Group Policy Probs..

[MattWray]

I am trying to fix some errors in the event viewer. According to M$ they are related to the DC Group Policy. When I go into AD Users and Computers, expand the domain, Right-click DC's, properties, group policy tab, I am receiving an error message saying, The Domain Controller for Goup Policy operations is not available. You may cancel this operation for this session or retry using one of the following domain controller choices:
The one with the Operations Master token for the PDC emulator
The one used by the Active Directory Snap-ins
Use any available domain controller

I have tried all of the above and receive errors saying Fialed to find a Domain Controller. There may be a policy that prevents you from selecting anothe DC.
Details: network name cannot be found.

This is the only DC in our network, so there must be something I've configured wrong or did not do. Any help would be greatly appreciated! Matt Wray
CCNA, MCP
mwray77518@yahoo.com

 

[FilthPig]

Probably a problem in DNS somewhere - Are you doing this from the server? If you have DNS installed on your DC, is it looking to itself for name lookups? Marc Creviere

 

[GlenJohnson]

Also check your WINS settings. I've heard wins can be really touchy. Make sure in your IP settings, it has itself as wins address only. Glen A. Johnson
Microsoft Certified Professional

"Things are not always as they seem;
the first appearance deceives many."
Phaedrus (15BC - 50AD) Roman poet, short-story writer

 

[MattWray]

Marc, I am doing this from the server itself. It should be looking to itself for DNS, but I'll double check.
Glen, I currently don't have WINS set up, do I need WINS for this operation? Matt Wray
CCNA, MCP
mwray77518@yahoo.com

 

[GlenJohnson]

I don't think so, but I don't think it would hurt. Have you tried dcpromo, demote it, then use dcpromo a second time? I had to do this with a new server we have. After the second promotion, everything went well. Just remember, this might cause more harm than good if you're just fixing event logs. I couldn't get the server to connect to an existing domain at all, and it hadn's been put into production yet, so I couldn't hurt anything. Good luck. Glen A. Johnson
Microsoft Certified Professional

"Things are not always as they seem;
the first appearance deceives many."
Phaedrus (15BC - 50AD) Roman poet, short-story writer

 

[FilthPig]

If it's looking on 127.0.0.1 make sure that DNS is either listening on all IPs or that 127.0.0.1 is listed in the IPs it's listening on. Marc Creviere

 

[GlenJohnson]

You can also do a search on google.com or msdn.microsoft.com and see what they have to say. (I have more faith in google myself.) Glen A. Johnson
Microsoft Certified Professional

"Things are not always as they seem;
the first appearance deceives many."
Phaedrus (15BC - 50AD) Roman poet, short-story writer

 

[MattWray]

Marc, "If it's looking on 127.0.0.1 make sure that DNS is either listening on all IPs or that 127.0.0.1 is listed in the IPs it's listening on."
Do you mean I should have the server DNS pointing to 127.0.0.1? Currently it is pointing to it's LAN NIC address (192.168.1.50). I did verify that it is listening on all IPs. Matt Wray
CCNA, MCP
mwray77518@yahoo.com

 

[FilthPig]

No, I've just seen Win2k automatically use that when you install DNS on it and it didn't have a DNS entry before. Using the LAN address is fine.

Has this always been the only DC? If not, are you certain that all FSMO roles are hosted on it?

If you're using your own account, try it with the Administrator account - maybe something's amiss with the permissions somewhere. Marc Creviere

 

[MattWray]

This is the only DC at the root of the forest, and I am logged in as the administrator. This is very strange, I don't think it's actually hurting anything. Just very bothersome to see that same 2 errors every 5 minutes. From the digging I've been doing on M$, they say it's something to do with the default domain policy. How can I go about checking the FSMO roles. Though I don't see how it couldn't have them all, as this is the only DC. When I highlight the DC folder (where I am trying to get to the GP tab) the servername shows up on the right pane, so I know its "seeing" itself. Unfortunately, I won't be able to work on it more till next week... Matt Wray
CCNA, MCP
mwray77518@yahoo.com

 

[tlcscousin]

Have you created an enterprise admin? If so logon as that account and try, if not logon from a client that has adminpak.msi on it and try doing it remotely as the enterprise admin.

 

[Guest_imported]

Run the check c: /f command from CMD.

It seems you remove some files under SYSVOL just by delete, or the HDD have something wrong, or some other reson make it just power down your server instead of normal procedure.

I supposed you configured the security and generate some template, and you delete it later since it's useless anymore you think, the whole directory such as {xxxxxx-xxx-xxxxxx} were deleted.

Generally, the error makes your Active Directory can't access the data in SYSVOL normally, although the data is not so seriously from you using W2K normally.

 

[FilthPig]

If this is the only DC, and has always been the only DC, then it will have all the FSMO roles. If you started with a different server first, then added this one, then removed the first, you'd have some FSMO roles stranded out in limbo. To double-check either way, right-click on your domain in AD Users & Computers and choose Operations Masters. Make sure your current DC is the one listed for all of them. Marc Creviere

 

[GlenJohnson]

I'm having problems with my w2k machines the master browser are other w2k machines are master browsers. Half see the dc as the master browser. The ones that see other's can't join the domain. My 2 dc's show the original machine, (Which was upgraded from NT4.0) with my second dc, which came online afterwords. Could this have something to do with it? Thanks Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com

"You cannot create experience. You must undergo it."
Albert Camus (1913-1960); French writer and philosopher

 

[wallerkr]

I didn't see this in the thread anywhere so I will ask what may be obvious,

"Have you tried rebooting the server?"

I had this same message on our test server and a reboot cleared it.

 

[prew]

its nice to see the answer guy, with a question. restores my faith in myself somehow!

prew ~~~ misery loves company....wanna hangout? ~~~

 

[GlenJohnson]

Have to turn off browsing on the locals in services and applications, services, computer browser. Also go into regedit and turn the browser services from auto to no.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Pa
rameters]
"IsDomainMaster"="FALSE"
"MaintainServerList"="No"
This was given to me here in tek-tips. I don't remember who it was, but I greatly appreciated it. I can now get the w2k pro's to join our domain in less than 10 minutes, and if I have problems, I know right where to look to solve them. Thanks to all that helped with that problem. (I know this doesn't pertain to Mattway's problem, but the browsing was one part of the problem).
Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com

"Man is not weak; knowledge is more than equivalent to force."
Samuel Johnson (1709-84), English author, lexicographer.

 

[MattWray]

I've been working remotely all this week, hopefully I'll get a chance to try some of these tips..
Thanks Everyone! Matt Wray
CCNA, MCP
mwray77518@yahoo.com

 

[MattWray]

I checked out everything suggested, and I am still receiving errors every 5 minutes. Driving me Crazy! Matt Wray
CCNA, MCP
mwray77518@yahoo.com

 

[GlenJohnson]

Amelio said something about the sysvol. Check it. I had a problem with that also. That is where your policies are. C:\winnt\sysvol\sysvol\domainname.com\do not remove and polices and scripts. I had to copy this off of another server and place in on my new server because of error messages I was getting. Been so long ago, I don't remember the messages, but it's worth checking. Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"Knowledge increases in proportion to its use, that is,
the more we teach the more we learn."
Helena Petrova Blavatsky (1831 - 1891), Russian author and translator.