It was not successful. It prompted me for a username and password. S
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Hines Sent: Wednesday, March 31, 2004 11:11 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Unable to modify GPO Policy Did you try connecting to the share by UNC path fom theDC and from your workstation? Was that test successful? -- Tim Hines, MCSE, MCSA Windows 2000 Directory Services ===================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ===================================================== This posting is provided "AS IS" with no warranties, and confers no rights. ----- Original Message ----- From: "Steve Shaff" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 31, 2004 12:39 PM Subject: RE: [ActiveDir] Unable to modify GPO Policy Okay, here is everything that I have tried, applied and modified. I have a few problems on a DC on a sub-domain. If I open the mmc on either my desktop or on the sub-domain's DC, it gives me an access is denied. But, If I open up an mmc console on the parents DC, I have no problem. I am getting the following errors in the event log and the domain policy is not being applied. Event Type: Error Event Source: Userenv Event Category: None Event ID: 1058 Date: 3/30/2004 Time: 2:58:21 PM User: NT AUTHORITY\SYSTEM Computer: PQA-DC Description: Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=pqa,D C=corillian,DC=com. The file must be present at the location <\\pqa.corillian.com\sysvol\pqa.corillian.com\Policies\{31B2F340-016D-11 D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Error Event Source: Userenv Event Category: None Event ID: 1030 Date: 3/31/2004 Time: 9:00:32 AM User: NT AUTHORITY\SYSTEM Computer: PQA-DC Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. According to the KB article 830676 - I needed to run the Dfsutil /PurgeMupCache command; which I have done, with no effect on the domain policy issue. http://support.microsoft.com/default.aspx?scid=kb;en-us;830676 I also have been receiving this error from time to time. Event Type: Error Event Source: SclgNtfy Event Category: None Event ID: 1002 Date: 3/30/2004 Time: 3:38:43 PM User: N/A Computer: PQA-DC Description: Default group policy object cannot be created. Error 80070005 to open GPO Domain EFS Recovery Policy in domain LDAP://DC=pqa,DC=corillian,DC=com. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. I have run the gpotool.exe to verify that the policies are "ok" and I get the following error: C:\Documents and Settings\SShaff\Desktop\resource kit>gpotool /domain:pqa Validating DCs... Error: DC list is empty I am getting this error on all sub-domain policies. But, If I run the gpotool without the /domain switch I get the below message, which seems to be normal. C:\Documents and Settings\SShaff>gpotool Validating DCs... Available DCs: cwc.corillian.com cori-dc1.corillian.com cori-dc2.corillian.com Searching for policies... Found 8 policies I have checked the security permissions, they appear to be correct (EA - Full Control). But, if permissions where the problem, then I would not be able to manage the domain from the Parent DC. It just does not work from my desk nor logging into the child DC. Could there be a communication problem, operations master, etc.??... I guessing here.. Other steps that I have tried: 1. Create a new domain policy that was blank, removed the current domain policy, ran gpupdate /force. Getting same error. 2. add pdx\domain admins with full control to the sysvol folder 3. add pdx\domain admins with full control to the domain policy folder under the sysvol 4. Verified that the gpt.ini was present and I was able to open it. 5. Verified that the sysvol folder was shared. Added pdx\domain users with read permissions A colleague that I questioned about this problem and suggested I use the admt tool. But, I am Leary about using the admt tool, since this deals with migration. Thanks, S List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
