Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows 2003 Group Policy issue

Status
Not open for further replies.

andytheautomator

Technical User
Nov 20, 2003
32
US
Hello all,

I am unable to edit GPO's from any computer in the domain. On the domain controller in the Application Log I get event ID 1030 and 1058 every 5 mins. The issue appears to be that the folder "{31B2F340-016D-11D2-945F-00C04FB984F9}" literally doesn't exist. I have run netdiag and dcdiag and no errors related to this. In the ADSI editor the {31B2F340-016D-11D2-945F-00C04FB984F9} container exists but no GPT.ini? Any ideas? Please feel free to ask questions if I haven't been specific enough.

Thanks

Event 1058

Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=YHM,DC=local. The file must be present at the location <\\123.local\sysvol\123.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The system cannot find the path specified. ). Group Policy processing aborted.
 
Thanks but that wasn't it. When I try to go to \\domain.local\sysvol\domain.local\policies the folder doesn't exist.
 
Andy...you have a corrupt group policy reference. See the post here the post below yours

Hope this Helps.

Neil J Cotton
njc Information Systems
Systems Consultant
 
Thanks Neil,

I tried dcgpofix but it didn't do anything for me. It looks like I need to recreate everything related to Group Policy. Is there any way to do this?

Thanks,
 
not really, not unless you backed up your previous states, you can getyour backup, and replace your sysvol folder. You shouldn't need to replace all, just the affected GP.

Hope this Helps.

Neil J Cotton
njc Information Systems
Systems Consultant
 
The problem is they are all affected. I can't edit any GP. This problem appears to have been going on since before I arrived at this company so there aren't any good backups. Is there any way to blow away all GP and start from scratch?

Thanks,
 
yeah DCGPOFix

Do some reading on it first. You;ve gonnahave to start froms scratch...not always the most convienent in the short term, especially for people that have products relying on settings for basic operation...but in the long run, its worth it.

Hope this Helps.

Neil J Cotton
njc Information Systems
Systems Consultant
 
Thanks Neil,

I mentioned earlier DCGPOfix doesn't seem to do anything for this. Does anybody know a way to delete everything to do with Group Policy and completely recreate it from scratch? When I create a new GPO right now I can edit it, but when I close it and open again I am unable to edit it.

"The system cannot find the path specified"

Thanks to anybody who has looked into this, I really appreciate everyones comments or suggestions.

Andy
 
have a look in your sysvol folder, try creating something manually under sysvol\domain\policies, see if when you refresh it, it deletes the folder you have created.

Have you checked for viruses and such?

Hope this Helps.

Neil J Cotton
njc Information Systems
Systems Consultant
 
I have checked for viruses and haven't found anything that doesn't mean that there isn't anything there but as much as possible I have tried to eliminate that possibility. I tried placing something in that folder and when I refresh it's deleted. Any ideas?

Thanks,
 
For anyone interested this problem got resolved. Here is the outline:

PROBLEM: Group policies missing and hence not getting applied.

RESOLUTION: Verified the status of AD replication and file replication it was absolutely fine on all dc's.

Sysvol and netlogon were also shared.

Saw in sysvol-domain folder in Server1 that the policies folder was not there.

Instead we had ntfrs_policies folders and under one of them we had the 2 guids of default domain policies and domain controllers policies.

Stopped the ntfrs on all dc's.

Created a backup policies folder on the desktop on Server1 and pasted the unwanted ntfrs_policies folders into it.

Created a policies folder under domain folder on Server1 and pasted the 2 default domain policy guids in there.

Did a d4(modifying the burflags dword value under HKLM\system\currentcontrolset\services\ntfrs\parameters\process at startup\backup/restore) on pdc Server1 and started the frs and d2(same value) on dc's Server2 and Server3 and started the frs there as well.

Refreshed the group policies on all dc's and we are getting 1704 event id's.

We are now able to edit the policies also.



Thanks to everyone who offered advice or did any research trying to figure this out for me.
 

I have run into the similar problem before. Check to see if the policy exist in Active Directory Users and Computers > System Folder > Policies there is a GUID for the GPO you are looking for. If it still there, you may need to take ownership of the folder and once you take ownership you may need to manually give access to Domain Admins in order to modify it. You may need to just delete the GUID folder from there and recreate the GPO using GPMC.

Hope this helps,


Gladys Rodriguez
GlobalStrata Solutions
Computer Repair, Website Design and Computer Consultant
Small Business Resources
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top