Processing of Group Policy Failed - Single DC error 1058
I have been getting the error every 5 mins for awhile:
The processing of Group Policy failed. Windows attempted to read the file \\xx.company\sysvol\xxx.company\Policies\{0000000-2323-2222-2222-333333}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this
event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
So - this is a single DC 2008R2. It started (I think) back when I joined another server on the domain and did a DCPromo to help build some redundancy. DFS was/is not enabled, do I need to set this up to resolve this?
User are able to login and policy are working, I only see this error on the DC, but other than the error everything seems to be working fine. I can access the share \\xx.company\sysvol\xxx.company\Policies\ and see it from all systems on the domain.
I looked for the Burflags to see if that would help but since there is no DFS there was nothing in the registry.
So at this point, I removed the secondary server via DCpromo, going back to just the 1 server DC but I still get the error. DNS works. When I do a DCDiag everything looks ok except the SysVol - I get about 10 of these
Starting test: SystemLog
An error event occurred. EventID: 0x00000422
Time Generated: 03/17/2015 14:49:41
Event String:
The processing of Group Policy failed... blah blah - same as above.
I looked at this link because of the combination of the 2 errors - Error 1058 and 00422 but its suggesting Authoritative restore, but I don't have the replication.
Now I am wondering if there is a left over connection somewhere in the system that doesn't know that there isn't another DC on the network?
So - any suggestions? Thanks in advance.
Hi,
>>Now I am wondering if there is a left over connection somewhere in the system that doesn't know that there isn't another DC on the network?
Did we clean up the metadata of the removed domain controller? If not, we can follow the article below to do this.
Clean Up Server Metadata
https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx
Besides, on the existing domain controller, check Applications and Services Logs\FRS or DFSR logs in Event Viewer. If the issue persists, we can follow the method below to do an authoritative restore for Sysvol.
If we use FRS to replicate Sysvol, we can try to follow the article below to an authoritative restore for Sysvol.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
https://support.microsoft.com/en-us/kb/290762
If we use DFSR to replicate Sysvol, we can try to follow the article below to do an authoritative restore for Sysvol.
How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)
https://support.microsoft.com/en-us/kb/2218556
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Similar Messages
-
The processing of Group Policy failed. Windows attempted to read the file...
Hello all-
I am currently trying to configure group policy (specifically folder redirects) from a new Windows Server 2008 in my home... the server acts as both an AD DS and file server for 4 client computers, all running Windows Vista Ultimate.
Here are the steps I am currently taking:
I create a new Group Policy called All Users and Computers and apply it to the All Users and Computers OU, which contains exactly what it says (all users and computers in the domain).
I verify that a new folder was created in \\<FQDN>\sysvol\<FQDN>\Policies. The new folder created is named {6479C8E0-3134-4B4F-B047-7ADD51684684}
I change the GPO Enforced setting to Enforced.
I attempt to use the gpupdate command to see if the group policy can be updated successfully. In a command prompt, I type gpupdate <enter>. I receive the message 'Updating Policy...' then after about 15 seconds the message 'User Policy update has completed successfully.'
I keep the cmd window open. After about 10 seconds another message apperas which says "Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \\<FQDN>\sysvol\<FQDN>\Policies\{6AC1786C-016F-11D2-945F-00C04Fb984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results."
I confirm that the error code is #3 using the Event Log, "The system cannot find the file specificed"
Of course the system cannot find the file specified because the folder does not exist in the sysvol folder. I am wondering why Windows is trying to read from this location when it does not exist, and is not the new group policy I created! I have no other group policies linked or enforced to any other OU/Domain/etc. Any help resolving this issue would be greatly appreciated.Hello all and thanks for the help. First a few things:
I understand that the DC should not be running RRAS, but this a simple server being used in aa home environment by 4 users and getting another server just for RRAS would be overkill.
Secondly, I currently have it so that while the router is handling DHCP, I have reserved a fixed IP for the server, so it always has 192.168.1.100. If I were to use the server as the DHCP, what would my hardware configuration have to look like? I currently have the router plugged into the ISP modem, and then server plugged into the router. All other clients connect to the router wirelessly.
Here's the dcdiag output. I tried dcdiag /fix but to no avail.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine KELLERDCFS, is a Directory Server.
Home Server = KELLERDCFS
* Connecting to directory service on server KELLERDCFS.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\KELLERDCFS
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... KELLERDCFS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\KELLERDCFS
Starting test: Advertising
The DC KELLERDCFS is advertising itself as a DC and having a DS.
The DC KELLERDCFS is advertising as an LDAP server
The DC KELLERDCFS is advertising as having a writeable directory
The DC KELLERDCFS is advertising as a Key Distribution Center
The DC KELLERDCFS is advertising as a time server
The DS KELLERDCFS is advertising as a GC.
......................... KELLERDCFS passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the event log File Replication Service does not exist.
......................... KELLERDCFS passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... KELLERDCFS passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... KELLERDCFS passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... KELLERDCFS passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Domain Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role PDC Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Rid Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Infrastructure Update Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
......................... KELLERDCFS passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC KELLERDCFS on DC KELLERDCFS.
* SPN found :LDAP/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :LDAP/KELLERDCFS.keller-pa.net
* SPN found :LDAP/KELLERDCFS
* SPN found :LDAP/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :LDAP/42268b36-801f-4a6d-b162-34f3b01e04bb._msdcs.keller-pa.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/42268b36-801f-4a6d-b162-34f3b01e04bb/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net
* SPN found :HOST/KELLERDCFS
* SPN found :HOST/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :GC/KELLERDCFS.keller-pa.net/keller-pa.net
......................... KELLERDCFS passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC KELLERDCFS.
* Security Permissions Check for
DC=ForestDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=keller-pa,DC=net
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=keller-pa,DC=net
(Configuration,Version 3)
* Security Permissions Check for
DC=keller-pa,DC=net
(Domain,Version 3)
......................... KELLERDCFS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\KELLERDCFS\netlogon
Verified share \\KELLERDCFS\sysvol
......................... KELLERDCFS passed test NetLogons
Starting test: ObjectsReplicated
KELLERDCFS is in domain DC=keller-pa,DC=net
Checking for CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net in domain DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net in domain CN=Configuration,DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
......................... KELLERDCFS passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... KELLERDCFS passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* KELLERDCFS.keller-pa.net is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1111
......................... KELLERDCFS passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... KELLERDCFS passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 17:53:59
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 17:59:02
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:04:04
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:09:06
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:14:08
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:19:10
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:24:12
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:29:15
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:34:17
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:39:19
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:49:23
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
......................... KELLERDCFS failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net and backlink
on
CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
are correct.
The system object reference (serverReferenceBL)
CN=KELLERDCFS,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=keller-pa,DC=net
and backlink on
CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
are correct.
......................... KELLERDCFS passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : keller-pa
Starting test: CheckSDRefDom
......................... keller-pa passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... keller-pa passed test CrossRefValidation
Running enterprise tests on : keller-pa.net
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
PDC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
Time Server Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
KDC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
......................... keller-pa.net passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... keller-pa.net passed test Intersite
Here's the nslookup from Vista client:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Andrew>nslookup KELLERDCFS
Server: UnKnown
Address: 192.168.1.100
Name: KELLERDCFS.keller-pa.net
Addresses: 192.168.1.150
192.168.1.100
C:\Users\Andrew>
Thanks again! -
Processing of Group Policy failed - User Policy - Windows 7
OP:
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/191f1ee1-a551-446b-9808-ff66a952bb25
When running a gpupdate I get the following message:
Updating Policy...
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows could not authenticate to the Act
ive Directory service on a domain controller. (LDAP Bind function call failed).
Look in the details tab for error code and description.
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
This only happens on one computer under a certain account; other accounts work fine and the problem account works fine on other computers. Therefore the problem is located on the Windows 7 computer.
I have tracked it down to an LDAP error code 49.
I tried the MS sollution (http://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx) but the credentials are sound.
I can also connect to the DC with LDP.exe fine.
Here are the diagnostic read outs (GPResult was too long to post):
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2/29/2012 1:56:09 PM
Event ID: 1006
Task Category: None
Level: Error
Keywords:
User: Domain\UserAccount
Computer: Win7-ComputerA.FQDomain
Description:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1006</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-02-29T19:56:09.732842600Z" />
<EventRecordID>32458</EventRecordID>
<Correlation ActivityID="{CECE6DDC-E7CC-4563-8109-E62382F645D4}" />
<Execution ProcessID="984" ThreadID="3688" />
<Channel>System</Channel>
<Computer>Win7-ComputerA.FQDomain</Computer>
<Security UserID="S-1-5-21-416373151-1271962822-2142307910-40105" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">5012</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1326</Data>
<Data Name="ErrorCode">49</Data>
<Data Name="ErrorDescription">Invalid Credentials</Data>
<Data Name="DCName">
</Data>
</EventData>
</Event>
Windows IP Configuration
Host Name . . . . . . . . . . . . : WIN7-ComputerA
Primary Dns Suffix . . . . . . . : FQDomain
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : FQDomain
ParentDomain
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : FQDomain
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti
on
Physical Address. . . . . . . . . : 00-21-CC-5F-CF-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 216.71.244.28(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, February 29, 2012 12:38:25 PM
Lease Expires . . . . . . . . . . : Thursday, March 01, 2012 12:38:24 PM
Default Gateway . . . . . . . . . : 216.71.244.1
DHCP Server . . . . . . . . . . . : 216.71.244.2
DNS Servers . . . . . . . . . . . : 216.71.244.2
216.71.240.120
216.71.240.132
Primary WINS Server . . . . . . . : 216.71.244.2
Secondary WINS Server . . . . . . : 216.71.240.130
216.71.240.122
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 8C-A9-82-B0-67-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesHi,
It sound like port blocking issue, Seems your client system connecting 216.71.240.x DNS Servers as a logon server and which seems on different subnet
as per subnet mask, So there must be a router or firewall in between and so it might be Active directory ports are being blocked.
So first for testing purpose just remove other
216.71.240.x DNS
servers from TCP/IP configuration and clear dns cache
ipconfig/flushdns
and restart the system. check if it works.
or run this command on DC
dcdiag /test:dns
and share the error report.
Cheers!
Sanjay -
The processing of Group Policy failed because of lack of network connectivity to a domain controller
We are setting up a new AD environment with one AD/DC running DNS services, and a secondary DNS server configured with secondary zone. The problem is that none of the machines in the the domain are getting GPO.
When I run a gpupdate /force from a machine, I get the following output:
"Updating Policy...
User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were enc
ountered:
The processing of Group Policy failed because of lack of network connectivity to
a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results."
While the system event log outputs the following:
"The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy
has succesfully processed. If you do not see a success message for several hours, then contact your administrator."
All the machines that were joined to the domain are able to resolve in forward and reverse lookups, ping the DC and ping each other so I dont understand how the error can be resolved.
Here are few things I have tried:
1. I came across this KB which checked ok for me: http://support.microsoft.com/kb/241515
2. Made a copy of the default GPO, applied to a OU with one machine, and made sure to remove any GPO links from above
3. Enabled the following two local Group policies on a test member:
GP slow link detection
Startup policy processing wait time
4. Modified firewall to allow everything on both member and DC
5. Verified DSN logs, SRV records, access to sysvol ( added authenticated users to sysvol)
I have yet to figure out the reason for this issue. Has anyone seen anything like this before?1. I checked the NIC, it only has one IP. and I followed your article. I set the primary DNS to its own IP and the secondary DNS to the loopback ip
2. This is a new DC and DNS server. I dont have old records yet. I also check the DNS event logs. No errors
3. I made sure the member server is pointing only to the only DC/DNS server
4. Here is the output from the dcdiag.... everything passed except, the Netlogons part. I'm not sure what means or how to fix it yet:
Starting test: NetLogons
* Warning BUILTIN\Administrators did not have the "Access this
computer
"* from network" right.
[hostname] An net use or LsaPolicy operation failed with error
1, Incorrect function..
......................... hostname failed test NetLogons
Complete output:
> hostname
Server: hostname.domain.local
Address: X.X.X.95
> ^C
C:\Windows\system32>
C:\Windows\system32>nslookup
> set type=all
>
>
>
> _ldap._tcp.dc._msdcs.domainname
_ldap._tcp.dc._msdcs.domain.local SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = hostname.domain.local
hostname.domain.local internet address = X.X.X.95
> ^C
C:\Windows\system32>cd ..
C:\Windows>cd SYSVOL
C:\Windows\SYSVOL>cd sysvol
C:\Windows\SYSVOL\sysvol>dir
Volume in drive C has no label.
Volume Serial Number is F624-CDB2
Directory of C:\Windows\SYSVOL\sysvol
10/29/2014 08:25 PM <DIR> .
10/29/2014 08:25 PM <DIR> ..
10/29/2014 08:25 PM <JUNCTION> domain.local [C:\Windows\SYSVOL\domain]
0 File(s) 0 bytes
3 Dir(s) 63,971,037,184 bytes free
C:\Windows\SYSVOL\sysvol>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = hostname
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\hostname
Starting test: Connectivity
......................... hostname passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\hostname
Starting test: Advertising
......................... hostname passed test Advertising
Starting test: FrsEvent
......................... hostname passed test FrsEvent
Starting test: DFSREvent
......................... hostname passed test DFSREvent
Starting test: SysVolCheck
......................... hostname passed test SysVolCheck
Starting test: KccEvent
......................... hostname passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... hostname passed test
KnowsOfRoleHolders
Starting test: MachineAccount
......................... hostname passed test MachineAccount
Starting test: NCSecDesc
......................... hostname passed test NCSecDesc
Starting test: NetLogons
* Warning BUILTIN\Administrators did not have the "Access this
computer
"* from network" right.
[hostname] An net use or LsaPolicy operation failed with error
1, Incorrect function..
......................... hostname failed test NetLogons
Starting test: ObjectsReplicated
......................... hostname passed test
ObjectsReplicated
Starting test: Replications
......................... hostname passed test Replications
Starting test: RidManager
......................... hostname passed test RidManager
Starting test: Services
......................... hostname passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000003F6
Time Generated: 03/04/2015 18:23:06
Event String:
Name resolution for the name ctldl.windowsupdate.com timed out after
none of the configured DNS servers responded.
......................... hostname passed test SystemLog
Starting test: VerifyReferences
......................... hostname passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : emcdsm
Starting test: CheckSDRefDom
......................... emcdsm passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... emcdsm passed test CrossRefValidation
Running enterprise tests on : domain.local
Starting test: LocatorCheck
......................... domain.local passed test LocatorCheck
Starting test: Intersite
......................... domain.local passed test Intersite
C:\Windows\SYSVOL\sysvol> -
Group Policy failing intermittently on one of my servers
Have you checked the event logs to see if a specific thing is triggering it?
CMOS battery been changed (if the date/time is being reset this can be the cause)?
Or GPResult to check that what should be applied is being applied?I have a server-2008 R2 box where Group Policy fails intermittently. The result is the server looses it's domain trust connection, exact error message is: Remote Desktop cannot verify the ID of the remote computer because there is a time or date difference....
I can reboot the server and it's fixed, but a month later it will have the same issue.
What can I look for to troubleshoot resolve, and what can I monitor to fix this? GP service? If the service is running & the interface, port, or bad cable, I will not be alerted. Can I configure some type of alert that tells me when GP replication with the domain controller has succeeded/failed?
This topic first appeared in the Spiceworks Community -
Software Installation Processing Alerts - Group Policy Failures?
Hello,
I am getting several errors reported by SCOM Software Installation Processing alert
In the local event log I have:
Warning 9/15/2014 11:09:37 AM GroupPolicy 1112 None
Warning 9/15/2014 11:09:37 AM Application Management Group Policy 108 None
Error 9/15/2014 11:09:37 AM Application Management Group Policy 103 None
Warning 9/15/2014 11:09:37 AM Application Management Group Policy 101 None
with the details:
101 - The assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %%1274
103 - The removal of the assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %%2
108 - Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274
1112 - The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
- Computer Configuration > Policies > Administrative Templates > System > Group Policy > Policy > Startup policy processing is enabled
what does exactly this means?
Thanks,
Dom
System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity ManagerHi,
Yes the packaged is installed.
Troubleshooting the issue deeper with http://support.microsoft.com/kb/249621/en-us is showing
Software installation extension has been called for background policy refresh
09-16 06:34:09:346
Software installation extension has been called for background policy refresh
The following policies are to be applied, flags are 11.
MITS Servers Software (unique identifier {E76FB561-E177-421D-AE43-109EADEAD751})
System volume path = \\ad.medctr.ucla.edu\sysvol\ad.medctr.ucla.edu\Policies\{E76FB561-E177-421D-AE43-109EADEAD751}\Machine
Active Directory path = LDAP://CN=Machine,cn={E76FB561-E177-421D-AE43-109EADEAD751},cn=policies,cn=system,DC=ad,DC=medctr,DC=ucla,DC=edu
Set the Active Directory path to LDAP://CN=Class Store,CN=Machine,cn={E76FB561-E177-421D-AE43-109EADEAD751},cn=policies,cn=system,DC=ad,DC=medctr,DC=ucla,DC=edu;.
Enumerating applications in the Active Directory for computer MSVROFAS2 with flags 5.
The following applications were found in policy MITS Servers Software.
Assigned application SMS Client Setup Bootstrap (flags a0044c70).
Found 1 applications in policy MITS Servers Software.
Enumerating the managed applications which are currently applied to this user.
No managed applications are currently applied to this user.
Found 0 applications locally that are not included in the set of applications from the Active Directory.
Application SMS Client Setup Bootstrap from policy MITS Servers Software is set for installation because it is assigned to this computer policy.
Software installation extension cannot perform removal or install operations during asynchronous policy refresh and will force a synchronous foreground refresh.
The assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %1274
Removing application SMS Client Setup Bootstrap from the software installation database.
Calling Windows Installer to remove application advertisement for application SMS Client Setup Bootstrap from script C:\Windows\system32\appmgmt\MACHINE\{ecbf218d-0d04-4b00-a43e-91ba5c41d119}.aas.
Windows Installer cannot remove application advertisement for application SMS Client Setup Bootstrap from script C:\Windows\system32\appmgmt\MACHINE\{ecbf218d-0d04-4b00-a43e-91ba5c41d119}.aas, error 2.
The removal of the assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %2
Policy Logging for Software Management is attempting to log application SMS Client Setup Bootstrap from policy MITS Servers Software.
Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %1274
Software installation extension has detected changes that require a synchronous foreground policy refresh.
Software installation extension returning with final error code 1274.
And this is happening hourly !!!
This is the current status...
Thanks,
Dom
System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager -
Disable autorecovery in Word and Excel via group Policy fails
hello everybody,
I have to disable the autorecovery - and unsaved functions in the office 2010 suite on winXPsp3.
In the group policy console i set the function to "disabled" , so on the client side in the registry the values for:
software\policies\microsoft\office\14.0\excel\options\KeepUnsavedChanges =0
software\policies\microsoft\office\14.0\excel\options\AutoRecoverEnabled =0
software\policies\microsoft\office\14.0\word\options\KeepUnsavedChanges =0
software\policies\microsoft\office\14.0\word\options\AutoRecoverEnabled =0
appear. This works fine on Powerpoint, but in Excel and Word users still have the chance to enable autorecovery from the "file" menu on the client. Time settings are greyed out, but by activating autorecovery, settings are configurable again.
Any idea where else i could configure "autorecovery" and "KeepUnsavedChanges" to be unavailable for the customer ?
thank you in advance,
HennesHi Everybody,
we finally found something close to our wishes together with MS Support ( the answer was just a few dollars away !) We had to configure exactly the opposite of what we want and combine it with a senseless time interval......tataaaaa We´re done !
If you want to deactivate autoRecovery, you have to set "AutoRecoverEnabled" to "activate" and select a time interval for "save AutoRecover info every X minutes" of "0" minutes. Then the option will be greyed out , although the customer might reactivate
it by checking the box. Anyhow, files will be deleted at logoff and there are no recoverable files left on the Client .
(although this function is very smart on your personal windows-client, we needed to get rid of it on some public Terminals where workers without personal account write their reports and other personalized dokuments)
It works! In my case (Word 2010 on Win2008 terminal server) I only had to enable the 'Save AutoRecover info' setting and put a value of 0.
Thank you -
Group policy failes to push ccmsetup on all computers
I have exported ConfigMgrADMTemplates in GPO.
Computer Configuration-policies-Administratie Templates- Classic Administrative Templates-
Configuration Manager 2012-Configuration Manager 2012 Client
I have enabled Configure Configuration Manager 2012 Site Assignment
I have enabled Configure Configuration Manager 2012 Client Deployment Settings
i have given commands line
I have tried both the below command lines
/mp=sccm.mydomain.com /logon SMSSITECODE=COD /source:"\\sccm\configmgrclient"
SMSSITECODE=COD FSP=sccm.mydomain.com MP=sccm.mydomain.com
i have a folder configmgrclient(contain ccmsetup) on my sccm server and i have given full rights to domain users
and domain admins in sharing and security.
GPO-computer configuration-Polices-Software settings-Software installation- new package-
i have selected the shared folder and selected assigned.
My gpo fails do guide me the correct procedurein the ccmsetup log files i can see
<![LOG[Downloading \\sccm\clientgpo\ccmsetup.cab to C:\Windows\ccmsetup\ccmsetup.cab]LOG]!><time="13:13:55.148-180" date="04-30-2014" component="ccmsetup" context="" type="1" thread="3000"
file="ccmsetup.cpp:5769">
<![LOG[Failed to access source file (2). Waiting for retry...]LOG]!><time="13:13:55.163-180" date="04-30-2014" component="ccmsetup" context="" type="2" thread="3000" file="ccmsetup.cpp:5781">
<![LOG[Next retry in 10 minute(s)...]LOG]!><time="13:13:55.163-180" date="04-30-2014" component="ccmsetup" context="" type="0" thread="3000" file="ccmsetup.cpp:8835">
<![LOG[Downloading \\sccm\clientgpo\ccmsetup.cab to C:\Windows\ccmsetup\ccmsetup.cab]LOG]!><time="13:23:57.571-180" date="04-30-2014" component="ccmsetup" context="" type="1" thread="3000"
file="ccmsetup.cpp:5769">
<![LOG[Failed to access source file (2). Waiting for retry...]LOG]!><time="13:23:57.586-180" date="04-30-2014" component="ccmsetup" context="" type="2" thread="3000" file="ccmsetup.cpp:5781">
<![LOG[Next retry in 10 minute(s)...]LOG]!><time="13:23:57.586-180" date="04-30-2014" component="ccmsetup" context="" type="0" thread="3000" file="ccmsetup.cpp:8835">
i can see the GPO applying and ccmsetup process is running.
for the shared folder i gave domain users, everyone, domain admin rights full access and even for the ccmsetup.msi file also i have given the same rights. -
GPO Complete backup is failed, tried single GPO backup too.
The Error message is shown below,
GPO: Admin IT...Failed
The specified server cannot perform the requested operation.Hi Frank,
We have done Teaming for the server. Its HP Proliant DL 380 G7. From than we are not able to take the GPOs backup.
As per the below information from the Sandesh. Please check the Point No 2.
the url for this details description ("https://social.technet.microsoft.com/Forums/en-US/7c7bf4f4-0165-45c8-9ec6-1744440484e3/the-processing-of-group-policy-failed?forum=winserverDS")
Also ensure the correct dns setting on DC:
1. Each DC / DNS server points to its private IP address as primary DNS server and other remote/local DNS servers as secondary in TCP/IP properties.
2. Each DC has just one IP address and single network adapter is enabled.
3. Contact your ISP and get valid DNS IPs from them and add it in to the forwarders, Do not set public DNS server in TCP/IP setting of DC.
4. Once you are done, run "ipconfig /flushdns & ipconfig /registerdns", restart DNS and NETLOGON service each DC.
Do not put private DNS IP addresses in forwarder list.
Best Regards,
Sandesh Dubey. -
Group Policy processing failure on 2008 when MIX Domain 2003 with DC 2008
Dear I try to add additional Windows 2008 Domain to My Domain controller 2003 and I ma Receiving Group policy error in DC 2008 With Event ID 1055
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1055</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-03-06T14:36:44.411955300Z" />
<EventRecordID>3859</EventRecordID>
<Correlation ActivityID="{28DAD258-26D0-4C1E-A4B7-F37DEE04C8F1}" />
<Execution ProcessID="952" ThreadID="3276" />
<Channel>System</Channel>
<Computer>PRIMARYDC.Qtit.com</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">1632</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1578</Data>
<Data Name="ErrorCode">5</Data>
<Data Name="ErrorDescription">Access is denied.</Data>
</EventData>
</Event>
I install See KB939820 for a hotfix applicable to Microsoft DC 2003 regrading to he KRBTGT account
Refer Url : http://support.microsoft.com/kb/939820
I run dcdiag /v on and repadmin /showrepl at DC 2008
the dcdiag /v result
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine PRIMARYDC, is a Directory Server.
Home Server = PRIMARYDC
* Connecting to directory service on server PRIMARYDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... PRIMARYDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Advertising
The DC PRIMARYDC is advertising itself as a DC and having a DS.
The DC PRIMARYDC is advertising as an LDAP server
The DC PRIMARYDC is advertising as having a writeable directory
The DC PRIMARYDC is advertising as a Key Distribution Center
The DC PRIMARYDC is advertising as a time server
The DS PRIMARYDC is advertising as a GC.
......................... PRIMARYDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:18:56
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:53:21
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
......................... PRIMARYDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... PRIMARYDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... PRIMARYDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... PRIMARYDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
......................... PRIMARYDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC PRIMARYDC on DC PRIMARYDC.
* SPN found :LDAP/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :LDAP/PRIMARYDC.Qtit.com
* SPN found :LDAP/PRIMARYDC
* SPN found :LDAP/PRIMARYDC.Qtit.com/QTIT
* SPN found :LDAP/e3d8c76c-1b59-4de6-9f7f-c438df9a2863._msdcs.Qtit.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e3d8c76c-1b59-4de6-9f7f-c438df9a2863/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com
* SPN found :HOST/PRIMARYDC
* SPN found :HOST/PRIMARYDC.Qtit.com/QTIT
* SPN found :GC/PRIMARYDC.Qtit.com/Qtit.com
......................... PRIMARYDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC PRIMARYDC.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
DC=DomainDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=Qtit,DC=com
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Qtit,DC=com
(Configuration,Version 3)
* Security Permissions Check for
DC=Qtit,DC=com
(Domain,Version 3)
......................... PRIMARYDC failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\PRIMARYDC\netlogon
Verified share \\PRIMARYDC\sysvol
......................... PRIMARYDC passed test NetLogons
Starting test: ObjectsReplicated
PRIMARYDC is in domain DC=Qtit,DC=com
Checking for CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com in domain DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com in domain CN=Configuration,DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
......................... PRIMARYDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... PRIMARYDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 14607 to 1073741823
* SecondAD.Qtit.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 14107 to 14606
* rIDPreviousAllocationPool is 14107 to 14606
* rIDNextRID: 14124
......................... PRIMARYDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... PRIMARYDC passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x0000A001
Time Generated: 03/06/2014 16:04:05
Event String:
The Security System could not establish a secured connection with the server ldap/PRIMARYDC.Qtit.com/[email protected]. No authentication protocol was available.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:06:35
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:11:36
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:16:38
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:21:39
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:26:41
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:46
Event String:
Driver TOSHIBA e-STUDIO16/20/25 PCL 6 required for printer TOSHIBA e-STUDIO16/20/25 PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:48
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:49
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:14
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:31:42
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
......................... PRIMARYDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com and backlink on
CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on
CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com are
correct.
......................... PRIMARYDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Qtit
Starting test: CheckSDRefDom
......................... Qtit passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Qtit passed test CrossRefValidation
Running enterprise tests on : Qtit.com
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
PDC Name: \\SecondAD.Qtit.com
Locator Flags: 0xe00001bd
Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
KDC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
......................... Qtit.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... Qtit.com passed test Intersite
repadmin /showrepl Result
******************************8
==== INBOUND NEIGHBORS ===================================
DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:04 was successful.
CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:39 was successful.
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
DC=DomainDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:27:31 was successful.
DC=ForestDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
I try to down the DC 2003 and access \\Qtit.com it success open the syslog on DC 2008
Any help or adviceHi,
Were there other error codes logged in Event Viewer?
Regarding Event ID 1055, the following article can be referred to for troubleshooting.
Event ID 1055 — Group Policy Preprocessing (Security)
http://technet.microsoft.com/en-us/library/cc727272(v=ws.10).aspx
Based on the report you posted, this issue may be related to FRS replication service. As a result, we can use ntfrsutl tool to check whether the replication service is healthy.
Regarding this point, the following articles can be referred to for more information.
Troubleshooting File Replication Service
http://technet.microsoft.com/en-us/library/bb727056.aspx
Ntfrsutl
http://technet.microsoft.com/en-us/library/hh875636.aspx
In addition, we can also try doing a non-authoritative Sysvol restore on Windows Server 2008 DC to see whether the issue persists.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Hope it helps.
Best regards,
Frank Shen -
Windows 7 Group Policy Processing - EventID 1058
I am having an issue with Windows 7 clients refreshing group policy. When I run gpupdate the user policy refreshes and the moves on to the computer policies but fails displaying the error below. Replication topology checks out, dcdiag returns
no errors and sysvol permissions look ok too. Curiously the same policies apply just fine on windows xp pro systems. The Domain Controller is running Server 2008 Enterprise Edt R2 SP1, I see no 1030 eventid's on the domain controllers as others
frequently report with this error. The domain is running at Windows Server 2003 functional level but I have creaded a PolicyDefinitions folder in the sysvol for admx files etc. Where to go from here? Does anyone have any suggestions/insight
as to what the issue may be?
The sysvol and the gpt.ini file is accessible from the Windows 7 client using UNC path.
Thanks in advance for any assistance given.
The error code listed is 0 which is not mentioned in this article
http://social.technet.microsoft.com/wiki/contents/articles/1456.aspx
## Error details
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2/8/2012 2:38:09 PM
Event ID: 1058
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: win7box.abc123.net
Description:
The processing of Group Policy failed. Windows attempted to read the file
\\abc123.net\SysVol\abc123.net\Policies\{EB062BE8-CAF6-47B4-9B8B-27A19268C520}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused
by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1058</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-02-08T20:38:09.770740300Z" />
<EventRecordID>3972</EventRecordID>
<Correlation ActivityID="{24F60AA4-DC8D-4F6D-8787-9535072F03C0}" />
<Execution ProcessID="996" ThreadID="1148" />
<Channel>System</Channel>
<Computer>win7box.abc123.net</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SupportInfo1">4</Data>
<Data Name="SupportInfo2">816</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">3354</Data>
<Data Name="ErrorCode">0</Data>
<Data Name="ErrorDescription">The operation completed successfully. </Data>
<Data Name="DCName">DC.abc123.net</Data>
<Data Name="GPOCNName">CN={EB062BE8-CAF6-47B4-9B8B-27A19268C520},CN=Policies,CN=System,DC=abc123,DC=net</Data>
<Data Name="FilePath">\\abc123.net\SysVol\abc123.net\Policies\{EB062BE8-CAF6-47B4-9B8B-27A19268C520}\gpt.ini</Data>
</EventData>
</Event>
## DCDiag Results (No RODC's hence NCSecDesc error )
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: North\DC
Starting test: Connectivity
......................... DC passed test Connectivity
Doing primary tests
Testing server: North\DC
Starting test: Advertising
......................... DC passed test Advertising
Starting test: FrsEvent
......................... DC passed test FrsEvent
Starting test: DFSREvent
......................... DC passed test DFSREvent
Starting test: SysVolCheck
......................... DC passed test SysVolCheck
Starting test: KccEvent
......................... DC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=abc123,DC=net
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=abc123,DC=net
......................... DC failed test NCSecDesc
Starting test: NetLogons
......................... DC passed test NetLogons
Starting test: ObjectsReplicated
......................... DC passed test ObjectsReplicated
Starting test: Replications
......................... DC passed test Replications
Starting test: RidManager
......................... DC passed test RidManager
Starting test: Services
......................... DC passed test Services
Starting test: SystemLog
......................... DC passed test SystemLog
Starting test: VerifyReferences
......................... DC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : abc123
Starting test: CheckSDRefDom
......................... abc123 passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... abc123 passed test CrossRefValidation
Running enterprise tests on : abc123.net
Starting test: LocatorCheck
......................... abc123.net passed test LocatorCheck
Starting test: Intersite
......................... abc123.net passed test IntersiteI shortened this down a good bit but here is the gist of it, my question is which context/user/account is being denied access to the .ini files? I have never used the streams utility but I'll give it a whirl and report back what I get. Most of
the cannot be accessed are probably just policies that are not applicable to the machine but the gpt.ini errors are baffling me.
New GPO - it appears that new GPOs are fine
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Searching <cn={5D0EF3CD-7942-4A89-A879-4F9FDB3064BF},cn=policies,cn=system,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{5D0EF3CD-7942-4A89-A879-4F9FDB3064BF}>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found common name of: <{5D0EF3CD-7942-4A89-A879-4F9FDB3064BF}>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found display name of: <gpoC-Win7Test>
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found machine version of: GPC is 0, GPT is 0
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: Found flags of: 0
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: No client-side extensions for this object.
GPSVC(3e4.80c) 12:43:27:510 ProcessGPO: GPO gpoC-Win7Test doesn't contain any data since the version number is 0. It will be skipped.
Older GPO's - not so fine
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={B34A8F23-269C-43D8-A097-2307729FBFF6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Searching <CN={55338992-95C9-4FA2-80E4-0ED4A623EE09},CN=Policies,CN=System,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{55338992-95C9-4FA2-80E4-0ED4A623EE09}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found common name of: <{55338992-95C9-4FA2-80E4-0ED4A623EE09}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found display name of: <gpoS-RealPlayerEnt6 - Security>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found machine version of: GPC is 0, GPT is 0
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found flags of: 0
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: No client-side extensions for this object.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO gpoS-RealPlayerEnt6 - Security doesn't contain any data since the version number is 0. It will be skipped.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={C92FD413-E891-47E0-B554-BD7F9209D036},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={FEF33797-46D0-452A-B3D7-0BEEC2330592},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={CCBFECA5-2FF8-4512-8CE4-108C4092D009},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={767959D5-7AB6-4D55-A02E-3F54439CC7DA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={10DCAC5E-9904-41FF-B678-E8514F481E56},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={3229FD3D-868A-4406-AFAF-6449ADBB4749},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1DD39B5C-B930-4750-8EC3-42D0FB89A3B9},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={E10350D2-F632-4D5E-9668-4151596B1D77},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={86C864C5-C861-42FC-B728-BAEE81C9A091},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={FE1162BF-9FE2-4F04-A514-80A8E6D5F7CD},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={F68214D3-33F3-4F76-BE26-306D0237A048},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={CA6B06CE-C546-41F1-87FB-9013701AEF00},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={C8C9EFA2-90AA-4162-9051-23FD83B5CF62},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={DE445C4F-9A0F-488F-8769-C041CF2184AA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={7CDB465C-55AC-4CBC-9C18-F3ADACDFEB46},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={F4E0F78E-BE36-4793-A8B1-83B2D67083F1},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={53359F0A-8C9B-4831-936F-3D47C4CC2694},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={6793DBEE-47B0-458D-8F1C-D92EB7015733},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={93919120-7113-47C0-AA38-0561EAB18E42},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={5ABD1D9E-07E4-4A53-B854-A2FFC3B257CB},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={71E2B86C-A4A0-47C0-9D7F-BDD6220B9FA4},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={4401CF1C-7839-4496-BB87-304A8AB917FC},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1244CA5A-D654-4ED6-9374-148F1F3DA8ED},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={42875CF2-B9E9-4EFA-90C2-7ACA8882F1B7},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={6DD428B6-6B19-4A53-B172-57DB3E15A38E},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={983BFDAD-65F0-42B4-807A-E78DF275C352},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={AFA31A2D-07D8-4CB4-BE86-067A9624E324},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={77C9CA17-6359-4355-9FDF-F605F0441245},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={75D43291-6FA2-4B98-8422-228DDB45571B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={870C6FB3-74CD-46E8-9D4D-E6E6C0A2B52D},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={2144E4CF-01C1-4C5B-984B-E9BD4461406F},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={7D9DB917-1245-46BD-AEBF-163A2F0FCD06},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={B7431941-5DAA-4DD2-A569-35C31B92B677},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={D01BF1D1-33C8-4FC3-95C3-5948A1EE1647},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={57D4AD83-3BBF-43C2-9A3B-F71F3E52C2A6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={A8DB7DAC-42F0-43FC-99E1-F1AC15006101},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={56574927-6DC5-48A7-82F9-A00E820335F6},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={2FB6858E-8B1C-4C89-83B2-0EEE97D9A72B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={93C56E3F-5334-4325-A328-0CCAFED0828B},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={1B64E00F-D3B6-49B6-B6C8-7AD0A8C9AEFA},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={81B4E46C-8249-4547-BC75-9A1FB395E282},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 EvalList: Object <CN={43D5184A-73C8-4BFD-9B09-33C70B8BC3C2},CN=Policies,CN=System,DC=abc123,DC=net> cannot be accessed
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Searching <CN={0ABE0BCF-0BC5-481E-AC86-5768D00901D5},CN=Policies,CN=System,DC=abc123,DC=net>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Machine has access to this GPO.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: GPO passes the filter check.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found functionality version of: 2
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Found file system path of: <\\abc123.net\SysVol\abc123.net\Policies\{0ABE0BCF-0BC5-481E-AC86-5768D00901D5}>
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: Couldn't find the group policy template file <\\abc123.net\SysVol\abc123.net\Policies\{0ABE0BCF-0BC5-481E-AC86-5768D00901D5}\gpt.ini>,
error = 0x0. DC: DC2.abc123.net
GPSVC(3e4.80c) 12:43:27:541 ProcessGPO: ==============================
GPSVC(3e4.80c) 12:43:27:541 EvalList: ProcessGPO failed
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: EvaluateDeferredGPOs failed. Exiting
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: Leaving with 0
GPSVC(3e4.80c) 12:43:27:541 GetGPOInfo: ********************************
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: GetGPOInfo failed.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: No WMI logging done in this policy cycle.
GPSVC(3e4.80c) 12:43:27:541 ProcessGPOs: Processing failed with error 87.
GPSVC(3e4.80c) 12:43:27:557 Application complete with bConnectivityFailure = 0.
GPSVC(3e4.80c) 12:43:27:557 Signalling 1 Refresh Policy callers
GPSVC(f84.df4) 12:43:27:557 Exiting RefreshPolicyForPrincipal with status = 0
GPSVC(3e4.80c) 12:43:27:557 GPLockPolicySection: Sid = (null), dwTimeout = 600000, dwFlags = 0
GPSVC(3e4.80c) 12:43:27:557 LockPolicySection called for user <Machine>
GPSVC(3e4.80c) 12:43:27:557 Sync Lock Called
GPSVC(3e4.80c) 12:43:27:557 Writer Lock got immediately.
GPSVC(3e4.80c) 12:43:27:557 Lock taken successfully
GPSVC(3e4.80c) 12:43:27:557 UnLockPolicySection called for user <Machine>
GPSVC(3e4.80c) 12:43:27:557 UnLocked successfully -
Group Policy Infrastructure Failed : The target name is incorrect
Hi,
I am currently facing issues regarding Group Policy, users are unable to change the password.
When i run gpupdate /force on servers, the user policy and computer policy are successful but when i run the same on any client i receive error as per below,
" C:\Windows\system32>gpupdate /force
Updating Policy...
User policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows attempted to read the file \\mydomain.com\SysVol\mydomain.com\Poli
cies\{5C07D38D-C488-4E32-9871-AA99DAB86898}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue may be transient and could
be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to th
e current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to a
ccess information about Group Policy results."
Below is the result of GPRESULT /H GPReport.html.
Component Status
Component Name Status
Last Process Time
Group Policy Infrastructure Failed
9/8/2014 1:56:58 PM
Group Policy Infrastructure failed due to the error listed below.
Logon Failure: The target account name is incorrect.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 9/8/2014 1:56:48 PM and 9/8/2014 1:56:58 PM.
Any idea on how to solve this problem ? thanks.Hi Calin,
1). yes the dns resolution is working fine in our environment
2). the GPO object and its folder was deleted and doesnt exist anymore.
3). IPconfig/all result as per below from client
C:\Users\arslan>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : ITMGMTPC
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mydomain.com
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : XXXXXX
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.200.49(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, September 10, 2014 8:50:36 AM
Lease Expires . . . . . . . . . . : Thursday, September 18, 2014 8:50:36 AM
Default Gateway . . . . . . . . . : XXXXXX
DHCP Server . . . . . . . . . . . : XXXXXX
DNS Servers . . . . . . . . . . . : 192.168.200.1
192.168.240.2
Primary WINS Server . . . . . . . : 192.168.200.1
NetBIOS over Tcpip. . . . . . . . : Enabled
3). IPconfig/all result as per below from server
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : hopdc
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : XXXXXX
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.200.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : XXXXXX
DNS Servers . . . . . . . . . . . : 192.168.200.1
192.168.240.2
NetBIOS over Tcpip. . . . . . . . : Enabled
4. please find below findings,
C:\Users\arslan>nltest /dsgetsite
HO1
The command completed successfully
C:\Users\arslan>nltest /dsgetdc:domain
Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN -
Slow logins to domain, several event ID errors (group policy, netlogon, NTP errors)
We have a laptop user who was experiencing slow logons in a remote office. (Remote office has 100 users, only 1 is reporting the issue). Helpdesk swapped computers to give the user brand new hardware. The new laptop worked
fine while in the IT department in the main office, the user returned to their desk in their remote office after replacing the laptop and logged in and experienced the same slow logon issues as the older laptop.
Logons take up to 45 mins to process. (Login script hangs and does not process). During the process, you can check IPConfig and it received the proper DNS settings. you can ping the authenticating server by name. We have scanning
on our local copiers setup to scan to the users desktop, and this errors out. DNS on the AD controller shows the proper IP address for the machine and you can ping the machine by name.
System Event log is loaded with errors:
Event ID 5719 - Netlogon, computer not able to setup a secure session with a domain controller in the domain
Event ID 1129 - Group Policy, processing of Group Policy failed because of lack of network connectivity
Event ID 129 - Time Service, NTP Client was unable to set a domain peer to use as a time source
Event ID 5783 - NetLogon, The session setup to the WIndows NT or 2000 domain controller (xxx) for the domain is not responsive. RPC call cancelled. (NOTE - you can ping this domain controller by name and by IP with no issues)
Event ID 130 - Time-Service, NTP client unable to set a domain peer
All these seem to point to RPC errors timing out because they cannot communicate to the network resources. The problem happens on wired or wireless connections. We had the user move to a different network connection (one we know is working for
another user) the problem persists. The problem was on the original computer and continues to happen even after replacing the hardware with a brand new laptop.
I have tried running the following hotfix. Which does not resolve the issue:
http://support2.microsoft.com/kb/2459530 which technically this shouldn't be an issue because we use DHCP off the 2003 AD domain controller.
I have checked the domain controller, AD Replication is processing with no issues. DNS is working. The local DHCP server has no issues or events related to this account and neither does the local DNS server or the authenticating server (which
is in another remote office).
Hi,
As we know, most of the time error event 5719 is caused by network connectivity issues or name resolution issue, I suggest you refer to this link to make a further analysis
http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
And this link:
Root Causes for Slow Boots and Logons
http://social.technet.microsoft.com/wiki/contents/articles/10130.root-causes-for-slow-boots-and-logons-sbsl.aspx
Yolanda Zhu
TechNet Community Support -
Event ID 1058 Group Policy Preprocessing Error Code 3
You will see this in the event logs, the processing of group policy failed. It is trying to process a policy that doesn't exist. After reading http://technet.microsoft.c the
first resolution Error code 3 (The system cannot find the path specified) lead me to this --> http://support.microsoft.c
4. In the right details pane, double-click DisableDFS.
This entry doesn't exist but if I add it, it works. Problem is solved on machine 1.
Machine 2. This is a brand new Windows 7 setup to investigate this problem because it appears on a lot of the workstations and I have no idea why. Applying this fix did NOT solve the problem. I am a bit stuck. I have new GPs to roll out but they
won't apply with this error in place.
I can ping the logon server just fine and I can get to \\FQDN\sysvol as well. gpupdate /force shows the same error in the event log.Hi,
Have you tried all steps in the link:
http://support.microsoft.com/kb/314494?
Verify you can read gpt.ini using the full network path, full network path to the gpt.ini as \\<dcName>\SYSVOL\<domain>\Policies\<guid>\gpt.ini where <dcName> is the name of the domain controller,
<domain> is the name of the domain, and <guid> is the GUID of the policy folder.
Please post the full event message for further analysis. In addition, we need to know that what policy did you set that could not be applied.
Regards,
Yan Li
Regards, Yan Li -
To get some errors about group policy due to disabled an account
Hello
I have an active directory on windows 2012 datacenter. there is a domain on it. it works well.
Also there is a another AD on another location. there is another domain on it. also it works too.
there is a trust relationship between 2 domains.
I disabled an account on first AD server 4 days ago. and then my colleague who manages second AD, notified that started to recieve some errors from eventviewer and have an issue about their group policy.
the issue event as below;
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller
(LDAP Bind function call failed). Look in the details tab for error code and description.
Event ID 1006
Event Source Group Policy
I think the concerning account was built on the second AD for a service. But we don't know how we can find the account on the second AD server in order to change it.
How can I fix the issue?
ThanksHi Yavuz,
>>But we don't know how we can find the account on the second AD server in order to change it.
What account did we disable? We can check the error code (displayed as a decimal) and error description fields of Event ID 1006 to see if more information can be found.
Regarding Event ID 1006, the following article can be referred to for more information.
Event ID 1006 — Group Policy Preprocessing (Active Directory)
https://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Maybe you are looking for
-
My mom put my ipod 5th gen in the house somewhere and it was turned off. It is connected to the internet in the house. How do i turn it on with the Findmyiphone or something else? It was an expensive gift and we can't find it now! Please help! How do
-
No text showing up on iTunes tried reinstalling started today
Starting today there is no text showing up on my iTunes I have tried reinstalling and nothing is working I haven't updated or anything don't know why the sudden issue
-
Hi All, I Have developed on .jsp screen using jdeveloper and adf , now i need to register this file in oracle apps , can you please help the process to register it , i mean where this file i need to place do i need to place any support files also apa
-
My 7610 PhoneBook is corrupted. I cannot directly access my phonebook contacts,have to use other tab for exiting the contacts and go through a file explorer to open phonebook app. The screen on my phone goes blur every & now then. The screen on my ph
-
Mac OS X 10.8.2 coupons printing very small, HELP!
Hi everyone. Just bought the newest iMac (OS X Mountain Lion 10.8.2) and I'm having trouble printing coupons. Coupons.com, RedPlum, & SmartSource are allowing me to print but the coupons are coming out very tiny. Anyone know why? Target doesn't allow