Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Event IDs 1020 and 1096 errors on DCs

562 views
Skip to first unread message

Exile_Ken

unread,
Aug 19, 2008, 2:51:02 PM8/19/08
to
We are having the following issue with two separate DCs in our AD 2003 Native
mode network. Over the past few weeks these two DCs have been showing errors
in the Application Event log. The two errors repeat themselves every 5
minutes.

Source: Userenv
Category: None
Event ID: 1020
User: NT AUTHORITY\SYSTEM

Description: Windows cannot create registry key Policies\Microsoft\Windows
NT\Terminal Services. (The parameter is incorrect. ).


Source: Userenv
Category: None
Event ID: 1096
User: NT AUTHORITY\SYSTEM

Description: Windows cannot access the registry policy file,
C:\WINDOWS\System32\GroupPolicy\Machine\registry.pol. (The parameter is
incorrect. ).

These sets of errors are identical on both DCs. However, the other twenty
or so DCs in our network do not show these errors. Neither machine is a
Terminal Server in Application mode.

I noticed this because these two DCs stopped reporting to our WSUS server,
and the WSUS Clientdiag utility showed that neither server had the WSUS
servers defined in Group Policy. So it seems that the above errors are
causing portions of GP not to load. Running gpupdate/force does not fix the
issue.

One other note, around the end of July we installed a Systems Center server.
Around the time the person who is working on deploying SC started pushing
the new SC client, these errors appeared on the two servers. However, the
errors appeared on only two of twenty seven DCs in the network, so we are not
sure if this is related, or a coincidence.

I have tried the usual forums and sites like Eventid.net, and have not found
much to help me. Can anyone please point me in the right direction.

Thank you,

KM, aka E_K

Exile_Ken

unread,
Aug 20, 2008, 5:58:10 PM8/20/08
to

We have resolved this issue, so I thought I would update this for future
reference.

We took a closer look at the registry.pol file in the Windows\System32\Group
Policy\Machine folder. I downloaded the free registry.pol viewer utility
from www.gpoguy.com. I viewed the contents of the registry.pol file in
question on both servers with the issue, and compared the results with the
files on a few DCs that were not affected. The results showed that the two
affected DCs had entries in the registry.pol file that referenced
Policies\Microsoft\Windows NT\Terminal Services. The registry.pol files on
the “good” servers did not have this entry (thus the incorrect parameter
messages).

We renamed the registry.pol file on the affected DCs and copied the
registry.pol file from one of the good DCs . We then ran gpupdate and waited
several minutes. The Event ID entries for 1020 then 1096 stopped. Running
clientdiag.exe showed that the machines now passed all the tests, and that
their GP pointed to the WSUS server.

I am still not sure what caused this issue. I believe that it had something
to do with the installation of new SC agents on these boxes, but I cant prove
that for sure. At any rate, it looks like replacing the registry.pol files
on the two affected DCs and updating the policy via gpupdate did the trick.

I hope this helps someone else.

E_K


Darren Mar-Elia

unread,
Aug 21, 2008, 12:07:11 AM8/21/08
to
Glad the utility helped Ken. Its also nice to hear stories like that :).

Darren


--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy

*******************************
Secure and configure your Windows desktops accurately every time without
having to learn or install new technology.
Find out more about Desktop Policy Manager at
http://www.sdmsoftware.com/desktop_management
*******************************

"Exile_Ken" <exil...@news.postalias> wrote in message
news:3FF40265-B9E7-4847...@microsoft.com...

0 new messages