GPO update issue, \\domain.net\sysvol not accesible

  • Thread starter Thread starter sinam
  • Start date Start date
S

sinam

Hi,

Facing the problems mentioned in the subject line, which was already
addressed here, but even after following the steps mentioned, for me no luck.
Please advise to get rid of this problem.

Posting the common outputs.

Event log error
===========
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 6/17/2006
Time: 4:10:51 PM
User: INDUSTRYNETWORK\user1
Computer: IT02
Description:
Windows cannot query for the list of Group Policy objects. A message that
describes the reason for this was previously logged by the policy engine.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

=========================================================

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 6/17/2006
Time: 4:10:51 PM
User: INDUSTRYNETWORK\user1
Computer: IT02
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-
00C04FB984F9},CN=Policies,CN=System,DC=industrynetworks,DC=net. The file must
be present at the location <\\industrynetworks.net\sysvol\industrynetworks.
net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration
information could not be read from the domain controller, either because the
machine is unavailable, or access has been denied. ). Group Policy processing
aborted.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

===========================================================

c:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : it02
Primary Dns Suffix . . . . . . . : industrynetworks.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : industrynetworks.net

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG
Network Connection
Physical Address. . . . . . . . . : 00-0E-35-B6-C8-94
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.151
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.3
Primary WINS Server . . . . . . . : 192.168.0.3

========================================================
GPO tool optput, when run on IT02
------------------------------------------------
Domain: industrynetworks.net
Validating DCs...
Error: DC list is empty
========================================================
DCdiag output with /e /c /v
-----------------------------------


DC Diagnosis

Performing initial setup:
* Verifing that the local machine sun, is a DC.
* Connecting to directory service on server sun.
* Collecting site info.
* Identifying all servers.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\SUN
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SUN passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SUN
Starting test: Replications
* Replications Check
......................... SUN passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for CN=Schema,CN=Configuration,
DC=industrynetworks,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,
DC=industrynetworks,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=industrynetworks,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SUN passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for CN=Schema,
CN=Configuration,DC=industrynetworks,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=industrynetworks,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=industrynetworks,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SUN passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=industrynetworks,DC=net
* Security Permissions Check for
CN=Configuration,DC=industrynetworks,DC=net
* Security Permissions Check for
DC=industrynetworks,DC=net
......................... SUN passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... SUN passed test NetLogons
Starting test: Advertising
The DC SUN is advertising itself as a DC and having a DS.
The DC SUN is advertising as an LDAP server
The DC SUN is advertising as having a writeable directory
The DC SUN is advertising as a Key Distribution Center
The DC SUN is advertising as a time server
The DS SUN is advertising as a GC.
......................... SUN passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SUN,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=industrynetworks,DC=net
Role Domain Owner = CN=NTDS Settings,CN=SUN,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=industrynetworks,DC=net
Role PDC Owner = CN=NTDS Settings,CN=SUN,CN=Servers,CN=Default-First-
Site-Name,CN=Sites,CN=Configuration,DC=industrynetworks,DC=net
Role Rid Owner = CN=NTDS Settings,CN=SUN,CN=Servers,CN=Default-First-
Site-Name,CN=Sites,CN=Configuration,DC=industrynetworks,DC=net
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SUN,
CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
DC=industrynetworks,DC=net
......................... SUN passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 1601 to 1073741823
* sun.industrynetworks.net is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1101 to 1600
* rIDNextRID: 1307
* rIDPreviousAllocationPool is 1101 to 1600
......................... SUN passed test RidManager
Starting test: MachineAccount
* SUN is not a server trust account
* SPN found :LDAP/sun.industrynetworks.net/industrynetworks.net
* SPN found :LDAP/sun.industrynetworks.net
* SPN found :LDAP/SUN
* SPN found :LDAP/sun.industrynetworks.net/INDUSTRYNETWORK
* SPN found :LDAP/f46213b9-ed4e-419d-bcf4-f6c1d85b52ff._msdcs.
industrynetworks.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/f46213b9-ed4e-419d-
bcf4-f6c1d85b52ff/industrynetworks.net
* SPN found :HOST/sun.industrynetworks.net/industrynetworks.net
* SPN found :HOST/sun.industrynetworks.net
* SPN found :HOST/SUN
* SPN found :HOST/sun.industrynetworks.net/INDUSTRYNETWORK
* SPN found :GC/sun.industrynetworks.net/industrynetworks.net
......................... SUN failed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
......................... SUN passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SUN passed test OutboundSecureChannels
Starting test: ObjectsReplicated
SUN is in domain DC=industrynetworks,DC=net
Checking for CN=SUN,OU=Domain Controllers,DC=industrynetworks,DC=net
in domain DC=industrynetworks,DC=net on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SUN,CN=Servers,CN=Default-First-
Site-Name,CN=Sites,CN=Configuration,DC=industrynetworks,DC=net in domain
CN=Configuration,DC=industrynetworks,DC=net on 1 servers
Object is up-to-date on all servers.
......................... SUN passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... SUN passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... SUN passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SUN passed test systemlog

Running enterprise tests on : industrynetworks.net
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope

provided by the command line arguments provided.
......................... industrynetworks.net passed test Intersite
Starting test: FsmoCheck
GC Name: \\sun.industrynetworks.net
Locator Flags: 0xe00001fd
PDC Name: \\sun.industrynetworks.net
Locator Flags: 0xe00001fd
Time Server Name: \\sun.industrynetworks.net
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\sun.industrynetworks.net
Locator Flags: 0xe00001fd
KDC Name: \\sun.industrynetworks.net
Locator Flags: 0xe00001fd
......................... industrynetworks.net passed test FsmoCheck

===============================================================
nslookup output
----------------------

Default Server: sun.industrynetworks.net
Address: 192.168.0.3
sun
Click to expand...

Server: sun.industrynetworks.net
Address: 192.168.0.3

Name: sun.industrynetworks.net
Address: 192.168.0.3
===============================================================
The other issue is accessing the shares as described below.

1) \\industrynetworks.net, able to see the shares, but not accessible, except
Scheduled Tasks, Printers and Faxes.
2) \\industrynetworks, able to access shares.
3) \\IP address, able to access
4) \\sun.industrynetworks.net, able to access

Please advise.

Sinam
 
sinam via WinServerKB.com wrote:

The ipconfig /all looks OK on the Client, can you post the ipconfig /all of
the DC?

What about nslookup industrynetworks.net ?

The TCP/IP helper service is required for the DFS shares, is it running and
set to automatic startup?
Can you access this DFS share?
\\industrynetworks.net\SYSVOL

Run netdiag /fix on the DC.
 
Hi Kevin,

1) The TCP/IP helper service is running and set to automatic.
2) Can't access DFS share \\industrynetworks.net\SYSVOL, error: is not
accessible
3) ipconfig /all output for DC

Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : sun
Primary DNS Suffix . . . . . . . : industrynetworks.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : industrynetworks.net

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC7761 Gigabit Server Adapter
Physical Address. . . . . . . . . : 00-11-85-C2-00-71
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.3
Primary WINS Server . . . . . . . : 192.168.0.3

4) netdiag /fix output on DC
........................................

Computer Name: SUN
DNS Host Name: sun.industrynetworks.net
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 3 Stepping 4, GenuineIntel
List of installed hotfixes :
KB329115
KB822343
KB823182
KB823559
KB824105
KB824151
KB825119
KB826232
KB828035
KB828741
KB828749
KB832353
KB832359
KB835732
KB837001
KB839643
KB839645
KB840315
KB840987
KB841356
KB841533
KB841872
KB841873
KB842526
KB842773
KB842933
KB867282-IE6SP1-20050127.163319
KB871250
KB873333
KB873339
KB883935
KB883939-IE6SP1-20050428.125228
KB885250
KB885834
KB885835
KB885836
KB888113
KB890046
KB890047
KB890175
KB890859
KB890923-IE6SP1-20050225.103456
KB891711
KB891781
KB893066
KB893086
KB893756
KB893803v2
KB894320
KB896358
KB896422
KB896423
KB896424
KB897715-OE6SP1-20050503.210336
KB899587
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB905414
KB905495-IE6SP1-20050805.184113
KB905749
KB905915-IE6SP1-20051122.175908
KB908519
KB908523
KB908531
KB911564
KB911567-OE6SP1-20060316.165634
KB912812-IE6SP1-20060322.182418
KB912919
KB913580
Q147222
Q828026
Service Pack 2
Update Rollup 1

Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'RAS Async Adapter' may not be working because it
has not received any packets.

Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : sun
IP Address . . . . . . . . : 192.168.0.3
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.1
Primary WINS Server. . . . : 192.168.0.3
Dns Servers. . . . . . . . : 192.168.0.3
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Passed

Global results:

Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{0BA8CF40-7497-4A35-8988-3DDBFFDE422E}
1 NetBt transport currently configured.

Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.0.
3' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{0BA8CF40-7497-4A35-8988-3DDBFFDE422E}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{0BA8CF40-7497-4A35-8988-3DDBFFDE422E}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'sun.industrynetworks.
net'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.

The command completed successfully

5) nslookup on DC

Server: sun.industrynetworks.net
Address: 192.168.0.3

Name: industrynetworks.net
Address: 192.168.0.3

Thanks,
Sinam



The ipconfig /all looks OK on the Client, can you post the ipconfig /all of
the DC?
nslookup output
---------------------- [quoted text clipped - 9 lines]
Name: sun.industrynetworks.net
Address: 192.168.0.3
Click to expand...
Click to expand...

What about nslookup industrynetworks.net ?

The TCP/IP helper service is required for the DFS shares, is it running and
set to automatic startup?
Can you access this DFS share?
\\industrynetworks.net\SYSVOL

Run netdiag /fix on the DC.
Click to expand...
 
Hi
Make sure that the following components are started and correctly
configured:

. Netlogon and DFS services are started.
. Domain controllers have the read and apply rights to the Domain
Controllers Policy.
. NTFS file system permissions and share permissions are set correctly
on the Sysvol share.
. DNS entries are correct for the domain controllers.



If everything Ok, try rebuild DNS:
* Delete the forward zone and the reverse lookup zone

*go to the %systemroot%\system32\dns - delete any old zone that you may have
there.

*delete the files netlogon.dnb and netlogon.dns from
%systemroot%\system32\config

*create the forward lookup zone and the reverse lookup zone make them AD
integrated, for security purposes make sure that the zones only accept
secure only - updates.

*restart the netlogon service, confirm the creation of the files
netlogon.dnb and netlogon.dns on %systemroot%\system32\config

*run ipconfig /registerdns

*run netdiag /fix



Try again
--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator
 
Back
Top