Windows 2003 Group Policy Issue
Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: Windows 2003 Group Policy Issue

  1. #1
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466

    Windows 2003 Group Policy Issue

    Hi gals/ guys
    Yet again i seek your advice and help in an issue i am facing form last few days, the Group Policy of my windows 2003 machine got corrupted or dunno what happen to it. Not a single user of the domain could logged into the machine, even can't accesss the shared folder.

    Even when I try to join a system on Domain i get the same message (attached screenshot). When i try to delete the group policy i get the same message, even can't modify it. Although i am logged into the system with Administrator ID and i am administrator of the system.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  2. #2
    how is dns working? i'm assuming that you are using a domain admin account to log on, correct?

    check the event logs as well and head over to eventid.net it's a very helpful site.

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Is the machine a server or a workstation?
    On a server "regular" non-admin useraccounts cannot logon (locally) by default.

    Is the time set correctly?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    Sir Dice
    Machine is a server and i am logged into the machine with Domain Admin account. Time set correctly ?
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I think you have to be a server admin to adjust the group policy on a server....

    Yes check the time on the workstations ....and server

    Make sure they are all the same...and in the same timezone

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    742
    Are you logged into the server or are you attempting to do this through the MMC tools? From the looks of the image you are using the AD MMC from your local machine to make the changes?

    I see you have a window opened with RDP to a server. Does any of this work when logged into the DC?
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  7. #7
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    FanaCool,
    Having some Event ID's would really help us all out. Check your Event Viewer (as mentioned before) and post any errors that relate to the problem you are experiencing (or that you think relate to the problem). I have found many times that using Event Viewer really helps in isolating the problem, rather than driving yourself nuts trying every solution until one works.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  8. #8
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    Fana,
    I forget if you have one or two DC in your AD. If you haven't already tried log locally to the DC as has been suggested with the domain admin account. If you have two DC's try on thte two if it works on one and not on the other check to see if the replication is working ok. Also ,I don't have a server where i am now so can't give you exact instructions, check that you still have the right to modify the groups policys. Had a case once where a tech changed the policy for the domain thinking if was only for his DC.
    Verify your event logs and check the error codes, if any, on the technet site if you haven't already.
    Let us know if you get it worked out.
    Cheers
    Muracu
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  9. #9
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    There is a W32Time error i am getting on the machine:

    Event Type: Warning
    Event Source: W32Time
    Event Category: None
    Event ID: 12
    Date: 8/10/2006
    Time: 6:48:00 PM
    User: N/A
    Computer: Server
    Description:
    Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.



    Another Error i see is this : -

    Event Type: Error
    Event Source: MRxSmb
    Event Category: None
    Event ID: 8003
    Date: 8/10/2006
    Time: 6:42:07 PM
    User: N/A
    Computer: SERVER
    Description:
    The master browser has received a server announcement from the computer COMPUTER1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F8FB0E1A-7C4B-4401-A3. The master browser is stopping or an election is being forced.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 00 00 00 00 03 00 4e 00 ......N.
    0008: 00 00 00 00 43 1f 00 c0 ....C..
    0010: 00 00 00 00 00 00 00 00 ........
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........


    3)

    Event Type: Error
    Event Source: NETLOGON
    Event Category: None
    Event ID: 5513
    Date: 8/10/2006
    Time: 6:37:02 PM
    User: N/A
    Computer: SERVER
    Description:
    The computer COMPUTER2 tried to connect to the server \\SERVEER using the trust relationship established by the MYDOMAIN domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



    4) This issue is there from day one

    Event Type: Warning
    Event Source: DhcpServer
    Event Category: None
    Event ID: 1056
    Date: 8/10/2006
    Time: 6:32:54 PM
    User: N/A
    Computer: SERVER
    Description:
    The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 00 00 00 00 ....



    5) This is what looks like what would be related to my current issue.

    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1030
    Date: 8/11/2006
    Time: 12:07:59 PM
    User: MYDOMAIN\administrator
    Computer: SERVER
    Description:
    Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



    I have changed the name of machines in all the errors.


    I have Only 1 DC.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  10. #10
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    Spyrus

    The Remote desktop connection is with the internal server, its a database server and i nomrally logged into with from the main server.

    Coming back to the main server, i am logged into the server locally and when i try to change the Group policy container i get the message which i have attached.


    The DNS is working fine, its running perfectly alright.

    I have just notice when more thing here when i Open Group Policy Management Tool there is blue icon with ! mark against the my Domain.

    One more thing when I run Group Policy Result on the server machine with the same user In GPO (Group Policy Object) applied GPO shows nothing while denied GPO's Shows 2 one is default and reason for denied is EMPTY and simliarly the NEW GROUP POLICY OBJECT is also Denied for the same reason.

    Any comments on it ?
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides