor to fix this? GP service? If the service is running & the interface, port, or bad cable, I will not be alerted. Can I configure some type of alert that tells me when GP replication with the domain controller has succeeded/failed?
This topic first appeared in the Spiceworks Community
Similar Messages
-
The processing of Group Policy failed. Windows attempted to read the file...
Hello all-
I am currently trying to configure group policy (specifically folder redirects) from a new Windows Server 2008 in my home... the server acts as both an AD DS and file server for 4 client computers, all running Windows Vista Ultimate.
Here are the steps I am currently taking:
I create a new Group Policy called All Users and Computers and apply it to the All Users and Computers OU, which contains exactly what it says (all users and computers in the domain).
I verify that a new folder was created in \\<FQDN>\sysvol\<FQDN>\Policies. The new folder created is named {6479C8E0-3134-4B4F-B047-7ADD51684684}
I change the GPO Enforced setting to Enforced.
I attempt to use the gpupdate command to see if the group policy can be updated successfully. In a command prompt, I type gpupdate <enter>. I receive the message 'Updating Policy...' then after about 15 seconds the message 'User Policy update has completed successfully.'
I keep the cmd window open. After about 10 seconds another message apperas which says "Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \\<FQDN>\sysvol\<FQDN>\Policies\{6AC1786C-016F-11D2-945F-00C04Fb984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results."
I confirm that the error code is #3 using the Event Log, "The system cannot find the file specificed"
Of course the system cannot find the file specified because the folder does not exist in the sysvol folder. I am wondering why Windows is trying to read from this location when it does not exist, and is not the new group policy I created! I have no other group policies linked or enforced to any other OU/Domain/etc. Any help resolving this issue would be greatly appreciated.Hello all and thanks for the help. First a few things:
I understand that the DC should not be running RRAS, but this a simple server being used in aa home environment by 4 users and getting another server just for RRAS would be overkill.
Secondly, I currently have it so that while the router is handling DHCP, I have reserved a fixed IP for the server, so it always has 192.168.1.100. If I were to use the server as the DHCP, what would my hardware configuration have to look like? I currently have the router plugged into the ISP modem, and then server plugged into the router. All other clients connect to the router wirelessly.
Here's the dcdiag output. I tried dcdiag /fix but to no avail.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine KELLERDCFS, is a Directory Server.
Home Server = KELLERDCFS
* Connecting to directory service on server KELLERDCFS.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\KELLERDCFS
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... KELLERDCFS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\KELLERDCFS
Starting test: Advertising
The DC KELLERDCFS is advertising itself as a DC and having a DS.
The DC KELLERDCFS is advertising as an LDAP server
The DC KELLERDCFS is advertising as having a writeable directory
The DC KELLERDCFS is advertising as a Key Distribution Center
The DC KELLERDCFS is advertising as a time server
The DS KELLERDCFS is advertising as a GC.
......................... KELLERDCFS passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the event log File Replication Service does not exist.
......................... KELLERDCFS passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... KELLERDCFS passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... KELLERDCFS passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... KELLERDCFS passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Domain Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role PDC Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Rid Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Infrastructure Update Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
......................... KELLERDCFS passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC KELLERDCFS on DC KELLERDCFS.
* SPN found :LDAP/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :LDAP/KELLERDCFS.keller-pa.net
* SPN found :LDAP/KELLERDCFS
* SPN found :LDAP/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :LDAP/42268b36-801f-4a6d-b162-34f3b01e04bb._msdcs.keller-pa.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/42268b36-801f-4a6d-b162-34f3b01e04bb/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net
* SPN found :HOST/KELLERDCFS
* SPN found :HOST/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :GC/KELLERDCFS.keller-pa.net/keller-pa.net
......................... KELLERDCFS passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC KELLERDCFS.
* Security Permissions Check for
DC=ForestDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=keller-pa,DC=net
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=keller-pa,DC=net
(Configuration,Version 3)
* Security Permissions Check for
DC=keller-pa,DC=net
(Domain,Version 3)
......................... KELLERDCFS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\KELLERDCFS\netlogon
Verified share \\KELLERDCFS\sysvol
......................... KELLERDCFS passed test NetLogons
Starting test: ObjectsReplicated
KELLERDCFS is in domain DC=keller-pa,DC=net
Checking for CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net in domain DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net in domain CN=Configuration,DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
......................... KELLERDCFS passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... KELLERDCFS passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* KELLERDCFS.keller-pa.net is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1111
......................... KELLERDCFS passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... KELLERDCFS passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 17:53:59
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 17:59:02
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:04:04
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:09:06
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:14:08
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:19:10
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:24:12
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:29:15
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:34:17
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:39:19
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:49:23
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
......................... KELLERDCFS failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net and backlink
on
CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
are correct.
The system object reference (serverReferenceBL)
CN=KELLERDCFS,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=keller-pa,DC=net
and backlink on
CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
are correct.
......................... KELLERDCFS passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : keller-pa
Starting test: CheckSDRefDom
......................... keller-pa passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... keller-pa passed test CrossRefValidation
Running enterprise tests on : keller-pa.net
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
PDC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
Time Server Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
KDC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
......................... keller-pa.net passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... keller-pa.net passed test Intersite
Here's the nslookup from Vista client:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Andrew>nslookup KELLERDCFS
Server: UnKnown
Address: 192.168.1.100
Name: KELLERDCFS.keller-pa.net
Addresses: 192.168.1.150
192.168.1.100
C:\Users\Andrew>
Thanks again! -
Processing of Group Policy failed - User Policy - Windows 7
OP:
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/191f1ee1-a551-446b-9808-ff66a952bb25
When running a gpupdate I get the following message:
Updating Policy...
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows could not authenticate to the Act
ive Directory service on a domain controller. (LDAP Bind function call failed).
Look in the details tab for error code and description.
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
This only happens on one computer under a certain account; other accounts work fine and the problem account works fine on other computers. Therefore the problem is located on the Windows 7 computer.
I have tracked it down to an LDAP error code 49.
I tried the MS sollution (http://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx) but the credentials are sound.
I can also connect to the DC with LDP.exe fine.
Here are the diagnostic read outs (GPResult was too long to post):
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2/29/2012 1:56:09 PM
Event ID: 1006
Task Category: None
Level: Error
Keywords:
User: Domain\UserAccount
Computer: Win7-ComputerA.FQDomain
Description:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1006</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-02-29T19:56:09.732842600Z" />
<EventRecordID>32458</EventRecordID>
<Correlation ActivityID="{CECE6DDC-E7CC-4563-8109-E62382F645D4}" />
<Execution ProcessID="984" ThreadID="3688" />
<Channel>System</Channel>
<Computer>Win7-ComputerA.FQDomain</Computer>
<Security UserID="S-1-5-21-416373151-1271962822-2142307910-40105" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">5012</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1326</Data>
<Data Name="ErrorCode">49</Data>
<Data Name="ErrorDescription">Invalid Credentials</Data>
<Data Name="DCName">
</Data>
</EventData>
</Event>
Windows IP Configuration
Host Name . . . . . . . . . . . . : WIN7-ComputerA
Primary Dns Suffix . . . . . . . : FQDomain
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : FQDomain
ParentDomain
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : FQDomain
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti
on
Physical Address. . . . . . . . . : 00-21-CC-5F-CF-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 216.71.244.28(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, February 29, 2012 12:38:25 PM
Lease Expires . . . . . . . . . . : Thursday, March 01, 2012 12:38:24 PM
Default Gateway . . . . . . . . . : 216.71.244.1
DHCP Server . . . . . . . . . . . : 216.71.244.2
DNS Servers . . . . . . . . . . . : 216.71.244.2
216.71.240.120
216.71.240.132
Primary WINS Server . . . . . . . : 216.71.244.2
Secondary WINS Server . . . . . . : 216.71.240.130
216.71.240.122
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 8C-A9-82-B0-67-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesHi,
It sound like port blocking issue, Seems your client system connecting 216.71.240.x DNS Servers as a logon server and which seems on different subnet
as per subnet mask, So there must be a router or firewall in between and so it might be Active directory ports are being blocked.
So first for testing purpose just remove other
216.71.240.x DNS
servers from TCP/IP configuration and clear dns cache
ipconfig/flushdns
and restart the system. check if it works.
or run this command on DC
dcdiag /test:dns
and share the error report.
Cheers!
Sanjay -
Processing of Group Policy Failed - Single DC error 1058
I have been getting the error every 5 mins for awhile:
The processing of Group Policy failed. Windows attempted to read the file \\xx.company\sysvol\xxx.company\Policies\{0000000-2323-2222-2222-333333}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this
event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
So - this is a single DC 2008R2. It started (I think) back when I joined another server on the domain and did a DCPromo to help build some redundancy. DFS was/is not enabled, do I need to set this up to resolve this?
User are able to login and policy are working, I only see this error on the DC, but other than the error everything seems to be working fine. I can access the share \\xx.company\sysvol\xxx.company\Policies\ and see it from all systems on the domain.
I looked for the Burflags to see if that would help but since there is no DFS there was nothing in the registry.
So at this point, I removed the secondary server via DCpromo, going back to just the 1 server DC but I still get the error. DNS works. When I do a DCDiag everything looks ok except the SysVol - I get about 10 of these
Starting test: SystemLog
An error event occurred. EventID: 0x00000422
Time Generated: 03/17/2015 14:49:41
Event String:
The processing of Group Policy failed... blah blah - same as above.
I looked at this link because of the combination of the 2 errors - Error 1058 and 00422 but its suggesting Authoritative restore, but I don't have the replication.
Now I am wondering if there is a left over connection somewhere in the system that doesn't know that there isn't another DC on the network?
So - any suggestions? Thanks in advance.Hi,
>>Now I am wondering if there is a left over connection somewhere in the system that doesn't know that there isn't another DC on the network?
Did we clean up the metadata of the removed domain controller? If not, we can follow the article below to do this.
Clean Up Server Metadata
https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx
Besides, on the existing domain controller, check Applications and Services Logs\FRS or DFSR logs in Event Viewer. If the issue persists, we can follow the method below to do an authoritative restore for Sysvol.
If we use FRS to replicate Sysvol, we can try to follow the article below to an authoritative restore for Sysvol.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
https://support.microsoft.com/en-us/kb/290762
If we use DFSR to replicate Sysvol, we can try to follow the article below to do an authoritative restore for Sysvol.
How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)
https://support.microsoft.com/en-us/kb/2218556
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
The processing of Group Policy failed because of lack of network connectivity to a domain controller
We are setting up a new AD environment with one AD/DC running DNS services, and a secondary DNS server configured with secondary zone. The problem is that none of the machines in the the domain are getting GPO.
When I run a gpupdate /force from a machine, I get the following output:
"Updating Policy...
User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were enc
ountered:
The processing of Group Policy failed because of lack of network connectivity to
a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results."
While the system event log outputs the following:
"The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy
has succesfully processed. If you do not see a success message for several hours, then contact your administrator."
All the machines that were joined to the domain are able to resolve in forward and reverse lookups, ping the DC and ping each other so I dont understand how the error can be resolved.
Here are few things I have tried:
1. I came across this KB which checked ok for me: http://support.microsoft.com/kb/241515
2. Made a copy of the default GPO, applied to a OU with one machine, and made sure to remove any GPO links from above
3. Enabled the following two local Group policies on a test member:
GP slow link detection
Startup policy processing wait time
4. Modified firewall to allow everything on both member and DC
5. Verified DSN logs, SRV records, access to sysvol ( added authenticated users to sysvol)
I have yet to figure out the reason for this issue. Has anyone seen anything like this before?1. I checked the NIC, it only has one IP. and I followed your article. I set the primary DNS to its own IP and the secondary DNS to the loopback ip
2. This is a new DC and DNS server. I dont have old records yet. I also check the DNS event logs. No errors
3. I made sure the member server is pointing only to the only DC/DNS server
4. Here is the output from the dcdiag.... everything passed except, the Netlogons part. I'm not sure what means or how to fix it yet:
Starting test: NetLogons
* Warning BUILTIN\Administrators did not have the "Access this
computer
"* from network" right.
[hostname] An net use or LsaPolicy operation failed with error
1, Incorrect function..
......................... hostname failed test NetLogons
Complete output:
> hostname
Server: hostname.domain.local
Address: X.X.X.95
> ^C
C:\Windows\system32>
C:\Windows\system32>nslookup
> set type=all
>
>
>
> _ldap._tcp.dc._msdcs.domainname
_ldap._tcp.dc._msdcs.domain.local SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = hostname.domain.local
hostname.domain.local internet address = X.X.X.95
> ^C
C:\Windows\system32>cd ..
C:\Windows>cd SYSVOL
C:\Windows\SYSVOL>cd sysvol
C:\Windows\SYSVOL\sysvol>dir
Volume in drive C has no label.
Volume Serial Number is F624-CDB2
Directory of C:\Windows\SYSVOL\sysvol
10/29/2014 08:25 PM <DIR> .
10/29/2014 08:25 PM <DIR> ..
10/29/2014 08:25 PM <JUNCTION> domain.local [C:\Windows\SYSVOL\domain]
0 File(s) 0 bytes
3 Dir(s) 63,971,037,184 bytes free
C:\Windows\SYSVOL\sysvol>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = hostname
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\hostname
Starting test: Connectivity
......................... hostname passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\hostname
Starting test: Advertising
......................... hostname passed test Advertising
Starting test: FrsEvent
......................... hostname passed test FrsEvent
Starting test: DFSREvent
......................... hostname passed test DFSREvent
Starting test: SysVolCheck
......................... hostname passed test SysVolCheck
Starting test: KccEvent
......................... hostname passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... hostname passed test
KnowsOfRoleHolders
Starting test: MachineAccount
......................... hostname passed test MachineAccount
Starting test: NCSecDesc
......................... hostname passed test NCSecDesc
Starting test: NetLogons
* Warning BUILTIN\Administrators did not have the "Access this
computer
"* from network" right.
[hostname] An net use or LsaPolicy operation failed with error
1, Incorrect function..
......................... hostname failed test NetLogons
Starting test: ObjectsReplicated
......................... hostname passed test
ObjectsReplicated
Starting test: Replications
......................... hostname passed test Replications
Starting test: RidManager
......................... hostname passed test RidManager
Starting test: Services
......................... hostname passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000003F6
Time Generated: 03/04/2015 18:23:06
Event String:
Name resolution for the name ctldl.windowsupdate.com timed out after
none of the configured DNS servers responded.
......................... hostname passed test SystemLog
Starting test: VerifyReferences
......................... hostname passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : emcdsm
Starting test: CheckSDRefDom
......................... emcdsm passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... emcdsm passed test CrossRefValidation
Running enterprise tests on : domain.local
Starting test: LocatorCheck
......................... domain.local passed test LocatorCheck
Starting test: Intersite
......................... domain.local passed test Intersite
C:\Windows\SYSVOL\sysvol> -
Disable autorecovery in Word and Excel via group Policy fails
hello everybody,
I have to disable the autorecovery - and unsaved functions in the office 2010 suite on winXPsp3.
In the group policy console i set the function to "disabled" , so on the client side in the registry the values for:
software\policies\microsoft\office\14.0\excel\options\KeepUnsavedChanges =0
software\policies\microsoft\office\14.0\excel\options\AutoRecoverEnabled =0
software\policies\microsoft\office\14.0\word\options\KeepUnsavedChanges =0
software\policies\microsoft\office\14.0\word\options\AutoRecoverEnabled =0
appear. This works fine on Powerpoint, but in Excel and Word users still have the chance to enable autorecovery from the "file" menu on the client. Time settings are greyed out, but by activating autorecovery, settings are configurable again.
Any idea where else i could configure "autorecovery" and "KeepUnsavedChanges" to be unavailable for the customer ?
thank you in advance,
HennesHi Everybody,
we finally found something close to our wishes together with MS Support ( the answer was just a few dollars away !) We had to configure exactly the opposite of what we want and combine it with a senseless time interval......tataaaaa We´re done !
If you want to deactivate autoRecovery, you have to set "AutoRecoverEnabled" to "activate" and select a time interval for "save AutoRecover info every X minutes" of "0" minutes. Then the option will be greyed out , although the customer might reactivate
it by checking the box. Anyhow, files will be deleted at logoff and there are no recoverable files left on the Client .
(although this function is very smart on your personal windows-client, we needed to get rid of it on some public Terminals where workers without personal account write their reports and other personalized dokuments)
It works! In my case (Word 2010 on Win2008 terminal server) I only had to enable the 'Save AutoRecover info' setting and put a value of 0.
Thank you -
Group policy failes to push ccmsetup on all computers
I have exported ConfigMgrADMTemplates in GPO.
Computer Configuration-policies-Administratie Templates- Classic Administrative Templates-
Configuration Manager 2012-Configuration Manager 2012 Client
I have enabled Configure Configuration Manager 2012 Site Assignment
I have enabled Configure Configuration Manager 2012 Client Deployment Settings
i have given commands line
I have tried both the below command lines
/mp=sccm.mydomain.com /logon SMSSITECODE=COD /source:"\\sccm\configmgrclient"
SMSSITECODE=COD FSP=sccm.mydomain.com MP=sccm.mydomain.com
i have a folder configmgrclient(contain ccmsetup) on my sccm server and i have given full rights to domain users
and domain admins in sharing and security.
GPO-computer configuration-Polices-Software settings-Software installation- new package-
i have selected the shared folder and selected assigned.
My gpo fails do guide me the correct procedurein the ccmsetup log files i can see
<![LOG[Downloading \\sccm\clientgpo\ccmsetup.cab to C:\Windows\ccmsetup\ccmsetup.cab]LOG]!><time="13:13:55.148-180" date="04-30-2014" component="ccmsetup" context="" type="1" thread="3000"
file="ccmsetup.cpp:5769">
<![LOG[Failed to access source file (2). Waiting for retry...]LOG]!><time="13:13:55.163-180" date="04-30-2014" component="ccmsetup" context="" type="2" thread="3000" file="ccmsetup.cpp:5781">
<![LOG[Next retry in 10 minute(s)...]LOG]!><time="13:13:55.163-180" date="04-30-2014" component="ccmsetup" context="" type="0" thread="3000" file="ccmsetup.cpp:8835">
<![LOG[Downloading \\sccm\clientgpo\ccmsetup.cab to C:\Windows\ccmsetup\ccmsetup.cab]LOG]!><time="13:23:57.571-180" date="04-30-2014" component="ccmsetup" context="" type="1" thread="3000"
file="ccmsetup.cpp:5769">
<![LOG[Failed to access source file (2). Waiting for retry...]LOG]!><time="13:23:57.586-180" date="04-30-2014" component="ccmsetup" context="" type="2" thread="3000" file="ccmsetup.cpp:5781">
<![LOG[Next retry in 10 minute(s)...]LOG]!><time="13:23:57.586-180" date="04-30-2014" component="ccmsetup" context="" type="0" thread="3000" file="ccmsetup.cpp:8835">
i can see the GPO applying and ccmsetup process is running.
for the shared folder i gave domain users, everyone, domain admin rights full access and even for the ccmsetup.msi file also i have given the same rights. -
Group Policy Infrastructure Failed : The target name is incorrect
Hi,
I am currently facing issues regarding Group Policy, users are unable to change the password.
When i run gpupdate /force on servers, the user policy and computer policy are successful but when i run the same on any client i receive error as per below,
" C:\Windows\system32>gpupdate /force
Updating Policy...
User policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows attempted to read the file \\mydomain.com\SysVol\mydomain.com\Poli
cies\{5C07D38D-C488-4E32-9871-AA99DAB86898}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue may be transient and could
be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to th
e current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to a
ccess information about Group Policy results."
Below is the result of GPRESULT /H GPReport.html.
Component Status
Component Name Status
Last Process Time
Group Policy Infrastructure Failed
9/8/2014 1:56:58 PM
Group Policy Infrastructure failed due to the error listed below.
Logon Failure: The target account name is incorrect.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 9/8/2014 1:56:48 PM and 9/8/2014 1:56:58 PM.
Any idea on how to solve this problem ? thanks.Hi Calin,
1). yes the dns resolution is working fine in our environment
2). the GPO object and its folder was deleted and doesnt exist anymore.
3). IPconfig/all result as per below from client
C:\Users\arslan>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : ITMGMTPC
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mydomain.com
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : XXXXXX
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.200.49(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, September 10, 2014 8:50:36 AM
Lease Expires . . . . . . . . . . : Thursday, September 18, 2014 8:50:36 AM
Default Gateway . . . . . . . . . : XXXXXX
DHCP Server . . . . . . . . . . . : XXXXXX
DNS Servers . . . . . . . . . . . : 192.168.200.1
192.168.240.2
Primary WINS Server . . . . . . . : 192.168.200.1
NetBIOS over Tcpip. . . . . . . . : Enabled
3). IPconfig/all result as per below from server
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : hopdc
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : XXXXXX
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.200.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : XXXXXX
DNS Servers . . . . . . . . . . . : 192.168.200.1
192.168.240.2
NetBIOS over Tcpip. . . . . . . . : Enabled
4. please find below findings,
C:\Users\arslan>nltest /dsgetsite
HO1
The command completed successfully
C:\Users\arslan>nltest /dsgetdc:domain
Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN -
GPO Complete backup is failed, tried single GPO backup too.
The Error message is shown below,
GPO: Admin IT...Failed
The specified server cannot perform the requested operation.Hi Frank,
We have done Teaming for the server. Its HP Proliant DL 380 G7. From than we are not able to take the GPOs backup.
As per the below information from the Sandesh. Please check the Point No 2.
the url for this details description ("https://social.technet.microsoft.com/Forums/en-US/7c7bf4f4-0165-45c8-9ec6-1744440484e3/the-processing-of-group-policy-failed?forum=winserverDS")
Also ensure the correct dns setting on DC:
1. Each DC / DNS server points to its private IP address as primary DNS server and other remote/local DNS servers as secondary in TCP/IP properties.
2. Each DC has just one IP address and single network adapter is enabled.
3. Contact your ISP and get valid DNS IPs from them and add it in to the forwarders, Do not set public DNS server in TCP/IP setting of DC.
4. Once you are done, run "ipconfig /flushdns & ipconfig /registerdns", restart DNS and NETLOGON service each DC.
Do not put private DNS IP addresses in forwarder list.
Best Regards,
Sandesh Dubey. -
Group Policy processing failure on 2008 when MIX Domain 2003 with DC 2008
Dear I try to add additional Windows 2008 Domain to My Domain controller 2003 and I ma Receiving Group policy error in DC 2008 With Event ID 1055
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1055</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-03-06T14:36:44.411955300Z" />
<EventRecordID>3859</EventRecordID>
<Correlation ActivityID="{28DAD258-26D0-4C1E-A4B7-F37DEE04C8F1}" />
<Execution ProcessID="952" ThreadID="3276" />
<Channel>System</Channel>
<Computer>PRIMARYDC.Qtit.com</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">1632</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1578</Data>
<Data Name="ErrorCode">5</Data>
<Data Name="ErrorDescription">Access is denied.</Data>
</EventData>
</Event>
I install See KB939820 for a hotfix applicable to Microsoft DC 2003 regrading to he KRBTGT account
Refer Url : http://support.microsoft.com/kb/939820
I run dcdiag /v on and repadmin /showrepl at DC 2008
the dcdiag /v result
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine PRIMARYDC, is a Directory Server.
Home Server = PRIMARYDC
* Connecting to directory service on server PRIMARYDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... PRIMARYDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Advertising
The DC PRIMARYDC is advertising itself as a DC and having a DS.
The DC PRIMARYDC is advertising as an LDAP server
The DC PRIMARYDC is advertising as having a writeable directory
The DC PRIMARYDC is advertising as a Key Distribution Center
The DC PRIMARYDC is advertising as a time server
The DS PRIMARYDC is advertising as a GC.
......................... PRIMARYDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:18:56
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:53:21
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
......................... PRIMARYDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... PRIMARYDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... PRIMARYDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... PRIMARYDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
......................... PRIMARYDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC PRIMARYDC on DC PRIMARYDC.
* SPN found :LDAP/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :LDAP/PRIMARYDC.Qtit.com
* SPN found :LDAP/PRIMARYDC
* SPN found :LDAP/PRIMARYDC.Qtit.com/QTIT
* SPN found :LDAP/e3d8c76c-1b59-4de6-9f7f-c438df9a2863._msdcs.Qtit.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e3d8c76c-1b59-4de6-9f7f-c438df9a2863/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com
* SPN found :HOST/PRIMARYDC
* SPN found :HOST/PRIMARYDC.Qtit.com/QTIT
* SPN found :GC/PRIMARYDC.Qtit.com/Qtit.com
......................... PRIMARYDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC PRIMARYDC.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
DC=DomainDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=Qtit,DC=com
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Qtit,DC=com
(Configuration,Version 3)
* Security Permissions Check for
DC=Qtit,DC=com
(Domain,Version 3)
......................... PRIMARYDC failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\PRIMARYDC\netlogon
Verified share \\PRIMARYDC\sysvol
......................... PRIMARYDC passed test NetLogons
Starting test: ObjectsReplicated
PRIMARYDC is in domain DC=Qtit,DC=com
Checking for CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com in domain DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com in domain CN=Configuration,DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
......................... PRIMARYDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... PRIMARYDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 14607 to 1073741823
* SecondAD.Qtit.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 14107 to 14606
* rIDPreviousAllocationPool is 14107 to 14606
* rIDNextRID: 14124
......................... PRIMARYDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... PRIMARYDC passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x0000A001
Time Generated: 03/06/2014 16:04:05
Event String:
The Security System could not establish a secured connection with the server ldap/PRIMARYDC.Qtit.com/[email protected]. No authentication protocol was available.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:06:35
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:11:36
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:16:38
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:21:39
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:26:41
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:46
Event String:
Driver TOSHIBA e-STUDIO16/20/25 PCL 6 required for printer TOSHIBA e-STUDIO16/20/25 PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:48
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:49
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:14
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:31:42
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
......................... PRIMARYDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com and backlink on
CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on
CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com are
correct.
......................... PRIMARYDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Qtit
Starting test: CheckSDRefDom
......................... Qtit passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Qtit passed test CrossRefValidation
Running enterprise tests on : Qtit.com
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
PDC Name: \\SecondAD.Qtit.com
Locator Flags: 0xe00001bd
Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
KDC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
......................... Qtit.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... Qtit.com passed test Intersite
repadmin /showrepl Result
******************************8
==== INBOUND NEIGHBORS ===================================
DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:04 was successful.
CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:39 was successful.
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
DC=DomainDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:27:31 was successful.
DC=ForestDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
I try to down the DC 2003 and access \\Qtit.com it success open the syslog on DC 2008
Any help or adviceHi,
Were there other error codes logged in Event Viewer?
Regarding Event ID 1055, the following article can be referred to for troubleshooting.
Event ID 1055 — Group Policy Preprocessing (Security)
http://technet.microsoft.com/en-us/library/cc727272(v=ws.10).aspx
Based on the report you posted, this issue may be related to FRS replication service. As a result, we can use ntfrsutl tool to check whether the replication service is healthy.
Regarding this point, the following articles can be referred to for more information.
Troubleshooting File Replication Service
http://technet.microsoft.com/en-us/library/bb727056.aspx
Ntfrsutl
http://technet.microsoft.com/en-us/library/hh875636.aspx
In addition, we can also try doing a non-authoritative Sysvol restore on Windows Server 2008 DC to see whether the issue persists.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Hope it helps.
Best regards,
Frank Shen -
Windows 7 Group Policy Processing - EventID 1058
I am having an issue with Windows 7 clients refreshing group policy. When I run gpupdate the user policy refreshes and the moves on to the computer policies but fails displaying the error below. Replication topology checks out, dcdiag returns
no errors and sysvol permissions look ok too. Curiously the same policies apply just fine on windows xp pro systems. The Domain Controller is running Server 2008 Enterprise Edt R2 SP1, I see no 1030 eventid's on the domain controllers as others
frequently report with this error. The domain is running at Windows Server 2003 functional level but I have creaded a PolicyDefinitions folder in the sysvol for admx files etc. Where to go from here? Does anyone have any suggestions/insight
as to what the issue may be?
The sysvol and the gpt.ini file is accessible from the Windows 7 client using UNC path.
Thanks in advance for any assistance given.
The error code listed is 0 which is not mentioned in this article
http://social.technet.microsoft.com/wiki/contents/articles/1456.aspx
## Error details
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2/8/2012 2:38:09 PM
Event ID: 1058
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: win7box.abc123.net
Description:
The processing of Group Policy failed. Windows attempted to read the file
\\abc123.net\SysVol\abc123.net\Policies\{EB062BE8-CAF6-47B4-9B8B-27A19268C520}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused
by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1058</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-02-08T20:38:09.770740300Z" />
<EventRecordID>3972</EventRecordID>
<Correlation ActivityID="{24F60AA4-DC8D-4F6D-8787-9535072F03C0}" />
<Execution ProcessID="996" ThreadID="1148" />
<Channel>System</Channel>
<Computer>win7box.abc123.net</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SupportInfo1">4</Data>
<Data Name="SupportInfo2">816</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">3354</Data>
<Data Name="ErrorCode">0</Data>
<Data Name="ErrorDescription">The operation completed successfully. </Data>
<Data Name="DCName">DC.abc123.net</Data>
<Data Name="GPOCNName">CN={EB062BE8-CAF6-47B4-9B8B-27A19268C520},CN=Policies,CN=System,DC=abc123,DC=net</Data>
<Data Name="FilePath">\\abc123.net\SysVol\abc123.net\Policies\{EB062BE8-CAF6-47B4-9B8B-27A19268C520}\gpt.ini</Data>
</EventData>
</Event>
## DCDiag Results (No RODC's hence NCSecDesc error )
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: North\DC
Starting test: Connectivity
......................... DC passed test Connectivity
Doing primary tests
Testing server: North\DC
Starting test: Advertising
......................... DC passed test Advertising
Starting test: FrsEvent
......................... DC passed test FrsEvent
Starting test: DFSREvent
......................... DC passed test DFSREvent
Starting test: SysVolCheck
......................... DC passed test SysVolCheck
Starting test: KccEvent
......................... DC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=abc123,DC=net
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=abc123,DC=net
......................... DC failed test NCSecDesc
Starting test: NetLogons
......................... DC passed test NetLogons
Starting test: ObjectsReplicated
......................... DC passed test ObjectsReplicated
Starting test: Replications
......................... DC passed test Replications
Starting test: RidManager
......................... DC passed test RidManager
Starting test: Services
......................... DC passed test Services
Starting test: SystemLog
......................... DC passed test SystemLog
Starting test: VerifyReferences
......................... DC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : abc123
Starting test: CheckSDRefDom
......................... abc123 passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... abc123 passed test CrossRefValidation
Running enterprise tests on : abc123.net
Starting test: LocatorCheck
......................... abc123.net passed test LocatorCheck
Starting test: Intersite
......................... abc123.net passed test IntersiteI shortened this down a good bit but here is the gist of it, my question is which context/user/account is being denied access to the .ini files? I have never used the streams utility but I'll give it a whirl and report back what I get. Most of
the cannot be accessed are probably just policies that are not applicable to the machine but the gpt.ini errors are baffling me.
New GPO - it appears that new GPOs are fine
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Searching <cn={5D0EF3CD-7942-4A89-A879-4F9FDB3064BF},cn=policies,cn=system,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{5D0EF3CD-7942-4A89-A879-4F9FDB3064BF}>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found common name of: <{5D0EF3CD-7942-4A89-A879-4F9FDB3064BF}>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found display name of: <gpoC-Win7Test>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found machine version of: GPC is 0, GPT is 0
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found flags of: 0
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: No client-side extensions for this object.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: GPO gpoC-Win7Test doesn't contain any data since the version number is 0. It will be skipped.
Older GPO's - not so fine
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={B34A8F23-269C-43D8-A097-2307729FBFF6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Searching <CN={55338992-95C9-4FA2-80E4-0ED4A623EE09},CN=Policies,CN=System,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{55338992-95C9-4FA2-80E4-0ED4A623EE09}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found common name of: <{55338992-95C9-4FA2-80E4-0ED4A623EE09}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found display name of: <gpoS-RealPlayerEnt6 - Security>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found machine version of: GPC is 0, GPT is 0
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found flags of: 0
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: No client-side extensions for this object.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO gpoS-RealPlayerEnt6 - Security doesn't contain any data since the version number is 0. It will be skipped.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={C92FD413-E891-47E0-B554-BD7F9209D036},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={FEF33797-46D0-452A-B3D7-0BEEC2330592},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={CCBFECA5-2FF8-4512-8CE4-108C4092D009},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={767959D5-7AB6-4D55-A02E-3F54439CC7DA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={10DCAC5E-9904-41FF-B678-E8514F481E56},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={3229FD3D-868A-4406-AFAF-6449ADBB4749},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1DD39B5C-B930-4750-8EC3-42D0FB89A3B9},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={E10350D2-F632-4D5E-9668-4151596B1D77},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={86C864C5-C861-42FC-B728-BAEE81C9A091},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={FE1162BF-9FE2-4F04-A514-80A8E6D5F7CD},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={F68214D3-33F3-4F76-BE26-306D0237A048},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={CA6B06CE-C546-41F1-87FB-9013701AEF00},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={C8C9EFA2-90AA-4162-9051-23FD83B5CF62},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={DE445C4F-9A0F-488F-8769-C041CF2184AA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={7CDB465C-55AC-4CBC-9C18-F3ADACDFEB46},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={F4E0F78E-BE36-4793-A8B1-83B2D67083F1},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={53359F0A-8C9B-4831-936F-3D47C4CC2694},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={6793DBEE-47B0-458D-8F1C-D92EB7015733},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={93919120-7113-47C0-AA38-0561EAB18E42},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={5ABD1D9E-07E4-4A53-B854-A2FFC3B257CB},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={71E2B86C-A4A0-47C0-9D7F-BDD6220B9FA4},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={4401CF1C-7839-4496-BB87-304A8AB917FC},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1244CA5A-D654-4ED6-9374-148F1F3DA8ED},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={42875CF2-B9E9-4EFA-90C2-7ACA8882F1B7},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={6DD428B6-6B19-4A53-B172-57DB3E15A38E},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={983BFDAD-65F0-42B4-807A-E78DF275C352},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={AFA31A2D-07D8-4CB4-BE86-067A9624E324},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={77C9CA17-6359-4355-9FDF-F605F0441245},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={75D43291-6FA2-4B98-8422-228DDB45571B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={870C6FB3-74CD-46E8-9D4D-E6E6C0A2B52D},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={2144E4CF-01C1-4C5B-984B-E9BD4461406F},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={7D9DB917-1245-46BD-AEBF-163A2F0FCD06},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={B7431941-5DAA-4DD2-A569-35C31B92B677},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={D01BF1D1-33C8-4FC3-95C3-5948A1EE1647},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={57D4AD83-3BBF-43C2-9A3B-F71F3E52C2A6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={A8DB7DAC-42F0-43FC-99E1-F1AC15006101},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={56574927-6DC5-48A7-82F9-A00E820335F6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={2FB6858E-8B1C-4C89-83B2-0EEE97D9A72B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={93C56E3F-5334-4325-A328-0CCAFED0828B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1B64E00F-D3B6-49B6-B6C8-7AD0A8C9AEFA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={81B4E46C-8249-4547-BC75-9A1FB395E282},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={43D5184A-73C8-4BFD-9B09-33C70B8BC3C2},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Searching <CN={0ABE0BCF-0BC5-481E-AC86-5768D00901D5},CN=Policies,CN=System,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{0ABE0BCF-0BC5-481E-AC86-5768D00901D5}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Couldn't find the group policy template file <\\abc123.net\SysVol\abc123.net\Policies\{0ABE0BCF-0BC5-481E-AC86-5768D00901D5}\gpt.ini>,
error = 0x0. DC: DC2.abc123.net
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 EvalList: ProcessGPO failed
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: EvaluateDeferredGPOs failed. Exiting
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: Leaving with 0
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: ********************************
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: GetGPOInfo failed.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: No WMI logging done in this policy cycle.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: Processing failed with error 87.
GPSVC(3e4.80c) 12:43:27:557 Application complete with bConnectivityFailure = 0.
GPSVC(3e4.80c) 12:43:27:557 Signalling 1 Refresh Policy callers
GPSVC(f84.df4) 12:43:27:557 Exiting RefreshPolicyForPrincipal with status = 0
GPSVC(3e4.80c) 12:43:27:557 GPLockPolicySection: Sid = (null), dwTimeout = 600000, dwFlags = 0
GPSVC(3e4.80c) 12:43:27:557 LockPolicySection called for user <Machine>
GPSVC(3e4.80c) 12:43:27:557 Sync Lock Called
GPSVC(3e4.80c) 12:43:27:557 Writer Lock got immediately.
GPSVC(3e4.80c) 12:43:27:557 Lock taken successfully
GPSVC(3e4.80c) 12:43:27:557 UnLockPolicySection called for user <Machine>
GPSVC(3e4.80c) 12:43:27:557 UnLocked successfully -
Group policy didnt work (SYSVOL replication)
Hello experts
I need information and help. I have a 4 domain controller in my domain. 1 domian controller runs windows 2003 SP2 other domains are windows 2008 r2. Today i created Group policy for my testing environment then gpupdate /force from my PC. Then error:
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows attempted to read the file \\golo
mtbank.local\SysVol\golomtbank.local\Policies\{DEFBC9A3-F3F4-4598-BF04-ADFF097BC
04F}\gpt.ini from a domain controller and was not successful. Group Policy setti
ngs may not be applied until this event is resolved. This issue may be transient
and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
I checked SYSVOL folders on my DCs. This folder created on primary domain controller but didn't created other 3 servers. Primary domain is Windows 2008 R2. I was moved Policy definitions (ADMX files) retrieved from the local machine to central store about
few months ago.
Please help me how can solve this problem and how can replicate SYSVOL folder. THanks all> This is my production environments. Is it safe to do so?
Yes, mostly. To verify, check NTFRS event logs on all DCs and post the
last error message you find about replication issues.
Resolution Step by step:
Backup Sysvol on each DC in case replication didn't work for a long time.
On all DCs stop and disable the ntfrs service.
On the PDC (netdom query pdc), do the D4 thing and enable/start ntfrs.
On all other DCs, do the D2 thing and enable/start ntfrs.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
I have two Domain Controllers Main ( Main DC ) and Second DC.
the date of some policies is not out of date....
please check these files to know the problem.
dcdiag.txt output:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine ASMDC, is a Directory Server.
Home Server = ASMDC
* Connecting to directory service on server ASMDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=buc,DC=edu,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=buc,DC=edu,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ASMDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... ASMDC passed test Connectivity
Testing server: Default-First-Site-Name\BSMDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... BSMDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ASMDC
Starting test: Advertising
The DC ASMDC is advertising itself as a DC and having a DS.
The DC ASMDC is advertising as an LDAP server
The DC ASMDC is advertising as having a writeable directory
The DC ASMDC is advertising as a Key Distribution Center
The DC ASMDC is advertising as a time server
The DS ASMDC is advertising as a GC.
......................... ASMDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... ASMDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... ASMDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ASMDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... ASMDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Domain Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role PDC Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Rid Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
......................... ASMDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC ASMDC on DC ASMDC.
* SPN found :LDAP/ASMDC.buc.edu/buc.edu
* SPN found :LDAP/ASMDC.buc.edu
* SPN found :LDAP/ASMDC
* SPN found :LDAP/ASMDC.buc.edu/BUC
* SPN found :LDAP/5e88f85b-15a6-4ff5-b0fd-6df748df06fd._msdcs.buc.edu
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5e88f85b-15a6-4ff5-b0fd-6df748df06fd/buc.edu
* SPN found :HOST/ASMDC.buc.edu/buc.edu
* SPN found :HOST/ASMDC.buc.edu
* SPN found :HOST/ASMDC
* SPN found :HOST/ASMDC.buc.edu/BUC
* SPN found :GC/ASMDC.buc.edu/buc.edu
......................... ASMDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ASMDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=buc,DC=edu
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=buc,DC=edu
(Configuration,Version 3)
* Security Permissions Check for
DC=buc,DC=edu
(Domain,Version 3)
......................... ASMDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ASMDC\netlogon
Verified share \\ASMDC\sysvol
......................... ASMDC passed test NetLogons
Starting test: ObjectsReplicated
ASMDC is in domain DC=buc,DC=edu
Checking for CN=ASMDC,OU=Domain Controllers,DC=buc,DC=edu in domain DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu in domain CN=Configuration,DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
......................... ASMDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=DomainDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Schema,CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... ASMDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8604 to 1073741823
* ASMDC.buc.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 7604 to 8103
* rIDPreviousAllocationPool is 7604 to 8103
* rIDNextRID: 7640
......................... ASMDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ASMDC passed test Services
Starting test: SystemLog
* The System Event log test
An Warning Event occurred. EventID: 0x825A0024
Time Generated: 08/21/2014 00:22:16
Event String:
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system
time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources.
Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
An Warning Event occurred. EventID: 0x8000000E
Time Generated: 08/21/2014 00:32:29
Event String:
There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential BUC.EDU\administrator.
An Error Event occurred. EventID: 0x00000422
Time Generated: 08/21/2014 00:32:29
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\buc.edu\sysvol\buc.edu\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not
successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
......................... ASMDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=ASMDC,OU=Domain Controllers,DC=buc,DC=edu and backlink on
CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
The system object reference (serverReferenceBL)
CN=ASMDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=buc,DC=edu
and backlink on
CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
......................... ASMDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\BSMDC
Starting test: Advertising
The DC BSMDC is advertising itself as a DC and having a DS.
The DC BSMDC is advertising as an LDAP server
The DC BSMDC is advertising as having a writeable directory
The DC BSMDC is advertising as a Key Distribution Center
The DC BSMDC is advertising as a time server
The DS BSMDC is advertising as a GC.
......................... BSMDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... BSMDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... BSMDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BSMDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... BSMDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Domain Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role PDC Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Rid Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
......................... BSMDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC BSMDC on DC BSMDC.
* SPN found :LDAP/BSMDC.buc.edu/buc.edu
* SPN found :LDAP/BSMDC.buc.edu
* SPN found :LDAP/BSMDC
* SPN found :LDAP/BSMDC.buc.edu/BUC
* SPN found :LDAP/93561cab-4fb3-421f-9a67-af6b4c280eca._msdcs.buc.edu
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/93561cab-4fb3-421f-9a67-af6b4c280eca/buc.edu
* SPN found :HOST/BSMDC.buc.edu/buc.edu
* SPN found :HOST/BSMDC.buc.edu
* SPN found :HOST/BSMDC
* SPN found :HOST/BSMDC.buc.edu/BUC
* SPN found :GC/BSMDC.buc.edu/buc.edu
......................... BSMDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC BSMDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=buc,DC=edu
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=buc,DC=edu
(Configuration,Version 3)
* Security Permissions Check for
DC=buc,DC=edu
(Domain,Version 3)
......................... BSMDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\BSMDC\netlogon
Verified share \\BSMDC\sysvol
......................... BSMDC passed test NetLogons
Starting test: ObjectsReplicated
BSMDC is in domain DC=buc,DC=edu
Checking for CN=BSMDC,OU=Domain Controllers,DC=buc,DC=edu in domain DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu in domain CN=Configuration,DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
......................... BSMDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=DomainDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Schema,CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... BSMDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8604 to 1073741823
* ASMDC.buc.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 8104 to 8603
* rIDPreviousAllocationPool is 8104 to 8603
* rIDNextRID: 8106
......................... BSMDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BSMDC passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:15
Event String:
Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:18
Event String:
Driver SolidPDF XChange required for printer SolidPDF XChange is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:18
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!net_pc5!NRG SP 3400N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:19
Event String:
Driver Send To Microsoft OneNote Driver required for printer !!BUCLAPTOP1!Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:20
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!BUCLAPTOP1!NRG SP 3400N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An Warning Event occurred. EventID: 0x80000008
Time Generated: 08/20/2014 23:52:20
Event String:
The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 2) were deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000004
Time Generated: 08/20/2014 23:52:20
Event String:
Printer Microsoft XPS Document Writer (redirected 2) will be deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000003
Time Generated: 08/20/2014 23:52:20
Event String:
Printer Microsoft XPS Document Writer (redirected 2) was deleted, and users will no longer be able to print to this printer. No user action is required.
To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click
the Advanced tab, and then clear the Log spooler information events check box.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:22
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!BUCLAPTOP1!NRG SP 3400N PCL 6 (Copy 1) is unknown. Contact the administrator to install the driver before you log in again.
......................... BSMDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BSMDC,OU=Domain Controllers,DC=buc,DC=edu and backlink on
CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
The system object reference (serverReferenceBL)
CN=BSMDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=buc,DC=edu
and backlink on
CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
......................... BSMDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : buc
Starting test: CheckSDRefDom
......................... buc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... buc passed test CrossRefValidation
Running enterprise tests on : buc.edu
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
PDC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
Time Server Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
KDC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
......................... buc.edu passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... buc.edu passed test Intersite
====================================================================
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\ASMDC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 5e88f85b-15a6-4ff5-b0fd-6df748df06fd
DSA invocationID: 1355f657-cd24-4ad4-b890-f04f5c624acd
==== INBOUND NEIGHBORS ======================================
DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:43:56 was successful.
CN=Configuration,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:41:11 was successful.
CN=Schema,CN=Configuration,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-20 23:51:37 was successful.
DC=DomainDnsZones,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:45:39 was successful.
DC=ForestDnsZones,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-20 23:51:37 was successful.
Regards and thanks in advance
MhiarHi,
Based on the description, the Sysvol is replicated by FRS service.
>>some policies at the main DC are not updated like same policies in second DC.
In this case, we can do a non-authoritative restore on the main DC.
To do so:
Click Start, and then click
Run.
In the
Open box, type cmd and then press ENTER.
In the
Command box, type net stop ntfrs.
Click Start, and then click
Run.
In the
Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double-click
BurFlags.
In the
Edit DWORD Value dialog box, type D2 and then click OK.
Quit Registry Editor, and then switch to the
Command box.
In the
Command box, type net start ntfrs.
Quit the
Command box.
Regarding reinitializing File Replication Service replica sets, the following article can be referred to for more information.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Best regards,
Frank Shen -
Group Policy not work in some client machine.
Hello All,
Existing environment is AD 2012. gpupdate /force command does not working in some client machine. And it's occur randomly. Error shown about 15-20% of client machine. Please suggest. Hopefully this time get reply from community.
The Error:
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows attempted to read the file \\example.net\sysvol\example.net\Policies\{31B2F340-016D-11D2-945F-00C04FB
984F9}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:
The processing of Group Policy failed. Windows attempted to read the file \\example.net\sysvol\example.net\Policies\{31B2F340-016D-11D2-945F-00C04FB
984F9}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.Thanks for your reply. basically this error occurs with in same location as well as branch location. i have check event log in AD but not got any specific error. AD health status is ok. AD to AD synchronization also working well. All the client machine running
on windows 7 64 bit and few of them are windows 8.
Please suggest. if you need any event log for analysis i can send you.
Thanks
I recommend you examine the event logs upon an affected client machine. Specifically, look for the surrounding events on that machine (both System, and Application logs), for the hours previous and the hour after.
The time period may vary according to your environment (e.g. what is expected/normal for your environment, your configured GP refresh cycle-time).
e.g., are there network drops, or power drops, or system crashes, restarts at the similar time.
if it's a laptop, is it wireless? Was there a transition from wireless to wired operation?
Is there VPN in use?
If you are able to compare with another machine (I would encourage that), to understand what "normal" looks like in the logs, so that you have some kind of baseline data for comparison.
Other checks, maybe confirm that the machines are updating as required (have the relevant WindowsUpdates etc), and consider if some security/protection/firewall software might be interfering with normal Windows operations.
Also the potential for malware or virus, which can disturb many basic services (ensure a scan is performed and returns clean).
If you have the opportunity for an affected user to contact you urgently when the symptom occurs, check that the gpt.ini file is accessible from their PC.
e.g.: \\example.net\sysvol\example.net\Policies\{31B2F340-016D-11D2-945F-00C04FB
984F9}\gpt.ini
This file is hosted within the replicated SYSVOL share on your DC's, so check that it is accessible.
You might also validate the particular GPO this refers to, and check each of your DC's holds the correct copy of the files for that GPO GUID.
If you open that GPO, and perform a minor change to it (e.g. add a comment), then click Apply, OK, this should cause the GPO contents to replicate an updated version (be cautious, depending upon the nature of that GPO !!!)
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Slow logins to domain, several event ID errors (group policy, netlogon, NTP errors)
We have a laptop user who was experiencing slow logons in a remote office. (Remote office has 100 users, only 1 is reporting the issue). Helpdesk swapped computers to give the user brand new hardware. The new laptop worked
fine while in the IT department in the main office, the user returned to their desk in their remote office after replacing the laptop and logged in and experienced the same slow logon issues as the older laptop.
Logons take up to 45 mins to process. (Login script hangs and does not process). During the process, you can check IPConfig and it received the proper DNS settings. you can ping the authenticating server by name. We have scanning
on our local copiers setup to scan to the users desktop, and this errors out. DNS on the AD controller shows the proper IP address for the machine and you can ping the machine by name.
System Event log is loaded with errors:
Event ID 5719 - Netlogon, computer not able to setup a secure session with a domain controller in the domain
Event ID 1129 - Group Policy, processing of Group Policy failed because of lack of network connectivity
Event ID 129 - Time Service, NTP Client was unable to set a domain peer to use as a time source
Event ID 5783 - NetLogon, The session setup to the WIndows NT or 2000 domain controller (xxx) for the domain is not responsive. RPC call cancelled. (NOTE - you can ping this domain controller by name and by IP with no issues)
Event ID 130 - Time-Service, NTP client unable to set a domain peer
All these seem to point to RPC errors timing out because they cannot communicate to the network resources. The problem happens on wired or wireless connections. We had the user move to a different network connection (one we know is working for
another user) the problem persists. The problem was on the original computer and continues to happen even after replacing the hardware with a brand new laptop.
I have tried running the following hotfix. Which does not resolve the issue:
http://support2.microsoft.com/kb/2459530 which technically this shouldn't be an issue because we use DHCP off the 2003 AD domain controller.
I have checked the domain controller, AD Replication is processing with no issues. DNS is working. The local DHCP server has no issues or events related to this account and neither does the local DNS server or the authenticating server (which
is in another remote office).
Hi,
As we know, most of the time error event 5719 is caused by network connectivity issues or name resolution issue, I suggest you refer to this link to make a further analysis
http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
And this link:
Root Causes for Slow Boots and Logons
http://social.technet.microsoft.com/wiki/contents/articles/10130.root-causes-for-slow-boots-and-logons-sbsl.aspx
Yolanda Zhu
TechNet Community Support
Maybe you are looking for
-
Report from SAP Quickviewer code
Hi, I have been given a code generated by SAP Quickviewer (transaction SQVI). The client expects me to design an ABAP Report using this code as a guideline. Is this practically possible. I don't even have access to the name of the quickview. No tech
-
Do I need 2 keyboards for macbook and iMac in clamshell mode?
Hi Experts, do I need 2 wireless keyboards to work with macbook pro connected to iMac in clamshell mode? or can the keyboard be switched from iMac to MacBook 'on the fly' (after activating TDM mode)? Problem is that when I activate TDM to display the
-
Somebody plz tell me if there is a list of incompatible monitors with the mac mini. I am going to buy a mac mini and simply wish to know if the monitor Samsung Syncmaster 773s will be compatible with it. Has anybody had any problems with this particu
-
NAT 8.6 multiple subnets in a single static NAT
Hello all, I have this question, probably pretty an easy to answer, but unfortunately I can't test it myself in a production environment right now. Do you know if is possible to have in ASA 8.6 a Static NAT rule with multiple subnets in both object g
-
Problem using external editor in iPhoto
Using Adobe photoshop CS5 the returned image to Iphoto can not be edited with the Iphoto editor. When the image is exported only an elarged section is exported Incorrect export correct export after returned image from photoshop was duplicated in Ipho