Corrupt registry.pol in Default Domain Policy

Ask a question

Friday, March 05, 2010 6:58 PM

0

Hello,

We are currently experiencing some issues with our Windows Server 2008 R2 DC. For weeks we've been seeing the following message on the settings tab of the Group Policy Management console for the Default Domain Policy under COMPUTER CONFIGURATION > ADMINISTRATIVE TEMPLATES:

An error has occurred while collecting data for Administrative Templates.

The following errors were encountered:
The file "\\DC01.corp.<MyDomain>.com\sysvol\corp.<MyDomain>.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol" is not in a valid format. The file might be corrupt. Use Group Policy Object Editor to reconfigure the settings in this extension.

Despite running DCGPOFIX /target:Domain, this error does not go away. Any advice on how we can repair/replace the registry.pol file?

Many Thanks!

Grant
- Reply
- Quote

All Replies

Thursday, March 11, 2010 9:24 PM

0

Would it be safe to copy the registry.pol from another machine?

That policy was essentially untouched and had the out-of-the-box settings.
- Reply
- Quote
Sunday, March 14, 2010 10:24 AM

0
Hi

May be the reason of this corruption is the your antivirus you should exclude this path from virus scanning, please exclude it and then try to use DCGPOFIX again , don’t copy the registry.pol from another machine, please refer to the below articles to exclude this file from scanning and another one providing hot fix

http://support.microsoft.com/kb/822158

http://geeks.ms/blogs/havendano/archive/2008/05/29/exclusiones-de-antivirus-para-la-plataforma-windows-august-13-2007.aspx

http://support.microsoft.com/kb/814751 (hot fix for windows 2000)

http://technet.microsoft.com/en-us/library/cc736972(WS.10).aspx
- Marked As Answer by Tim QuanModerator Tuesday, March 23, 2010 9:26 AM
- Reply
- Quote
Sunday, March 14, 2010 5:07 PM

0
Hello,

this seems to be a known error:
http://social.technet.microsoft.com/Forums/en/windowsserver2008r2general/thread/8b6312ae-5d73-41e4-b0a9-f1e08cfa4ad9

Make sure the GPO settings are applied with rsop.msc and that you still can edit them when the GPO is opened.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
- Marked As Answer by Tim QuanModerator Tuesday, March 23, 2010 9:26 AM
- Reply
- Quote
Monday, November 08, 2010 6:12 AM

0

Please try out this KB with hotfix to resolve the above mentioned problem.

http://support.microsoft.com/kb/2028605
- Reply
- Quote
Thursday, January 20, 2011 2:54 PM

4
Make sure you have not enabled the Certificate Services Client - Certificate Enrollment Policy on the default domain GPO under Public key Policies.

I can confirm this will cause the above problem without fail.

Try it yourself. Turn it off if you enabled it. Refresh the policy view. Everything is back.

Turn it on and the registry.pol error comes back straight away!

You need to turn it off on both the Computer and user configuration.

Sort it out Microsoft this is a ridiculous bug. Added to which there are hundreds or forum entries about this on the web and all of them point to the wrong fix and AV settings and restoring the default policy settings etc.

If this works for you please reply here so we can get this cleared up.

Rob
- Proposed As Answer by Scorpio_1357 Tuesday, March 08, 2011 6:43 AM
- Reply
- Quote
Tuesday, March 08, 2011 6:44 AM

0

Hi All,

By disabling the Certificate Services Client - Certificate Enrollment Policy on the default domain GPO under Public key Policies.

This works no need to restore or fix the GP

Regards

Niraj Mehta
Regards Niraj Mehta
- Reply
- Quote
Tuesday, June 21, 2011 1:47 PM

0
I confirmed Rob Delany's solution. It worked for me. Thanks.
- Proposed As Answer by commike Tuesday, June 21, 2011 1:48 PM
- Unproposed As Answer by commike Tuesday, June 21, 2011 1:48 PM
- Reply
- Quote
Wednesday, September 14, 2011 7:45 PM

0

Rob Delany's solution worked for me too. Thanks
- Reply
- Quote
Thursday, February 23, 2012 8:55 AM

0

Sort it out Microsoft this is a ridiculous bug.

Rob

There is now a hotfix:

http://support.microsoft.com/kb/2028605

"You receive a "registry.pol" corruption error in Windows Server 2008 R2 and in Windows 7 if you enable the "Certificate Services Client – Certificate Enrollment Policy" policy"
- Reply
- Quote
Monday, March 11, 2013 2:15 PM

0

I have this error as well, however when I go to click the "edit" for Default domain policy I get a permissions error. I am the domain admin and have checked all permissions on the policy under Sysvol and everything is OK, all allow, no Deny. I can change/edit other policies just fine.

This started happening after I changed the Default Domain Policy to include some PKI certificates and I see that has something to do with the registry.pol error so I can only assume it is causing my permissions problem as well? Nothing else has changed since it was working last.

Any advice on how to implement this hotfix if I cannot "edit" the domain policy under GPMC? (I have also tried to backup the policy and restore it with no luck). Maybe change the key in registry for the Certificate Services Client???

Thank You
- Reply
- Quote
Monday, April 01, 2013 2:12 PM

0

Rob Delany, you are the man! Fixed my problem.

And here is the kicker. I went back in, and enabled the Certificate Enrollment Policy again, and the problem did NOT reoccur, so now I have all settings as before, and a working Admin template view.

Thanks

Daniel
- Reply
- Quote

Corrupt registry.pol in Default Domain Policy

All Replies

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support by product

Other support links

Not an IT pro?