none
Corrupt registry.pol in Default Domain Policy

    Question

  • Hello,

    We are currently experiencing some issues with our Windows Server 2008 R2 DC.  For weeks we've been seeing the following message on the settings tab of the Group Policy Management console for the Default Domain Policy under COMPUTER CONFIGURATION > ADMINISTRATIVE TEMPLATES:

    An error has occurred while collecting data for Administrative Templates.

    The following errors were encountered:
    The file "\\DC01.corp.<MyDomain>.com\sysvol\corp.<MyDomain>.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol" is not in a valid format. The file might be corrupt. Use Group Policy Object Editor to reconfigure the settings in this extension.


    Despite running DCGPOFIX /target:Domain, this error does not go away.  Any advice on how we can repair/replace the registry.pol file?

    Many Thanks!

    Grant

    Friday, March 05, 2010 6:58 PM

Answers

All replies

  • Would it be safe to copy the registry.pol from another machine?

    That policy was essentially untouched and had the out-of-the-box settings.
    Thursday, March 11, 2010 9:24 PM
  • Hi

    May be the reason of this corruption is the your antivirus you should exclude this path from virus scanning, please exclude it and then try to use DCGPOFIX again , don’t copy the registry.pol from another machine, please refer to the below articles to exclude this file from scanning and another one providing hot  fix   

     

    http://support.microsoft.com/kb/822158

    http://geeks.ms/blogs/havendano/archive/2008/05/29/exclusiones-de-antivirus-para-la-plataforma-windows-august-13-2007.aspx

    http://support.microsoft.com/kb/814751  (hot fix for windows 2000)

    http://technet.microsoft.com/en-us/library/cc736972(WS.10).aspx

    Sunday, March 14, 2010 10:24 AM
  • Hello,

    this seems to be a known error:
    http://social.technet.microsoft.com/Forums/en/windowsserver2008r2general/thread/8b6312ae-5d73-41e4-b0a9-f1e08cfa4ad9

    Make sure the GPO settings are applied with rsop.msc and that you still can edit them when the GPO is opened.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Sunday, March 14, 2010 5:07 PM
  • Please try out this KB with hotfix to resolve the above mentioned problem.

    http://support.microsoft.com/kb/2028605

    Monday, November 08, 2010 6:12 AM
  • Make sure you have not enabled the Certificate Services Client - Certificate Enrollment Policy on the default domain GPO under Public key Policies. 

    I can confirm this will cause the above problem without fail. 

    Try it yourself. Turn it off if you enabled it. Refresh the policy view. Everything is back. 

    Turn it on and the registry.pol error comes back straight away! 

    You need to turn it off on both the Computer and user configuration. 

     

    Sort it out Microsoft this is a ridiculous bug. Added to which there are hundreds or forum entries about this on the web and all of them point to the wrong fix and AV settings and restoring the default policy settings etc. 

     

    If this works for you please reply here so we can get this cleared up. 

     

    Rob

    • Proposed as answer by Scorpio_1357 Tuesday, March 08, 2011 6:43 AM
    Thursday, January 20, 2011 2:54 PM
  • Hi All,

     

    By disabling the Certificate Services Client - Certificate Enrollment Policy on the default domain GPO under Public key Policies. 

    This works no need to restore or fix the GP

     

    Regards

    Niraj Mehta


    Regards Niraj Mehta
    Tuesday, March 08, 2011 6:44 AM
  • I confirmed Rob Delany's solution. It worked for me. Thanks.

    • Proposed as answer by commike Tuesday, June 21, 2011 1:48 PM
    • Unproposed as answer by commike Tuesday, June 21, 2011 1:48 PM
    Tuesday, June 21, 2011 1:47 PM
  • Rob Delany's solution worked for me too. Thanks

    Wednesday, September 14, 2011 7:45 PM
  • Sort it out Microsoft this is a ridiculous bug.

    Rob

    There is now a hotfix:

    http://support.microsoft.com/kb/2028605

    "You receive a "registry.pol" corruption error in Windows Server 2008 R2 and in Windows 7 if you enable the "Certificate Services Client – Certificate Enrollment Policy" policy"

    Thursday, February 23, 2012 8:55 AM
  • I have this error as well, however when I go to click the "edit" for Default domain policy I get a permissions error. I am the domain admin and have checked all permissions on the policy under Sysvol and everything is OK, all allow, no Deny. I can change/edit other policies just fine.

    This started happening after I changed the Default Domain Policy to include some PKI certificates and I see that has something to do with the registry.pol error so I can only assume it is causing my permissions problem as well? Nothing else has changed since it was working last.

    Any advice on how to implement this hotfix if I cannot "edit" the domain policy under GPMC? (I have also tried to backup the policy and restore it with no luck). Maybe change the key in registry for the Certificate Services Client???

    Thank You

    Monday, March 11, 2013 2:15 PM
  • Rob Delany, you are the man! Fixed my problem.

    And here is the kicker. I went back in, and enabled the Certificate Enrollment Policy again, and the problem did NOT reoccur, so now I have all settings as before, and a working Admin template view.

    Thanks

    Daniel

    Monday, April 01, 2013 2:12 PM