Re: GPO Error on Default Domain Policy

Interesting I have never seen that before on a dcdiag. I did a Google search
and came up with the discussion below which may be helpful as someone else
that got the same results. --- Steve

http://www.tek-tips.com/viewthread.cfm?qid=1080824&page=7
http://support.microsoft.com/?id=898060

"gl1ch" <gl1ch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9A5C6B80-8727-4A18-A071-41BDC6391AD1@xxxxxxxxxxxxxxxx
> dcdiag gives me:
>
> Performing initial setup:
> [am-dc0] Directory Binding Error -2146892976:
> The system detected a possible attempt to compromise security. Please
> ensure
> that you can contact the server that authenticated you.
> This may limit some of the tests that can be performed.
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\AM-DC0
> Starting test: Connectivity
> [AM-DC0] DsBindWithSpnEx() failed with error -2146892976,
> The system detected a possible attempt to compromise security.
> Please
> ensure that you can contact the server that authenticated you..
> ......................... AM-DC0 failed test Connectivity
>
> With an event log error of:
>
> The Security System detected an authentication error for the server
> LDAP/2ad178a8-16dd-4abb-ad95-73b47224743d._msdcs.amthinking.net. The
> failure
> code from authentication protocol Kerberos was "The handle specified is
> invalid
> (0x80090301)".
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
>
> "Steven L Umbach" wrote:
>
>> See the link below from www.eventid.net which may help as it shows how
>> other
>> users have corrected the problem on their network.
>>
>> http://www.eventid.net/display.asp?eventid=1058&eventno=1752&source=Userenv&phase=1
>>
>> From a domain computer see if you can access the sysvol [it should show
>> in
>> My Network Places or you can use UNC as in \\dcname\sysvol ] and drill
>> down
>> to and find and read that gpt.ini file even logged on as a regular user
>> or
>> not. I would also run the support tool netiag on the domain computer that
>> is
>> showing the error and netdiag, dcdiag, and gpotool on the domain
>> controller
>> looking for any pertinent error or warnings and check it's logs via Event
>> Viewer. See if you can open and configure that Group Policy as an
>> administrator. --- Steve
>>
>> "gl1ch" <gl1ch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:AE1B6AF7-AEDE-4A4E-A62B-09C9C1C37163@xxxxxxxxxxxxxxxx
>> >I am getting an error with the Default Domain Policy in my domain. First
>> >of
>> > all, I am in the middle of a 2003 transition, so I have one 2003 server
>> > operating, AD is upgraded and my 2000 domain controllers have not been
>> > taken
>> > offline yet.
>> >
>> > I am getting the following error :
>> >
>> > Event Log Message from AM-DC0 at 2:49:19 PM
>> > Error Event 1058 in the Application log
>> > From Userenv (User NT AUTHORITY\SYSTEM)
>> > ------------------------------
>> > Windows cannot access the file gpt.ini for GPO
>> > CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=amthinking,DC=net.
>> > The file must be present at the location <
>> > \\amthinking.net\sysvol\amthinking.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
>> > (Access is denied. ). Group Policy processing aborted.
>> >
>> > So far I have checked the security settings for the default domain
>> > policy
>> > and it looks fine. Any other suggestions?
>>
>>
>>


.

Relevant Pages

  • Re: Handheld device remote networking issues into RAS
    ... I set "Store password using reverisble encryption for all users in the ... This is off by default in server 2003. ... >> The user domain\user failed an authentication attempt due to the ... >> password policy or the password settings on the user account. ...
    (microsoft.public.windows.server.networking)
  • Re: DCDiag errors with new exe, none with old
    ... DNS would be up. ... I resolved that by finding a reliable time server and configuring w32time. ... The events I see seem to occur only AFTER I have run DCDiag. ... Authentication test: Successfully completed ...
    (microsoft.public.windows.server.active_directory)
  • Re: File Share Security
    ... If it is a W2K or Windows 2003 domain and all the computers that need access ... to the server are W2K/XP Pro you can use ... authentication though you can use certificates. ... secure server/require policy to the server being sure to exempt the domain ...
    (microsoft.public.win2000.security)
  • Re: GPO Error on Default Domain Policy
    ... The system detected a possible attempt to compromise security. ... ensure that you can contact the server that authenticated you.. ... The Security System detected an authentication error for the server ... > showing the error and netdiag, dcdiag, and gpotool on the domain controller ...
    (microsoft.public.win2000.security)
  • IAS authentication protocols with VPN and Wi-Fi
    ... We have a W2K IAS/Radius server with a authentication policy for VPN ... Users in the domain must be in the VPN Users group to be able ...
    (microsoft.public.internet.radius)
Quantcast