none
Event ID 1058 and 1030... Group Policy problems RRS feed

  • Question

  • I have one domain controller. About a month ago we had some problem with the File Replication Server. Opened a ticket with Microsoft and they changed the "Blurflag" value. The problem was resolved and people could now login to the domain.Now I am having a problem on the network. On two different member servers.. there are "Cannot access GPT.INI" errors. The Domain controller locks up when these errors occur. I can access the "Sysvol" share from other computers on the domain. The permissions on the GPT.INI are "Domain\Administrators" = Full Control "Authenticated Users" = Read/Execute and Read and "System" = Full Control. I have rebooted multiple times. The Sysvol\Domain.local folder is empty except for a folder called "Do not remove NTFRS" The service "TCP/IP Netbois helper" is set to automatic and login account is Nt Authority system... And I don't know the password for this. I also don't have a good backup of a working "Group Policy" system state. I read about doing a "PurgeMUPCache" , but I don't know what the results will be.

    Monday, December 13, 2010 2:27 PM

Answers

  • Hi,

     

    The command “dfsutil /PurgeMupCache” resets the client's knowledge about the various sites' information. This is a troubleshooting option which should only be run on the client.

     

    Clears the client MUP cache, preventing confusion about the current provider when such names conflict. Except for a temporary performance hit, this command has no other adverse effects. This command does not affect any DFS metadata. If this command is not run, and the namespace is not accessed, the obsolete cache entry eventually expires.

     

    For more information, please refer to the following article:

     

    Dfsutil Syntax

    http://technet.microsoft.com/en-us/library/cc736784(WS.10).aspx#BKMK_37

     

    To troubleshoot the missing NETLOGON shares issue, please read the following Microsoft KB article:

     

    Troubleshooting missing SYSVOL and NETLOGON shares on Windows 2000 domain controllers

    http://support.microsoft.com/kb/257338/en-us

     

    For the detailed steps of how to troubleshoot the Event ID 1058 and 1030, please also refer to the following articles:

     

    Userenv errors occur and events are logged after you apply Group Policy to computers that are running Windows Server 2003, Windows XP, or Windows 2000

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;887303

     

    Group policies are not applied the way you expect; "Event ID 1058" and "Event ID 1030" errors in the application log

    http://support.microsoft.com/kb/314494

     

    What are Userenv 1030 and 1058 events?

    http://blogs.technet.com/b/instan/archive/2009/07/13/what-are-userenv-1030-and-1058-events.aspx

     

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, December 14, 2010 6:15 AM
    Moderator

All replies

  • Hello,

    please post an unedited ipconfig /all from the DC/DNS server and a problem machine. Also you should think about a second DC/DNS/GC for failover and redundancy. A singel DC is not recommended.

    Do you use the latest SP and patches on the machine and whcih OS version is installed?


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, December 13, 2010 2:36 PM
  • Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.
     
    C:\Documents and Settings\administrator.OBARA>ipconfig /all
     
    Windows IP Configuration
     
       Host Name . . . . . . . . . . . . : NTSERVER01
       Primary Dns Suffix  . . . . . . . : Obarausa.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : Obarausa.local
     
    Ethernet adapter Server Local Area Connection:
     
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Ad
    apter
       Physical Address. . . . . . . . . : 00-1F-29-67-7B-6E
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 10.0.0.2
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.0.0.1
       DNS Servers . . . . . . . . . . . : 10.0.0.2
       Primary WINS Server . . . . . . . : 10.0.0.2
     
    C:\Documents and Settings\administrator.OBARA>
    Monday, December 13, 2010 2:50 PM
  • Here's the problem Machine...

    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.
     
    C:\Documents and Settings\Administrator.OBARA>ipconfig /all
     
    Windows IP Configuration
     
       Host Name . . . . . . . . . . . . : TERMSRV1
       Primary Dns Suffix  . . . . . . . : Obarausa.local
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : Yes
       DNS Suffix Search List. . . . . . : Obarausa.local
     
    Ethernet adapter Lan:
     
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
       Physical Address. . . . . . . . . : 00-C0-9F-3A-FA-8B
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 10.0.0.7
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.0.0.1
       DNS Servers . . . . . . . . . . . : 10.0.0.2
       Primary WINS Server . . . . . . . : 10.0.0.2
     
    C:\Documents and Settings\Administrator.OBARA>

     

     

    I'm not sure about the latest SP or Patches... This is a 2003 R2 Server. Thank you so much in advance.

    Monday, December 13, 2010 2:53 PM
  • Hello,

    the output looks ok. WINVER in a command prompt will show you the installed version or you can use together the windows key and the break key, which opens the system properties where also the SP is shown. FOr the additional updates you can use the appwiz.cpl(add remove software) and enable the view of updates at the top, chkeck the lates installed date to see if the last month patch day is done.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, December 13, 2010 5:32 PM
  • Thanks!

    The WINVER is       ver 5.2 Build 3790.srv03_sp2_gdr.090805-1438:Service Pack 2

    Looks like patches were applied last month.

    What does the dfsutil /PurgeMupCache actually do?


    I also noticed the "Netlogon" (C:\windows\sysvol\sysvol\SCRIPTS) was missing


    Monday, December 13, 2010 6:21 PM
  • Hi,

     

    The command “dfsutil /PurgeMupCache” resets the client's knowledge about the various sites' information. This is a troubleshooting option which should only be run on the client.

     

    Clears the client MUP cache, preventing confusion about the current provider when such names conflict. Except for a temporary performance hit, this command has no other adverse effects. This command does not affect any DFS metadata. If this command is not run, and the namespace is not accessed, the obsolete cache entry eventually expires.

     

    For more information, please refer to the following article:

     

    Dfsutil Syntax

    http://technet.microsoft.com/en-us/library/cc736784(WS.10).aspx#BKMK_37

     

    To troubleshoot the missing NETLOGON shares issue, please read the following Microsoft KB article:

     

    Troubleshooting missing SYSVOL and NETLOGON shares on Windows 2000 domain controllers

    http://support.microsoft.com/kb/257338/en-us

     

    For the detailed steps of how to troubleshoot the Event ID 1058 and 1030, please also refer to the following articles:

     

    Userenv errors occur and events are logged after you apply Group Policy to computers that are running Windows Server 2003, Windows XP, or Windows 2000

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;887303

     

    Group policies are not applied the way you expect; "Event ID 1058" and "Event ID 1030" errors in the application log

    http://support.microsoft.com/kb/314494

     

    What are Userenv 1030 and 1058 events?

    http://blogs.technet.com/b/instan/archive/2009/07/13/what-are-userenv-1030-and-1058-events.aspx

     

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, December 14, 2010 6:15 AM
    Moderator
  • Can you check if the secure channel between the client machines and the server is fine:

    To verify secure channel perform these steps :

    1. from the problem machine try to access \\domainController

    If you are able to see the shares the secure channel is working fine.

    FYI: Changing the "burflag" value performs and authoritative restore of the sysvol folder. If you set the burflag value to d2 the server will start advertising that it has a bad sysvol copy and will fetch the good sysvol copy from the closest Domain Controller. If you set the value to D4, the server advertises itself as the only good copy of sysvol folder. In case of setting the burflag value to D4 it is mandatory that you change the burflag on other DC's as D2 so that they can fetch the changes from good copy.


    This article has all the information: http://support.microsoft.com/kb/290762/en-us
    • Edited by Achraj Monday, January 27, 2014 9:56 PM
    Monday, January 27, 2014 9:52 PM