Windows 2003 Group Policy Issue - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 28

Thread: Windows 2003 Group Policy Issue

  1. #11
    I'd still double-check on DNS. I know that it sounds funny, but you'd be surprised at how many wieird things crop up with DNS problems. It only takes a couple of minutes to check too.

    First things first. Make sure that your DC is set to the correct DNS server (I'm assuming that it's going to be the localhost here). Also, after starting the DNS console, right click on the server, go to the logging tab (I think it's the logging tab) and run both simple and recursive queries. If they test OK, you should be good to go.

    One of your netlogon errors seems to indicate that you rebuilt the domain at some point. Is this correct?

  2. #12
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    infernon

    As I said earlier the DNS is fine as i have tested both simple and recursive queries both are perfectly alright.

    Re-built nops, its in original shape from the day i have installed the OS in it and was running fine from quite a long time.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  3. #13
    Interesting...

    Heh, I'm buggered. Without looking at the machine, it's difficult to troubleshoot.

    If you use the GPO management tool (the new one for Win2k3), it makes it easier to determine the permissions in effect on a certain policy as well as exactly who they apply to. Are you able to find out what the two denials are set for and at what level they apply? Determining how to do this would be the first thing that I did.

    Of course, I'm assuming that you've logged on with a domain admin logon and that you're the only domain admin. It isn't possible that someone made a change without your knowledge, is it?

  4. #14
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    Yes i am the only Domain admin and no other domain user could change these settings, and yes i have installed that new Group Policy Mangement tool for windows 2003 and i am looking through it. What i need to know is that why that Blue icon with ! sign is with my Domain seems something missing.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  5. #15
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    Since this appears important to solve quickly, I will point out what I noticed.

    ( be forewarned, I know dick about a DC )

    refering to COMPUTER2
    However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.
    ( emphasis added )

    not getting proper credentials after domain was reconfigured?

    The master browser has received a server announcement from the computer COMPUTER1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F8FB0E1A-7C4B-4401-A3. The master browser is stopping or an election is being forced.
    what is COMPUTER1 ?

    Do you routinely see this or is this something new?

    Is this a new machine or has it been recently reconfigured?

    As I understand it, errors such as this could be caused by XPpro machines not properly configured to mind their own business ( routine ), or by improper subnet masks on a machine, or something else.

    What happens when COMPUTER1 is taken off-line?

    When was the last time updates were applied ( relative to this problem )?

    Also, you had questioned the mention of time. From what I understand, if the times on the machines do not correlate closely when a DC is involved, rejection is the result.

    Did searching through logs of clients reveal anything?

    Sorry FanacooL, this is a stab in the dark for me. Hopefully, I a least sparked a thought for a solution.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  6. #16
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    Computer 1: -

    Well i haven't noticed this before, after seeing your question i went back to check the log and within this week its coming contineously.

    If you are talking about computer 1 nopes its not a new machine and its not been re-configured.

    I have updated the server 2 days ago and even today and couldnot find any hotfix or update so far missing the server is uptodate.

    Now that you have mentioned let me checkout COMPUTER 1 and see if i can find something over there.

    But the issues is not at a particular user end its like my Domain is there but new users or computers can't join in.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  7. #17
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    OK Fanacool. Let's start sorting this mess out. I'll go by each Event ID and see what I can figure out here.

    Event ID 12 (W32 Time) - This error is basically saying your PDC Emulator is setup to look for a time source from a computer that's higher than it, in your domain. If you don't care that this computer (your DC) is your time source for your domain, then no worries. Otherwise, you'll need to configure this computer to retrieve time from an external NTP server. Either way, it's your choice.

    Event ID 8003 (MRxsmB) - This event ID has eluded me as to its cause more than once. Check your subnest mask on the computer generating this error and make sure that it is correct in relation to your network configurations. Outside of that, it could be a couple other things. Let me know. You may also want to try and disable the Computer Browser service. As I recall, the PDC Emulator is usually the Computer Browser and clients connected should not have the service enabled? It's been awhile so anyone correct me if I am wrong.

    Event ID 5513 (Netlogon) - This error message could be attributed to the computer account information not matching the information on the authenticating domain controller. You may need to reset the account via Active Directory. You should be able to do this by right-clicking on the computer that is generating the error and select "reset account". Also, are you attemtping to join Windows XP SP2 machines? Make sure the firewall is turned off on the XP machine and rejoin it to the domain. Here is Microsoft's Solution to this error.

    Event ID 1056 (DHCP) - As I am not familiar with this error, I can only direct you elsewhere. Here is Microsoft's Solution to this issue.

    Event ID 1030 (Userenv) - I have had this error a few times and used Microsoft's Solution to fix it. In my case, it was the DFS client causing the error.

    Let's start here and see where we go.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  8. #18
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    742
    Also... you shouldnt have to do it but have you tried deleting that GPO as the Enterprise Admin? Or do you not have the level of access? Being the ultimate account this would be a good place to start.
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  9. #19
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    ShagDevil

    I was a little sick and couldn't check the things...... I did follow few things on saturday here's the updates.

    Event ID 12 (W32 Time) Did not bother to look into it as its not an alarming thing.

    Event ID 8003 (MRxsmB) Network Configuration on the system is fine, regarding the computer browser service I am not clear about that I haven't been told by anyone that this should be disable on the Client end.

    Event ID 5513 (Netlogon) I am quite aware of this issue, I need to re-join the client on the Domain but since i am having issues with AD group policy so i can't join anyone on the Domain and gets the same message i get when i try to open the group policy object.

    Event ID 1030 (Userenv) Should I be applying this on Client as nothing happen after applying on the server.

    Spyrus

    I have already tried to delete the GPO but i get a message "SERVER IS UNWILLING TO PROCESS THE REQUEST"
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  10. #20
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    I have came across a very good document relating to this isseue and upon working on the steps i have managed to open the group policy Object but still users are not able to re-join the domain and get access to the server share.

    Also if I try to change the GP Object or any other setting in the GPO i get the attached error message.
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •