can't start GPO

  • Thread starter Thread starter Miha Bernik
  • Start date Start date
M

Miha Bernik

I just installed a Win2k server and promote it to be a DC for my domain. It
has 2 NIC (private and public).
The problem is, when I try to run 'Doman Controller Security Policy' or
'Domain Security Policy' I get the following error:

"Failed to open the Grop Policy Object.You may not have appropriate rights"
"The remote computer is not available"
"The network path was not found"

I think that this could be some kind of a DNS problem but don't know how to
fix it. All other services are running OK, also all computers in LAN have
access to the internet.

Thanks in advance for all your help
Miha
 
In
Miha Bernik said:
I just installed a Win2k server and promote it to be a DC for my
domain. It has 2 NIC (private and public).
The problem is, when I try to run 'Doman Controller Security Policy'
or 'Domain Security Policy' I get the following error:

"Failed to open the Grop Policy Object.You may not have appropriate
rights" "The remote computer is not available"
"The network path was not found"

I think that this could be some kind of a DNS problem but don't know
how to fix it. All other services are running OK, also all computers
in LAN have access to the internet.

Thanks in advance for all your help
Miha
Click to expand...

Dual NICs usually cause problems with AD if DNS is installed on the machine
due to which record is being resolved when the client or the DC queries to
"find" the domain.

In your case, assuming that one NIC is external and you are not hosting
public records, I would do this to clean it up:

In IP properties, point both NICs to just YOUR DNS server and Not the ISP's.
In DNS properties, interface tab, listen to just the internal IP.
In DNS properties, forwarder tab, type in the ISP's DNS address.
In Network & Dialup Window, Advanced menu, Advanced settings, in the top
window,move the internal interface to the top of the binding order.
On the extrernal NIC properties, uncheck File Print Services, MS Client.
On the extrernal NIC properties, IP properties, Advanced, WINS tab, disable
NetBIOS
Delete any external IP address in your zone name in DNS.
Make sure also that dynamic updates are set to Yes in the zone's properties.
Makes sure your Priamry DNS Suffix is spelled exactly as the zone name.

If your internal domain name is the same as your external domain name, then
there are a couple other steps too.

Hope this helps.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top