Problems with GPO and Domain Security Policy and Domain Controller Sec

[johnfranklin]

Hi All,

For some months now this problem has occured on one Win2K Server.

Group Policy Objects:

When select the GP tab you get the following message -
DOMAIN CONTROLLER NOT FOUND FOR OURDOMAIN.LOCAL
The domain controller for group policy operations is not available. Then gives you three options to connect, none of which work and return the following error:

Group Ploicy Error: Failed to find Domain Controller - Path not found.


Domain Security Policy and Domain Controller Security Policy:

Group Ploicy Error - Failed to open the group policy object you might not have sufficiant rights - NETWORK PATH NOT FOUND.

Could someone please help with this issue, I have been looking for months and no one seems to have a solution.

Thanks in advance.

JF

 

[packdragon]

You are logged in as a Domain Administrator, right?

 

[johnfranklin]

Yes, this is the strange thing.

Also no policies have ever been set up on this server.

JF

 

[ahalecitrix]

Check to see if you can physically access the folder where the policies are located:

%systemroot%\SYSVOL\domain\Policies

My first suspicion however is a DNS problem. Run NetDiag and verify you don't find any errors.

 

[GrnEyedLdy]

JohnFranklin,

This happened to me before in the classroom. Students started to get error messages as you posted above and could not access the default polices on their Domain Controllers. I looked for the default policies (check the location posted above by Ahalecitrix), and found that they were not there.

But, I found a folder called DO_NOT_REMOVE_NTfrs_Preinstall_Directory. (This folder is under the SYSVOL and can only be seen if you change the view to not hide protected files). I opened it up and the default policies were there. I copied them back to their default location and then the default GPO's could once again be accessed.

Go figure, not sure actually what happened to create this problem in the first place or why those policies ended up in there.

Patty

 

[johnfranklin]

Hi all,

Thanks for the response so far, well I checked the location and I have 4 folders in there:

{31B2F340-016D-11D2-945F-00C04FB984F9}
{6AC1786C-016F-11D2-945F-00C04fB984F9}
{7F740DF7-8CFD-4542-A984-604718B7CD31}
{D2BB1001-537C-4BDE-A18E-EA31B80385C9}

I ran NetDiag and all passed.

Any ideas ?

JF

 

[ahalecitrix]

Check the permissions to these folders. Make sure that isn't causing the errors you are receiving.

Just FYI the four folders are for separate group policies. Each one is the unique identifier for each GPO.

 

[johnfranklin]

All permissions are fine on every folder.

About 6 months ago we think that this server was hacked, we had certain evidence that someone unauthorised had been on it in one way or another. We took necessary measures and no one has been on since.

We have never set up policies before on this server, I am now thinking that this problem was the cause of the unauthorised person, quite a good tactic if you put yourself in their shoes.

Do you think this problem is repairable?

JF

 

[johnfranklin]

YEEEESSSSSSSSSSSSSSSSSSSSSS!

I fixed it.

Here was the problem ---------------------------

Under the Sysvol directory there is another Sysvol Directory, this folder is shared by default, someone or something had removed the share.

That was it, all those problems caused by that .. Someone could access a server set a really bad policy, ie lock out admins etc, then remove the share and they would be screwed.

Thanks for the help, and I hope this thread helped other people who are having the same problem.

JF

 

[ahalecitrix]

Glad it worked out. Thanks for sharing the solution!

 

[ha100]

Strange!!! the same thing happened to me after I'd installed servicepack 4 and the Q823980 patch. The sysvol share was removed. I think this caused a eventID 1000 Userenv as well.
Thank's for letting me know. Now I fixed it too.
Thanx thanx thanx.