locked
Cannot access \\domain\sysvol RRS feed

  • Question

  • environment: Windows 2008 R2 domain controllers, Windows 2008 R2 member server, Windows 2003 Forest Functional level:

    Issue: R2 member server cannot process group policy; generates 1058 errors that it cannot process \\domain\sysvol.....gpt.ini - the specified file cannot be found... Server cannot enumerate \\domain\sysvol but can enumerate \\dc fqdn\sysvol

    DNS A and PTR records are correct for domain controllers and member server; DNS settings on member server (static) are correct; DFS client is not disabled; SMB signing policies do not exist; AD traffic / ports are open between dcs and member server (on same backbone); server has been disjoined and rejoined to domain (fixed this once but has not since); Sysvol share/NTFS permissions are default; AD replication successful; Sysvol replication successful; GPO named in error 1058 is on each dc with matching timestamp; pings and nslookups of domain and dcs are successful; nltest /dclist:domain enumerates every dc in domain; set L shows member server authenticating against dc in site; other member servers in same site and network can enumerate \\domain\sysvol; version of Symantec AV newer than 11.4; server rebuilt without apps still has issues; server SPNs are same format as other servers in domain and have the same amount of entries; Windows Firewall is off.  

    At wits end with this; I've Googled 'til the end of the Internet and haven't found anything that made a difference (aside from the first disjoin and rejoin which resolved the issue but it's back again).

     

    Saturday, May 8, 2010 4:55 AM

Answers

  • Windows IP Configuration

       Host Name . . . . . . . . . . . . : REMOVED

       Primary Dns Suffix  . . . . . . . : us.saas
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : us.saas

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
       Physical Address. . . . . . . . . : 00-50-56-8B-5D-24
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.100.10.95(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.100.10.1
       DNS Servers . . . . . . . . . . . : REMOVED

       NetBIOS over Tcpip. . . . . . . . : Enabled

    Hostname and DNS servers removed; trust me when I say they're correct.

    • Proposed as answer by soliba Monday, May 10, 2010 11:13 AM
    • Marked as answer by Wilson Jia Monday, June 7, 2010 8:42 AM
    Monday, May 10, 2010 12:58 AM
  • Hi Bklyngy,

    Thanks for your reply.

    Based on your description, it seems the client is not able to access domain's Netbios name.

    Please verify that the TCP/IP NetBIOS Helper, Netlogon, and the Remote Procedure Call (RPC) services are started and set to Automatic.

    Regards,

    Wilson Jia


    This posting is provided "AS IS" with no warranties, and confers no rights. Please click "Mark as Answer" when you get the correct reply to your question.
    • Marked as answer by Wilson Jia Monday, June 7, 2010 8:42 AM
    Thursday, May 13, 2010 7:34 AM

All replies

  • Do you have proper DNS configuration on this server?  Can you ping the DC using NetBIOS and FQDN?

    Please paste IPCONFIG/ALL from the server and DC here..


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, May 10, 2010 12:38 AM
  • DNS is correctly configured on the server; statically assigned ip address and DNS server settings are correct.  Pings to dcs using netbios and fqdn work fine. Pings fom dc to server with netbios and fqdn work fine.  A and PTR recods are all as they should be.  Other servers on same subnet, domain, and OU configured exacty the same (less IP) work fine, which is how I know its not sysvol permissions, stale or missing dns records, firewall rules, group policy, etc. 
    Monday, May 10, 2010 12:47 AM
  • Windows IP Configuration

       Host Name . . . . . . . . . . . . : REMOVED

       Primary Dns Suffix  . . . . . . . : us.saas
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : us.saas

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
       Physical Address. . . . . . . . . : 00-50-56-8B-5D-24
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.100.10.95(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.100.10.1
       DNS Servers . . . . . . . . . . . : REMOVED

       NetBIOS over Tcpip. . . . . . . . : Enabled

    Hostname and DNS servers removed; trust me when I say they're correct.

    • Proposed as answer by soliba Monday, May 10, 2010 11:13 AM
    • Marked as answer by Wilson Jia Monday, June 7, 2010 8:42 AM
    Monday, May 10, 2010 12:58 AM
  • hi all,

    we have the same problem  in a different environment at the moment. Server 2003 domain controllers, 2003 member server an XP Client's without any policy problems. On the first Winsows Server 2008 Server, installed last week, we get the same errror 1058. There ist just an Server 2008 Installation with the Roles File Server, Print Server and the Feature Resource Manager for File Server. Service Pack 2 is installed. No Antivirus. Firewall is also off. Permissions on the sysvol directory and dns-function are ok.

    We also have the problem if we update the policy manually with gpupdate /force. There is only a problem with the computer-policy in our environment, not with the user-policy.

     

     

    Monday, May 10, 2010 11:33 AM
  • Hi Bklyngy,

     

    According to Event ID 1058, this issues occur if the computers that are on your network cannot connect to certain Group Policy objects. Specifically, these objects are in the Sysvol folders on your network's domain controllers.

     

    To resolve this issue, you may follow the KB 887303's steps to troubleshoot this issue.

    Userenv errors occur and events are logged after you apply Group Policy to computers that are running Windows Server 2003, Windows XP, or Windows 2000

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;887303

     

    Sincerely,

    Wilson Jia


    This posting is provided "AS IS" with no warranties, and confers no rights. Please click "Mark as Answer" when you get the correct reply to your question.
    Tuesday, May 11, 2010 2:51 AM
  • Here's the issue:  I can't apply group policy because the machine cannot enumerate the \\domainname\sysvol folder.  I've gone through all that the kbs say to check for and nothing has resolved it - not even rebuilding the server.  This is the only box like this so i know its sever/network related.  I can enumeate \\domainfqdn\sysvol just fine.
    Thursday, May 13, 2010 1:34 AM
  • Hi Bklyngy,

    Thanks for your reply.

    Based on your description, it seems the client is not able to access domain's Netbios name.

    Please verify that the TCP/IP NetBIOS Helper, Netlogon, and the Remote Procedure Call (RPC) services are started and set to Automatic.

    Regards,

    Wilson Jia


    This posting is provided "AS IS" with no warranties, and confers no rights. Please click "Mark as Answer" when you get the correct reply to your question.
    • Marked as answer by Wilson Jia Monday, June 7, 2010 8:42 AM
    Thursday, May 13, 2010 7:34 AM
  • Had the exact same issue and for me it turned out to be my AD account. Trying a different account i had no problems so upon investigating the "problem" account i discovered my account had a flag set on the "use DES encryption to store the password" which is under the Account tab in AD for a user. Unselecting this corrected the problem.

    Good luck.

    Tuesday, May 25, 2010 10:49 AM
  • Just posting this here in case it helps anyone else ...

    I had this problem with a single 2008r2 domain controller, while all other DCs were fine. The problem had started when an old DC was retired and its ip address transferred to the new 2008r2 DC. I first tried demoting the DC, planning to re-promote it. After demoting I noticed its ip address was still turning up in a "nslookup domain". It turned out there was a static A record to the DC's ip address in the DNS. After deleting the static record, and re-promoting the DC, everything was fine.


    http://www.wapshere.com/missmiis
    Monday, June 21, 2010 6:30 AM
  • Hi,You can get your expected domain names.you can approach this http://www.thewebpole.com/ site's domain service ,in before here only i got my dream domain  name ,also which one is very similar to my site contents ,visit this site for more details.All the best.
    Friday, June 25, 2010 9:22 AM