DC cannot access registry.pol - "network path not found"

[shifty]

I am nearly bald from ripping my hair out over this one ...


My setup:
- 2 separate locations
- 1 DC running Windows 2000 Advanced Server per location
- My AD Domain: ad.mydomain.net
- First DC added: dc1.ad.mydomain.net (@ 192.168.110.1)
- Newer DC add'n: dc2.mydomain.net (@ 192.168.120.5)


My problem:
I started finding Event Id 1000 (53) errors in my log every 5 minutes
(below) for my second DC, dc2.ad.mydomain.com. I know this is a common
error, so I did my own work: I read and performed steps from KB
articles Q258296, 259398, 839499, and 258213 and I tried every fix
listed at eventid.net website for this particular event.


The error from the event log:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 12/21/2004
Time: 3:58:54 PM
User: NT AUTHORITY\SYSTEM
Computer: DC2
Description:
Windows cannot access the registry information at


\\ad.mydomain.net\sysvol\ad.mydomain.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol
with (53).

Here is what I've done thus far (other than beating Google ruthlessly):

From DOS, 'NET HELPMSG 53' says "The network path was not found." This

would suggest I am getting the above error because registry.pol isn't
being found at the given network path.

So, I tried to access \\ad.mydomain.net\. 'Network location not found'
returns almost immediately.


I did an NSLOOKUP and I actually return the correct info, so DNS is
working correctly. See:


C:\>nslookup atl.lw.net
Server: dc2.ad.mydomain.net
Address: 192.168.110.1


Name: ad.mydomain.net
Addresses: 192.168.110.1, 192.168.120.5


I can access this network location without problems:


\\dc2.ad.mydomain.net\sysvol\ad.mydomain.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol
NETBIOS is enabled on all NICs and the primary NIC is at the top of the
list in the advanced properties of my Network settings. File and Print
Sharing is enabled on all of my NICs.


I use a WINS server. I added a NETBIOS entry for a domain controller
ad.mydomain.net to point to the IP of dc1 and dc2 on my network. I
still cannot access \\ad.mydomain.net.


In the process, I noticed something else -- when I run REGEDT32 and
look in hKLM window, the Security folder is greyed out on dc2. I can
add the group policy snapin from MMC without problems and scroll
through it.


I am completely stumped why this error message keeps coming up. Any
help is appreciated.


TIA

 

[Glenn L]

This is a DFS referral request when you type this in on the run line.
\\ad.mydomain.net\sysvol\
This requires the DFS service be running on your DC. Verify it is running.
Have you done a dfsutil /purgemupcache at the command line on the DC ?
Make sure the DFS client is not disabled on your DC.
If the DFS Client is disabled, you can not access the \\<Active Directory
Domain Name>\Sysvol share, which would cause this problem. To check / enable
the DFS Client, use Regedt32 to navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup. Double-click the
DisableDFS value name, a REG_DWORD data type. A data value of 0, the
default, enables the DFS Client. A data value of 1 disables the DFS Client.
NOTE: If the DisableDFS value name is missing, the DFS Client is enabled".
Make sure there is no SMB signing mismatch between the workstation and
server services
You mentioned the DC has multiple NICs....Try disabling all but the primary
NIC, and see if the DC can apply GPO by running a secedit /refreshpolicy
machine_policy /enforce

 

[shifty]

I've already done all of the steps you listed - they were in the KB
articles I listed above.

The solution had nothing to do with DFS - I found (someone answered
another in another group) that the TCP/IP NetBIOS Helper Service was
disabled on DC2, and that was the computer having the problem.