Pollicy error, Event ID 1058
John
to be on the default grp policy. I don't see anything else
giving error. It only happens on one of the two servers.
I thought it maybe a left over from a distributed file
system I was testing but have since removed.
Can't seem to find out how to stop the errors.
Windows cannot access the file gpt.ini for GPO CN=
{31B2F340-016D-11D2-945F-00C04FB984F9},
CN=Policies,CN=System,DC=prudentrx,DC=com. The file must
be present at the location
<\\prudentrx.com\sysvol\prudentrx.com\Policies\{31B2F340-
016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is
denied. ). Group Policy processing aborted.
Judith Herman [MSFT]
domain policy GPO. You might want to verify that the file exists on all
your DCs.
If it doesn't exist then how you recreate it depends on which OS you have.
If it is Windows 2003 server, you can run the dcgpofix tool to recreate it.
It it is a Windows 2000 system, this gets more complex and you'll want to
talk to PSS to walk through recreating the policy, unless you have a backup.
Hope this helps.
Judith Herman
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"John" <john....@themailstation.net> wrote in message
news:822e01c35aab$58a40ec0$a001...@phx.gbl...
eric
by a 1030 event ID error? And does it happen roughly
every 5 minutes?
Does it happen on the 1st DC in your forest (i.e, the root
DC -- holding all of the FSMO roles by default)?
>.
>
David McDowell
I upgraded three windows 2000 domain controllers to server
2003 and added one new 2003 child domain controller on
8/1/03. I'm getting the same 1030 and 1058 errors on the
first DC in the root of the forest (FSMO roles)
only. No errors on the two other DCs in the root or on
the DC for the new child domain. Also no related errors
on any 2000 DCs in the forest.
I've been following your discussion with Gary Griffin and
have stepped through all the suggestions made by Gary:
When I copy the path to the gpt.ini file from the error
message to the RUN line, and it does find and open the
file. Everything else checks out as well i.e. services
started etc.
I'm not sure about the Security Options ---> Digitally
sign server communication part though.
The closest thing I can find is Local Policies --->
Security Options ---> Microsoft Network Server:Digitally
sign communications (always)is set to enabled. There is
no "when possible" for this one. Should I set it to
disabled?
David
>.
>
Eric
I get that same error on my widows 2003 DC, and the file
is there, it exists, it can be opened, it can be accessed
by the local system account, you name it, it can be done
with that file.
A change to Group Policy is even replicated to both of my
DCs. But the one DC (which was the first one in the
Forest -- holds all the FSMO roles), gets the 1038/1050
errors every 5 minutes. The other DC does not. The
configurations on the machines are identical -- as is the
hardware.
Bug?
>.
>
Eric
settings). I left them alone.
I could do all the paths, etc. that was suggested as well.
I think it has something to do with the FSMO roles, as it
appears to generally happen only on the 1st DC in the
forest (the root DC).
>.
>
John
a test server, but all of the roles have been transfered
to the second DC. The current PDC is not having any
problems. The original PDC is the only one that is getting
the errors. What does follow is that it was the "first"
maybe that has something to do with the problem.
>.
>
Alexander
I tried this dcgpofix utility
but i got this error :
Unable to read EFS certificates from Registry.pol file of
Default Domain Policy.
The error was
Configuration information could not be read from the
domain controller, either b
ecause the machine is unavailable, or access has been
denied.
>.
>