hons Posted October 4, 2007 Share Posted October 4, 2007 I have a 2003 Network with several DCs.Few days before when I try to open the GPO Edit (GPMC), it comes out error message Is there anybody can help me resolve this problem??Thanks. Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted October 4, 2007 Share Posted October 4, 2007 Check your Event Logs for any error messages related to replication and/or group policies. Link to comment Share on other sites More sharing options...
hons Posted October 5, 2007 Author Share Posted October 5, 2007 I did try to look for the problem from event log but it didn't say anything about that. I used the "gpotool" and it says "error found" but didn't have detail.The problem happened since I de-promo a DC and promo again. After I finish the dcpromo, I found the gpmc comes out the error. I check on the gpmc that it only have the "Default Domain policy" and "Default Domain Controller Policy" all other gpos are lost. I tried to add again, after I added a policy when I want to edit, it comes out the above message. Is there any way I can cleanup the old policies and re-create new one?? Or any utilities can re-pair the GPO system??? It seems like I screwed up the Active Directory!!!Thanks. Link to comment Share on other sites More sharing options...
adamt Posted October 5, 2007 Share Posted October 5, 2007 Are you a member of the Domain Admins group?Do you have permissions on the various GPT.INI files in the SYSVOL shares?What GPOs does RSOP.MSC show when you're logged in?Make sure you're checking the logs on the DC that's authenticating you, which isn't necessarily the one you're logged in to. Link to comment Share on other sites More sharing options...
hons Posted October 5, 2007 Author Share Posted October 5, 2007 (edited) I found an error from another DC which incharge the logon process :""Windows cannot access the file gpt.ini for GPO cn={31B2F340-016D-11D2-945F-00C04FB984F9},cn=policies,cn=system,DC=aaaa,DC=bbbb,DC=xxx. The file must be present at the location <\\server1.aaaa.bbbb.xxx\sysvol\aaaa.bbbb.xxx\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (There is a time and/or date difference between the client and server. ). Group Policy processing aborted.""It doesn't look likke is related. Actually I'm trying to fix another problem on the time sync because we have a "Intranet" that have NO external connection to the external time server. I want to setup one of the DC as time source and all other DCs and PCs get time from it but still not success.I am using "Administrator" login and when I check the GPT.ini, I have full control of the files.When run RSOP.msc, it comes out "Administrator in server2-RSOP but didn't show any GPOs.Any clue??? Edited October 5, 2007 by hons Link to comment Share on other sites More sharing options...
adamt Posted October 5, 2007 Share Posted October 5, 2007 Fix the time problem first, as this can cause problems with GPOs (and many other things in AD).On the affected servers and workstations, login as admin and run:net time /set /yin the command promptAlso - what permissions do non-admin users have to those folders with GPTs in them? Link to comment Share on other sites More sharing options...
hons Posted October 5, 2007 Author Share Posted October 5, 2007 Thanks for the reply.I run the command.The right for the GPT.ini is users can read and exectue, Admin with full control.Thanks again for all your help. Link to comment Share on other sites More sharing options...
adamt Posted October 6, 2007 Share Posted October 6, 2007 After synching the time, did it solve the problem? Link to comment Share on other sites More sharing options...
hons Posted October 7, 2007 Author Share Posted October 7, 2007 NO!! Problem still there!!It seems when I try to create new GPO the problem occure. I tried to open the "Default Domain Policy" it didn't give error. I tried to backup the policy and let the new policy import the setting from the backup but not work.Any ideas???? Link to comment Share on other sites More sharing options...
hons Posted October 11, 2007 Author Share Posted October 11, 2007 Anybody can Help???? Link to comment Share on other sites More sharing options...
cluberti Posted October 11, 2007 Share Posted October 11, 2007 What rights does your user account have (do you have schema admin rights in the domain?), and what permissions does your account have against the sysvol folder and subfolders on the DC? Link to comment Share on other sites More sharing options...
hons Posted October 13, 2007 Author Share Posted October 13, 2007 These are the information from the DC, hope it helps.I'm using "Administrator" to login so it suppose have all the rights needed. Also, I can edit the Default GPO and before the problem started, I can create new GPOs.Thanks again for the help. Link to comment Share on other sites More sharing options...
touchstone_81 Posted October 13, 2007 Share Posted October 13, 2007 well had the same problem some time back and back then what i did was to take the simpleton route and restart the DC voila it was working. well things may be different in your case bu hey just a thought. Link to comment Share on other sites More sharing options...
adamt Posted October 13, 2007 Share Posted October 13, 2007 These are the information from the DC, hope it helps.I'm using "Administrator" to login so it suppose have all the rights needed. Also, I can edit the Default GPO and before the problem started, I can create new GPOs.Have you tried running "dcdiag /v" on the domain controller and "netdiag /v" on an affected workstation? What do they tell you?Might be easier to restore a copy of SYSVOL from before the problem started and then find the GPOs by their GUIDs and perhaps see what's different about them now. Link to comment Share on other sites More sharing options...
hons Posted October 17, 2007 Author Share Posted October 17, 2007 I ran "DCDIAG /V" in a DC and found no error.I tried to run the "Netdiag /v" but couldn't find the file in the workstation.I did try to restore the sysvol from tape but after it restored, the GPMC still couldn't see the GPOs.Any idea?????????? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now