Group Policy Error

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Please help.
When I try to acces any of my group policies I get the following message:

Failed to open the Group Policy Object. You may not have appropriate rights.
Details
The system cannot find the path specified.

This is causing problems on client PC's as some don't seem to be picking up
the policy but others are.
Could this be related to DNS?
If so how can I find out what is going wrong.
I do have a DNS error in the error log (4004) but can't find out much info
about it.

Thanks
 
I have now found that the 'sysvol' contents on 2 servers are missing which
explains why I couldn't access the group policy and is now rectified but I
still have the problem with some client PC's not picking up the policy and
others that do.
Hope this helps.

Thanks for the response.
 
I have now found that the 'sysvol' contents on 2 servers are missing which
explains why I couldn't access the group policy and is now rectified but I
still have the problem with some client PC's not picking up the policy and
others that do.
Hope this helps.

Thanks for the response.
 
Have you tried looking in the "directory Services" part of the event logs

Are there any FRS events ?

Dave
 
Yes - Error 13508
The File Replication Service is having trouble enabling replication from
SeverA to ServerB for c:\winnt\sysvol\domain using the DNS name

Any ideas why?
 
I have checked DNS and I can ping the FQDN. I then did a manual 'Replicate
Now' but am still getting the Error 13508.

What is next?
 
The best place to start is with Active Directory Replication Monitor from
the Windows 2000 Support Tools,
Anthony
 
Thanks this has helped me to find out that one of my organizational units
that has a seperate group policy is not being replicated from the main DC to
the other 2 servers, everything else is being replicated fine. How can I fix
this?

Thanks again.
 
You would have to figure out what happened. The directories are out of sync
so changes are not replicated. You can use Replication Monitor to force a
one-way replication, but my inclination would be to find out what caused the
error.
This can happen if each DC has itself as the primary DNS server, or does not
have DNS set up properly, before the domain is fully replicated. You need to
start by setting all the DC's to use one master DC as the DNS server. You
may also need to delete the integrated DNS zones on the other DC's. There is
plenty of stuff in the knowledgebase about replication. it just needs to be
set up carefully at the beginning.
Anthony
 
Again many thanks.
I am now trawling through the knowledge base to find any relevant articles.
DNS is only set up on one server with the other 2 pointing to it and it
seems to be working fine.
I have just tried to run the 'DNSLint' cmd as instructed to in an article
but am unable to do so - I keep getting the 'not recognised command' error.
I could do with more help if possible.

Thanks
 
Your AD is not replicating between domain controllers, and I suspect you do
not have DNS set up correctly for the domain. The best approach is Active
Directory-integrated DNS on all DC's. You should be seeing more errors in
the event logs to tell you what is going wrong
Anthony
 
DNS is set up AD Integrated. I am getting the same error message on 2 servers
telling me that FRS cannot update to the 3rd server because it doesn't
recognise its DNS name.
This 3rd server is quite old and will be replacxed as soon a I build
another, could it be that this old server is having problems? Event viewer on
this server is blank and that obviously doesn't help.
Would it be wise to ditch this server and carry on without it?
 
Sorry but something is completely ***d. You said Sysvol was missing; now
Event viewer is missing! The server is trashed. When you rebuild, a few
pointers:
- AD integrated DNS is installed on all DC's
- To start with, make sure that all new DC's have the first DC as their DNS
server.
- If your AD and DNS are set up correctly on the first DC, setting up
additional DC's is very easy. If it does not work first time, demote it and
start again.
- Use Replication Monitor to check that your AD replication is OK, and if
you have any errors at all, fix them before you go any further
Anthony
 
Back
Top