Question

Locked

Win2k3 domain controller intermittent GPO access problem

By ysdiong ·
We have a server running Windows 2003 R2 Enterprise Edition SP2 as domain controller. The server also runs Exchange 2003. The server is the only domain controller and email server on our network (it has both public and private IPs).

Recently, the server is getting intermittent problem when trying to access its own GPO, more specifically its own SYSVOL share while client machines are able to access the DC's SYSVOL. Everything else seems to be working fine. Below are the errors loged in Application log:

Source: Userenv
Category: None
Type: Error
Event I 1030
User: NT AUTHORITY\SYSTEM
Computer: DOMAIN-CONTROLLER
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

Source: Userenv
Category: None
Type: Error
Event I 1058
User: NT AUTHORITY\SYSTEM
Computer: DOMAIN-CONTROLLER
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=xx,DC=yy,DC=com. The file must be present at the location <\\xx.yy.com\sysvol\xx.yy.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.

Our Application log is full these 2 error logs.

When the problem occurs and we are unable to access the group policy objects and if we try to browse the SYSVOL folder from the administrator's login on the domain controller itself:
\\xx.yy.com\SYSVOL\ ==> can list \\xx.yy.com\ and see that SYSVOL is there but cannot browse to \\xx.yy.com\SYSVOL\
\\domain-controller.xx.yy.com\ ==> same as above
\\domain-controller\SYSVOL\ ==> ok
\\private-ip-address-of-domain-controller\sysvol\ ==> ok
While the problem occurs, client workstations can still browse the SYSVOL on the domain controller using any of the above share names and access group policies.

We are puzzled by this problem for quite a while already and are unable to find the root of the problem. Any help is much appreciated.

Thank you.

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Back to Networks Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums