Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RSOP Showing Core Error

312 views
Skip to first unread message

Chris White

unread,
Mar 5, 2008, 8:34:00 AM3/5/08
to
Hi All,

I ran RSOP.msc and it highlighted an error on the User Configuration.

I opened up the Properties sheet and it displayed "Failed" status on Group
Policy Infrastructure and this message: -
---------------------------------------
05 March 2008 12:51:47

Group Policy Infrastructure failed due to the error listed below.
Unspecified error

Note: Due to the GP Core failure, none of the other Group Policy components
processed their policy. Consequently, status information for the other
components is not available.

---------------------------------------

This is obviously a bit worrying and I want to get to the bottom of this
ASAP. My laptop with the same username is getting the latest GP. But the
Workstation is 2 Revisions behind the current AD Revision.

Very Strange - I have two good books but with "Unknown Error" its hard to
know where to start.

Resources:
Book 1: Group Policy: Management Troubleshooting and Security - Jeremy
Moskowitz (Vista, 2003, XP, 2000).
Book 2: Microsoft Windows Group Policy Guide

Cheers.
--
Chris White
United Kingdom

Florian Frommherz [MVP]

unread,
Mar 5, 2008, 12:56:40 PM3/5/08
to
Howdie Chris!

Chris White schrieb:


> Group Policy Infrastructure failed due to the error listed below.
> Unspecified error
>
> Note: Due to the GP Core failure, none of the other Group Policy components
> processed their policy. Consequently, status information for the other
> components is not available.

Look at the client's eventlog. What kind of errors are logged at the
time you tried to create the result?

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html

Chris White

unread,
Mar 6, 2008, 4:03:00 AM3/6/08
to
Hey Florian,

Thanks for the reply. I have a number of workstations / laptops that have
such a problem. It looks like some are even more behind on GP versions than
others - worrying. Ideally i'd like a way to just flush all the GP's out and
completely refresh. I've tried RGPrefresh tool, GPUpdate /force and others
but the old Policies just aren't moving.

I am getting the following event logs...
---------------------------------------------------------
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 06/03/2008
Time: 08:51:18
User: DOMAIN\ChrisWhite
Computer: MYCOMPUTER1
Description:
Windows cannot query for the list of Group Policy objects. A message that
describes the reason for this was previously logged by the policy engine.

----------------------------

Event Type: Information
Event Source: SceCli
Event Category: None
Event ID: 1704
Date: 06/03/2008
Time: 08:55:00
User: N/A
Computer: MYCOMPUTER1
Description:
Security policy in the Group policy objects has been applied successfully.

--------------------------------

So to my untrained eye it looks like it can't get the full list of GP
objects from the Server. I just can't work out why my Laptop, with the same
username has the full up to date version, and my workstation doesn't want to
play ball. What would stop the Workstation from seeing the GP objects? I use
this PC every day, to the extreme doing all sorts of network bits and pieces
(RDesktop, Hardware Config, E-mail, Web Editing, FTP stuff) and never have
any problems so I know I dont have issues connecting to the system in general.

Cheers for the help.

--
Chris White
United Kingdom

Chris White

unread,
Mar 6, 2008, 4:09:01 AM3/6/08
to
Also in the system Logs were....

--------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961


Date: 06/03/2008
Time: 08:51:18

User: N/A
Computer: MYCOMPUTER1
Description:
The Security System could not establish a secured connection with the server
ldap/sbs2003.domain.local/domain...@domain.local. No authentication
protocol was available.

--------------------------------------------

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 06/03/2008
Time: 09:01:07


User: N/A
Computer: MYCOMPUTER1
Description:

Windows Defender Real-Time Protection agent has detected changes. Microsoft
recommends you analyze the software that made these changes for potential
risks. You can use information about how these programs operate to choose
whether to allow them to run or remove them from your computer. Allow
changes only if you trust the program or the software publisher. Windows
Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {C3E4A6BD-FAA1-45D7-B091-F665D072122D}
User: DOMAIN\ChrisWhite
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found:
firewallport:HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\135:TCP:*:Enabled:Offer Remote Assistance - Port
Alert Type: Unclassified software
Detection Type:
--------------------------------------------

Cheers!

--
Chris White
United Kingdom

Florian Frommherz [MVP]

unread,
Mar 6, 2008, 4:10:03 AM3/6/08
to
Howdie!

Chris White schrieb:


> Event Type: Error
> Event Source: Userenv
> Event Category: None
> Event ID: 1030
> Date: 06/03/2008
> Time: 08:51:18
> User: DOMAIN\ChrisWhite
> Computer: MYCOMPUTER1
> Description:
> Windows cannot query for the list of Group Policy objects. A message that
> describes the reason for this was previously logged by the policy engine.

That is sort of a sucking error - it might have a lot of different
reasons. Have a look at the eventlog again, maybe you can find the
"previously logged" error.

Good point to start is:
- Is the DFS service started on all DCs?
- antiVirus software scanning the SYSVOL locking access?
- is that DC multi-homed (multiple network adapters?)

A good resource is http://www.eventid.net/

Florian Frommherz [MVP]

unread,
Mar 6, 2008, 4:18:40 AM3/6/08
to
Chris,

saw this posting now...

Chris White schrieb:


> --------------------------------------
> Event Type: Warning
> Event Source: LSASRV
> Event Category: SPNEGO (Negotiator)
> Event ID: 40961
> Date: 06/03/2008
> Time: 08:51:18
> User: N/A
> Computer: MYCOMPUTER1
> Description:
> The Security System could not establish a secured connection with the server
> ldap/sbs2003.domain.local/domain...@domain.local. No authentication
> protocol was available.

Any firewall that might interfere here? Symantec/Norton are good
candidates. Try to disable them - better uninstall them for testing.

Another shot that helped in the past (on a client):
http://support.microsoft.com/kb/555651

Chris White

unread,
Mar 6, 2008, 4:49:01 AM3/6/08
to
Florian,

Some good news - I logged onto my workstation as the network administrator
then logged back on as myself and everything was fixed! No more errors in
rsop.msc.

The McAfee System Center taskbar was still active during this reboot so I
didn't need to disable it for the GP to update. But I shall keep that in mind
for future debugging.

McAfee always seems loads better to me than Norton, Norton slowed down my
users computers way too much. Since moving over to a McAfee managed system
its been great. I've also heard users of Sophos network Anti-Virus having
good results.

--
Chris White
United Kingdom

Chris White

unread,
Mar 6, 2008, 6:07:15 AM3/6/08
to
Unfortunatly this method didn't solve the problem on some other laptops.

They still hold onto policies from ages ago and no matter what I do, i can't
get them to release.

One reports a "Disk Quota" problem in RSOP, and said it can't find a path or
something.

I wish there was a way to completely flush out the old GPO's and start from
scratch, instead of this comparing, downloading business.


--
Chris White
United Kingdom

Mf2112

unread,
May 21, 2008, 1:52:51 PM5/21/08
to
If you unjoin from the domain and rejoin it should flush the old policies.
0 new messages