Cannot query for the list of group policy objects

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Not sure if this is the right place to ask this, however...

Have a set of servers setup, two of which are cluster servers acting as 2000
server DC's.
A third is a 2003 server, designed only as a backup server, which
effectively is only acting as a fileserver to do so. The problem is that this
2003 server gets the errors "Cannot query for the list of group policy
objects" and "cannot find the machine account. The local security authority
cannot be contacted" every 5 minutes.
Only one of the DC's acts as an active DC, with the second as a backup, but
they are both well and truly started before the 2003 server is started. The
2003 is the only one to get this error in its logs. The net logon is set to
auto on the DC, and is also running, which leaves me stuck with trying to
work out why this is happening.

I have already gone through support Article 832215 and another one sent to
me, but both seem to work with when the problem is on the DC, not another
server.
 
Howdy Nick!
A third is a 2003 server, designed only as a backup server, which
effectively is only acting as a fileserver to do so. The problem is that this
2003 server gets the errors "Cannot query for the list of group policy
objects" and "cannot find the machine account. The local security authority
cannot be contacted" every 5 minutes.
Click to expand...

Could you please check the following?

- Has the 2003 server the "primary"-DCs IP address as it's first and
single DNS-server configured?
- Did you change permissions on SYSVOL?
- Do SMB-singing settings contradict each other? (GP: "CompConf\Windows
Settings\Security Settings\Local Policies\Security Options")
- Is DFS client disabled under services?

cheers,

Florian
 
Howdy again!

One more thing to say:

Florian said:
- Has the 2003 server the "primary"-DCs IP address as it's first and
single DNS-server configured?
Click to expand...

Since Windows 2000 Active Directory got introduced, there's no more such
a thing as a "primary" or "backup" DC. All DCs are equal members and
holding the same amount of data (except for the FSMO-roles). It is
recommended to have more than *one* domain controller running since the
DCs replicate from time to time and are always "up to date". This is a
kind of backup mechanism without having to hurry around if one of the
DCs goes down for some reason.

Just for you as an information...

cheers,

Florian
 
Back
Top