-
August 10th, 2006, 07:09 AM
#1
Windows 2003 Group Policy Issue
Hi gals/ guys
Yet again i seek your advice and help in an issue i am facing form last few days, the Group Policy of my windows 2003 machine got corrupted or dunno what happen to it. Not a single user of the domain could logged into the machine, even can't accesss the shared folder.
Even when I try to join a system on Domain i get the same message (attached screenshot). When i try to delete the group policy i get the same message, even can't modify it. Although i am logged into the system with Administrator ID and i am administrator of the system.
One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!
-
August 10th, 2006, 11:38 AM
#2
how is dns working? i'm assuming that you are using a domain admin account to log on, correct?
check the event logs as well and head over to eventid.net it's a very helpful site.
-
August 10th, 2006, 11:56 AM
#3
Is the machine a server or a workstation?
On a server "regular" non-admin useraccounts cannot logon (locally) by default.
Is the time set correctly?
Oliver's Law:
Experience is something you don't get until just after you need it.
-
August 10th, 2006, 12:35 PM
#4
Sir Dice
Machine is a server and i am logged into the machine with Domain Admin account. Time set correctly ?
One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!
-
August 10th, 2006, 01:20 PM
#5
I think you have to be a server admin to adjust the group policy on a server....
Yes check the time on the workstations ....and server
Make sure they are all the same...and in the same timezone
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
August 10th, 2006, 04:46 PM
#6
Are you logged into the server or are you attempting to do this through the MMC tools? From the looks of the image you are using the AD MMC from your local machine to make the changes?
I see you have a window opened with RDP to a server. Does any of this work when logged into the DC?
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click
here
-
August 10th, 2006, 07:32 PM
#7
FanaCool,
Having some Event ID's would really help us all out. Check your Event Viewer (as mentioned before) and post any errors that relate to the problem you are experiencing (or that you think relate to the problem). I have found many times that using Event Viewer really helps in isolating the problem, rather than driving yourself nuts trying every solution until one works.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
August 11th, 2006, 10:46 AM
#8
Fana,
I forget if you have one or two DC in your AD. If you haven't already tried log locally to the DC as has been suggested with the domain admin account. If you have two DC's try on thte two if it works on one and not on the other check to see if the replication is working ok. Also ,I don't have a server where i am now so can't give you exact instructions, check that you still have the right to modify the groups policys. Had a case once where a tech changed the policy for the domain thinking if was only for his DC.
Verify your event logs and check the error codes, if any, on the technet site if you haven't already.
Let us know if you get it worked out.
Cheers
Muracu
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
August 11th, 2006, 10:49 AM
#9
There is a W32Time error i am getting on the machine:
Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 12
Date: 8/10/2006
Time: 6:48:00 PM
User: N/A
Computer: Server
Description:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
Another Error i see is this : -
Event Type: Error
Event Source: MRxSmb
Event Category: None
Event ID: 8003
Date: 8/10/2006
Time: 6:42:07 PM
User: N/A
Computer: SERVER
Description:
The master browser has received a server announcement from the computer COMPUTER1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F8FB0E1A-7C4B-4401-A3. The master browser is stopping or an election is being forced.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 03 00 4e 00 ......N.
0008: 00 00 00 00 43 1f 00 c0 ....C..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
3)
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5513
Date: 8/10/2006
Time: 6:37:02 PM
User: N/A
Computer: SERVER
Description:
The computer COMPUTER2 tried to connect to the server \\SERVEER using the trust relationship established by the MYDOMAIN domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
4) This issue is there from day one
Event Type: Warning
Event Source: DhcpServer
Event Category: None
Event ID: 1056
Date: 8/10/2006
Time: 6:32:54 PM
User: N/A
Computer: SERVER
Description:
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....
5) This is what looks like what would be related to my current issue.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 8/11/2006
Time: 12:07:59 PM
User: MYDOMAIN\administrator
Computer: SERVER
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I have changed the name of machines in all the errors.
I have Only 1 DC.
One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!
-
August 11th, 2006, 11:08 AM
#10
Spyrus
The Remote desktop connection is with the internal server, its a database server and i nomrally logged into with from the main server.
Coming back to the main server, i am logged into the server locally and when i try to change the Group policy container i get the message which i have attached.
The DNS is working fine, its running perfectly alright.
I have just notice when more thing here when i Open Group Policy Management Tool there is blue icon with ! mark against the my Domain.
One more thing when I run Group Policy Result on the server machine with the same user In GPO (Group Policy Object) applied GPO shows nothing while denied GPO's Shows 2 one is default and reason for denied is EMPTY and simliarly the NEW GROUP POLICY OBJECT is also Denied for the same reason.
Any comments on it ?
One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|