Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Win2K3 R2 - Event Id 1058 and 1030

Status
Not open for further replies.

SKSysAdmin

Technical User
Mar 20, 2008
17
CA
Hi,

I am getting the dreaded event id's 1058 and 1030 on our backup windows 2003 DC.

Specifically this line (our info has been masked):
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 6/20/2008
Time: 11:05:16 AM
User: <Our Domain>\administrator
Computer: <our DC Name>
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=<ourdomain>,DC=local. The file must be present at the location <\\<our domain>.local\sysvol\<our domain>.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at


I have read a lot of information on the subject so far.

Heres what I have done (with minor results).

It appears that about a year ago the server encountered a DFS JRNL_WRAP error. I then found information in KB290762 on how to do a non-authoritative DFS restore from our good known main DC. Previous to this I could not access the Group policy management console from that particular DC.

I also ran the dfsutil /purgemupcache option after the non-authoritative restore.

The result now was that I was able to open the Group policy from the backup DC but still got the errors.

I then tried opening the Default GPO, changing a couple of options and then changing them back. I Also changed security permissions to the GPO and then changed them back and click Okay. (effectively forcing the ACL's get re-written on the object).

The result was that I still have the 1030 and 1058 messages every 5 minnutes and that sometimes varies throughout the day.

Any ideas on what to look at next ?

I am currently investigating the userenv.log (by turning on logging in the registry) and will post my results if needed.

Thanks in advance.

Kevin.
 
1) I've seen behavior like this before when the DCs are not on the same OS & SP level. Be sure all DCs are 2000 or 2003 and all have the same SP installed.

2) If you have other DCs that are stable and working fine, I suggest demoting and repromoting this server. Verify that the sysvol and ntds folders are deleted. You'll probably spend less time scratching your head and swearing.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
 
Search Microsoft's site for KB887303. The steps referenceing the Server Message Block signing settings has resolved this for me in the past.
 
HI SKSysAdmin,
Do you have an antivirus running, more specifically Norton Antivirus? It seems that on my Windows 2003 Server, when I disable all the Symatinc Services, this problem goes away. I was getting the 1058 and 1030 errors every 5 minutes, and disabling the anti-virus fixed it.

I'm still looking for an explanation why the Antivirus is causing this.



SKSysAdmin wrote:
Hi,

I am getting the dreaded event id's 1058 and 1030 on our backup windows 2003 DC.

Specifically this line (our info has been masked):
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 6/20/2008
Time: 11:05:16 AM
User: <Our Domain>\administrator
Computer: <our DC Name>
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=<ourdomain>,DC=local. The file must be present at the location <\\<our domain>.local\sysvol\<our domain>.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.
 
One thing I should also mention, whenever I got the 1058 and 1030 errors, all networking services on the server would stop. I couldn't browse to any shares from the server or from the workstations.


<<HI SKSysAdmin,
Do you have an antivirus running, more specifically Norton Antivirus? It seems that on my Windows 2003 Server, when I disable all the Symatinc Services, this problem goes away. I was getting the 1058 and 1030 errors every 5 minutes, and disabling the anti-virus fixed it.

I'm still looking for an explanation why the Antivirus is causing this.>>
 
Hi,

No there are no anti-virus services running on this server. Thats a good thought though.

I think what we have to end up doing is just demote the controller, reinstall it and then promote it again. At this point it looks like just corruption.

Thanks for insight.
 
Hi, I think you are right, it might be a corruption. The Anti-virus had nothing to do with this, after I disabled the AV, the problems still occurred. Every 12 minutes I would get the 1030 and 1058 event IDs.

I am on the phone with Microsoft support, it looks like it might just be a corruption with Active Directory, they still haven't figured it out. I'll post at the end of the day with whatever Microsoft figures out.

Good Luck
 
SKSysadmin,

How often did you get the 1030 and 1050 event ids?
 
Microsoft suggested that the patches KB951746 and KB951748 could be causing the problems, as they have been known to cause an issue in DNS. These two patches cause DNS to use up all the UDP ports, therefore affecting DNS functionality. They uninstalled both of them and restarted.

However, about 15 minutes later, the issue STILL occurred. I did manage to narrow it down to it being a network traffic issue. Seems that at night the server does not have this issue, but during the day when users are using resources, the 1030 and 1050 event IDs populate every 12 minutes or so, and no one can access shares.
 
Hi guys, I got the solution, unfortunately, what I got from Microsoft is that the 1030 and 1058 errors are generic, and don't exactly tie into one specific problem. However this is what my problem was. There was a program that the clients use, a Food and Beverage POS from ClubConnect, that uses an .exe on the server called WINTERM.exe. Whenever you would open the program in the client PCs, the program would use WINTERM.exe through the G: drive, which is a mapped drive to the server. Whenever this program would use this exe off the server, 1030 and 1058 errors would show up on the server and every share would hang, as well as active directory.

After figuring this out, I uninstalled anything I could, any anti-virus or any unnecessary programs but still nothing.

>>>SOLUTION:<<<<
Finally, I just decided to uninstall .NET Framework 2 and Service Pack 2, restarted, and then the problem went away. These programs would not cause the server to hang anymore. Apparently there was some conflict between .NET Framework and this Food and Beverage POS. Good luck to all you who are having this problem.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top