Re: Error message when opening a Domain Group Policy Object

From: Jane (anonymous_at_discussions.microsoft.com)
Date: 04/07/04

  • Next message: Yaketyak: "Re: Audit Log Tools" 
    Date: Tue, 6 Apr 2004 15:06:09 -0700

    Thanks, Steve.

    I will try.

    >-----Original Message-----
    >http://eventid.net is a good place to look up info on
    Event ID's as is
    >Microsoft. See the link below for what Eventid.net
    reported on 5774 as it
    >relates to dns and 1002 lists a lot of possibilities
    based on the source
    >reported. The dns problem could be causing the problem
    opening Group policy.
    >The next thing I would do is to run netdiag and dcdiag on
    the domain
    >controller looking for failed tests and warnings/errors.
    First I would check
    >that dns is configured correctly on the domain
    controllers in that they must
    >point to themselves or another domain controller in the
    domain running AD
    >dns zone. If they are, sometimes running netdiag /fix
    followed by restarting
    >the netlogon service can help. -- Steve
    >
    >http://support.microsoft.com/default.aspx?scid=kb;en-
    us;219289 --- description
    >of netdiag /fix
    >http://www.eventid.net/display.asp?eventid=5774&source=
    >http://www.eventid.net/display.asp?eventid=1002&source=
    >
    >"Jane" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:1300f01c418ea$69c3f3c0$a001280a@phx.gbl...
    >> Thanks,
    >>
    >> There is Netlogon Error in system log. EventID:5774
    >>
    >> "Registration of the DNS record '9f145c13-a4bd-42ce-
    8a7e-
    >> 5204954416f3._msdcs.xyz.com. 600 IN CNAME abc.xyz.com.'
    >> failed with the following error:
    >> DNS operation refused. "
    >>
    >> There is another error in application log. EventID:1002
    >>
    >> "Default group policy object cannot be created. Error
    >> 80070035 to open GPO Domain EFS Recovery Policy in
    domain
    >> LDAP://DC=xyz,DC=com. "
    >>
    >> What should I do? Thanks again.
    >>
    >> >-----Original Message-----
    >> >Those settings also need to be correct on the domain
    >> controller itself.. I
    >> >would check the Event Viewer for the domain controllers
    >> to see if they are
    >> >reporting any pertinent errors [relating to sysvol or
    >> such] and try to ping
    >> >the domain controller first by IP address and then by
    >> name to establish
    >> >basic network connectivity or not. Also run netdiag on
    >> the computer you are
    >> >trying this from and maybe on the domain controller in
    >> addition to dcdiag on
    >> >the domain controller lookin for any failed tests.
    These
    >> tools are located
    >> >on the install cd under support/tools where you will
    need
    >> to run setup. I
    >> >suppose you could have a problem with dns configuration
    >> which can lead to a
    >> >lot of problems in an AD domain. Netdiag and dcdiag may
    >> show that. ---
    >> >Steve
    >> >
    >> >"Jane" <anonymous@discussions.microsoft.com> wrote in
    >> message
    >> >news:16ed201c41815$1ccaf760$a301280a@phx.gbl...
    >> >> Hi,
    >> >>
    >> >> I got error message as:
    >> >>
    >> >> The domain controller for Group Policy operations is
    not
    >> >> available. You may cancel this operation for this
    >> session
    >> >> or retry using one of the following domain controller
    >> >> choices:
    >> >> The one with the Operations Master token for the PDC
    >> >> emulator
    >> >>
    >> >> The one used by the Active Directory Snap-ins
    >> >>
    >> >> Use any available domain controller
    >> >>
    >> >>
    >> >> When I choose any of these options, I got the
    following
    >> >> error message:
    >> >>
    >> >> Failed to find a domain controller. There may be a
    >> policy
    >> >> that prevents you from selecting another domain
    >> >> controller.
    >> >>
    >> >>
    >> >> Details: The network path was not found.
    >> >>
    >> >> Seems like http://support.microsoft.com/default.aspx?
    >> >> scid=kb;en-us;257435
    >> >>
    >> >> But I have checked two possible reasons:
    >> >> 1.File and Printer Sharing for Microsoft Networks is
    not
    >> >> enabled on the domain controller.
    >> >> 2.The TCP/IP NetBIOS Helper service is disabled.
    >> >>
    >> >> They are all correct setting on server.
    >> >>
    >> >> Thanks.
    >> >>
    >> >
    >> >
    >> >.
    >> >
    >
    >
    >.
    >

  • Next message: Yaketyak: "Re: Audit Log Tools"

    Relevant Pages

    • Re: Windows 2000 users accounts get locked out
      ... Yes i did a netdiag and seems ok but dcdiag generated some ... valid only on Windows 2000 DNS servers. ... Account Name: "valid user id" Target Account ID: % ... >in Domain Controller Security Policy. ...
      (microsoft.public.win2000.security)
    • Re: Path Rules - Enabled Paths sometime are restricted
      ... machine I ran netdiag and dcdiag. ... all DC were as expected and DNS records were good. ... the proper policy was applied and came from our ... domain controler named SKIP. ...
      (microsoft.public.windows.group_policy)
    • Re: gp error
      ... netdiag, gpotool, and dcdiag look good. ... that is not receiving the Group Policy are any errors found? ... > PASS - All the DNS entries for DC are registered on DNS server ...
      (microsoft.public.windows.group_policy)
    • Re: Net logon error event id:3096
      ... Your new DC's DNS is pointing to which DC? ... Controller for this Domain. ... 1)Error in System Event with event id 3096, ... open Group Policy Object,you dont have permission to open, even the id ...
      (microsoft.public.win2000.active_directory)
    • DCDiag errors - How to fix?
      ... On another NG I got some great advice on cleaning up DNS ... issues to fix this and it seems to be working. ... cache and ran Netdiag /fix. ... The controller points to itself as the primary DNS controller and all ...
      (microsoft.public.win2000.dns)