| Author | Messages | |
akpardeshi
Posts:10
 | | 11/04/2008 2:58 PM |
| Hi All,
we have 3 domains in a forest of AD 2003 server.
JNJ.COM is root domain and NA.jnj.com & EU.jnj.com are child domain.
Ther problem is we are getting continuesly error for event id 1058 & 1030.
here is error discription :-
1.Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 11/1/2008
Time: 2:53:32 PM
User: NT AUTHORITY\SYSTEM
Computer: CONEGCAEUDC1
Description:
Windows cannot access the file gpt.ini for GPO cn={8061AC16-D329-45BA-9530-93C6D55441A6},cn=policies,cn=system,DC=jnj,DC=com. The file must be present at the location <\\jnj.com\SysVol\jnj.com\Policies\{8061AC16-D329-45BA-9530-93C6D55441A6}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
2. Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 11/1/2008
Time: 2:53:32 PM
User: NT AUTHORITY\SYSTEM
Computer: CONEGCAEUDC1
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I just want to know why this alerts are repeating on EU domain controller. In error gpo indicating to Root domain jnj. i cheked path is accessible, gpo file is also there. JNJ DC is
accesible.
Kindly suggest why these alerts are generating on EU DOMAIN.
Regards,
Ajay
Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/
| | | |
| darren
Posts:329
| | 11/04/2008 4:07 PM |
| Well, it sounds like you have a GPO (referenced by the GUID below) in the root domain that is linked to a container in the EU domain that is applying to your DCs, but not accessible by your DCs (maybe a permissions issue?). Cross-domain linking of GPOs is not generally advised so I would really take a look at why a GPO in the root is linked to a DC in EU.
Darren
****
Darren Mar-Elia
CTO & Founder
SDM Software, Inc.
"The Group Policy Experts"
www.sdmsoftware.com <http://www.sdmsoftware.com/>
Automate Group Policy audits and changes with the GPExpert™
Scripting Toolkit http://www.sdmsoftware.com/group_policy_scripting
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of ajay kumar
Sent: Tuesday, November 04, 2008 11:51 AM
To: Active
Subject: [ActiveDir] group policy issue with other domain
Hi All,
we have 3 domains in a forest of AD 2003 server.
JNJ.COM is root domain and NA.jnj.com & EU.jnj.com are child domain.
Ther problem is we are getting continuesly error for event id 1058 & 1030.
here is error discription :-
1.Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 11/1/2008
Time: 2:53:32 PM
User: NT AUTHORITY\SYSTEM
Computer: CONEGCAEUDC1
Description:
Windows cannot access the file gpt.ini for GPO cn={8061AC16-D329-45BA-9530-93C6D55441A6},cn=policies,cn=system,DC=jnj,DC=com. The file must be present at the location <\\jnj.com\SysVol\jnj.com\Policies\{8061AC16-D329-45BA-9530-93C6D55441A6}\gpt.ini <file:///\\jnj.com\SysVol\jnj.com\Policies\%7b8061AC16-D329-45BA-9530-93C6D55441A6%7d\gpt.ini> >. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
2. Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 11/1/2008
Time: 2:53:32 PM
User: NT AUTHORITY\SYSTEM
Computer: CONEGCAEUDC1
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I just want to know why this alerts are repeating on EU domain controller. In error gpo indicating to Root domain jnj. i cheked path is accessible, gpo file is also there. JNJ DC is
accesible.
Kindly suggest why these alerts are generating on EU DOMAIN.
Regards,
Ajay
_____
Add more friends to your messenger and enjoy! Invite <http://in.rd.yahoo.com/tagline_messenger_6/*http:/messenger.yahoo.com/invite/> them now.
| | | |
| florian
Posts:80
| | 11/04/2008 4:25 PM |
| Ajay,
a common error for this is DNS issues – so I’d check to see if DNS is healthy and working well on the DCs in the EU domain. See if you can resolve and ping both the fqdn of the servers as well as the domain.
Further assistance can be found on eventid.net:
http://www.eventid.net/display.asp?eventid=1058 <http://www.eventid.net/display.asp?eventid=1058&eventno=1752&source=Userenv&phase=1> &eventno=1752&source=Userenv&phase=1
cheers,
Florian
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of ajay kumar
Sent: Dienstag, 4. November 2008 20:51
To: Active
Subject: [ActiveDir] group policy issue with other domain
Hi All,
we have 3 domains in a forest of AD 2003 server.
JNJ.COM is root domain and NA.jnj.com & EU.jnj.com are child domain.
Ther problem is we are getting continuesly error for event id 1058 & 1030.
here is error discription :-
1.Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 11/1/2008
Time: 2:53:32 PM
User: NT AUTHORITY\SYSTEM
Computer: CONEGCAEUDC1
Description:
Windows cannot access the file gpt.ini for GPO cn={8061AC16-D329-45BA-9530-93C6D55441A6},cn=policies,cn=system,DC=jnj,DC=com. The file must be present at the location <\\jnj.com\SysVol\jnj.com\Policies\{8061AC16-D329-45BA-9530-93C6D55441A6}\gpt.ini <file:///\\jnj.com\SysVol\jnj.com\Policies\%7b8061AC16-D329-45BA-9530-93C6D55441A6%7d\gpt.ini> >. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
2. Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 11/1/2008
Time: 2:53:32 PM
User: NT AUTHORITY\SYSTEM
Computer: CONEGCAEUDC1
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I just want to know why this alerts are repeating on EU domain controller. In error gpo indicating to Root domain jnj. i cheked path is accessible, gpo file is also there. JNJ DC is
accesible.
Kindly suggest why these alerts are generating on EU DOMAIN.
Regards,
Ajay
_____
Add more friends to your messenger and enjoy! Invite <http://in.rd.yahoo.com/tagline_messenger_6/*http:/messenger.yahoo.com/invite/> them now.
| | | |
| gabriel/tfi
Posts:381
| | 11/04/2008 7:55 PM |
| - Does that error shows up on CONEGCAEUDC1 only OR any machine in EU.jnj.com domain?
- When you say you “cheked path is accessible”, do you mean you tried to open the file <file:///\\jnj.com\SysVol\jnj.com\Policies\%7b8061AC16-D329-45BA-9530-93C6D55441A6%7d\gpt.ini> \\jnj.com\SysVol\jnj.com\Policies\{8061AC16-D329-45BA-9530-93C6D55441A6}\gpt.ini after you logged onto the CONEGCAEUDC1?
Because the root domain SYSVOL is targeted (\\jnj.com\SysVol <file:///\\jnj.com\SysVol> ), it looks like a GPO of the root domain has been linked to the child domain (more precisely to the OU/Container where your DC resides).
I would suggest to authenticate against the root domain jnj.com and try to resolve the GPO GUID to its name, example with ADFIND (someone surely will argue some options/switches are missing or there’s a better syntax that would save 0.3ns! LOL!)
adfind -b dc=jnj,dc=com -f "(&(objectClass=groupPolicyContainer)(Name={8061AC16-D329-45BA-9530-93C6D55441A6}))" displayname
and then verify if that GPO security filtering is preventing CONEGCAEUDC1.EU.JNJ.COM to apply the GPO settings (remember GPOs have Computer and User sections and that a computer object is a security principal).
You may also “roughly” check NTFS permissions on this folder \\jnj.com\SysVol\jnj.com\Policies\{8061AC16-D329-45BA-9530-93C6D55441A6}\ <file:///\\jnj.com\SysVol\jnj.com\Policies\%7b8061AC16-D329-45BA-9530-93C6D55441A6%7d\>
Hope this helps. – Gabriele.
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of ajay kumar
Sent: martedì 4 novembre 2008 20.55
To: Active
Subject: [ActiveDir] group policy issue with other domain
Hi All,
we have 3 domains in a forest of AD 2003 server.
JNJ.COM is root domain and NA.jnj.com & EU.jnj.com are child domain.
Ther problem is we are getting continuesly error for event id 1058 & 1030.
here is error discription :-
1.Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 11/1/2008
Time: 2:53:32 PM
User: NT AUTHORITY\SYSTEM
Computer: CONEGCAEUDC1
Description:
Windows cannot access the file gpt.ini for GPO cn={8061AC16-D329-45BA-9530-93C6D55441A6},cn=policies,cn=system,DC=jnj,DC=com. The file must be present at the location <\\jnj.com\SysVol\jnj.com\Policies\{8061AC16-D329-45BA-9530-93C6D55441A6}\gpt.ini <file:///\\jnj.com\SysVol\jnj.com\Policies\%7b8061AC16-D329-45BA-9530-93C6D55441A6%7d\gpt.ini> >. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
2. Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 11/1/2008
Time: 2:53:32 PM
User: NT AUTHORITY\SYSTEM
Computer: CONEGCAEUDC1
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I just want to know why this alerts are repeating on EU domain controller. In error gpo indicating to Root domain jnj. i cheked path is accessible, gpo file is also there. JNJ DC is
accesible.
Kindly suggest why these alerts are generating on EU DOMAIN.
Regards,
Ajay
_____
>From Chandigarh to Chennai - find friends all over India. Click <http://in.rd.yahoo.com/tagline_groups_10/*http:/in.promos.yahoo.com/groups/citygroups/> here.
| | | |
|
|