none
gpupdate returns event ID 1058 error code 53 RRS feed

  • Question

  • I have a w2k3 DC, working  with a w2k8 server 64 bits, in this server i have a bunch of error like the below one (i think this happend  every time this server try to update the GP):

    User policy could not be updated successfully. The following errors were encount
    ered:
    The processing of Group Policy failed. Windows attempted to read the file \\rome.com\SysVol\rome.com\Policies\{27AB5801-C895-489E-9DD2-F1C7877DF9C8}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    a) Name Resolution/Network Connectivity to the current domain controller.
    b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
    c) The Distributed File System (DFS) client has been disabled.
    Computer policy could not be updated successfully. The following errors were encountered:

    The processing of Group Policy failed. Windows could not resolve the computer na
    me. This could be caused by one of more of the following:
    a) Name Resolution failure on the current domain controller.
    b) Active Directory Replication Latency (an account created on another domain co
    ntroller has not replicated to the current domain controller).

    To diagnose the failure, review the event log or invoke gpmc.msc to access infor
    mation about Group Policy results.
     
    the error code is 53, so this is the suggested resolution in windows tutorials:

    Error code 53 (The network path was not found)

    This error code usually indicates that the computer cannot resolve the name in the provided network path.

    To test network path name resolution:

    1. Identify the domain controller used by the computer. The name of the domain controller is logged in the details of the error event.
    2. Try to connect to the netlogon share on the domain controller using the path \\<dcName>\netlogon where <dcName> is the name the name of the domain controller in the error event.
    3. If the error still persists, then follow Network troubleshooting procedures to diagnose the the problem further (http://go.microsoft.com/fwlink/?LinkId=92706).

    what heppening is i tried \\dcname\netlogon in a commend prompt (not sure if it's the right way to do it) and it returned : The network path was not found. in the link in point 3, nothing is helping me out, knowing that the server is connected to internet, i'm remoting to it, and it's in the same subnet where other w2k3 servers are working great :( !?

    Thursday, March 4, 2010 3:23 PM

Answers

  • Hi All,

    In new 2008 servers, it is not happening, and this most likely has to do with a misconfiguration gateway, thing that was holding the server from talking to the DC the proper way, also i was not able to look up domain groups/users from that server, but after changing the gateway things began working normal right away so i would say it's 99.99% a gateway issue!


    Khalid Touati Network Administrator at Endosoft
    • Marked as answer by khalid55 Friday, November 5, 2010 6:35 PM
    Friday, November 5, 2010 6:35 PM

All replies

  • Hello,

    let's start to exclude DNS settings, please post an unedited ipconfig /all from the problem client and the DC/DNS server.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, March 4, 2010 3:25 PM
  • Hi Meinolf,
    here you are:
    from the 2008 server:
    C:\Users\administrator.ROME>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : Endo-Web
       Primary Dns Suffix  . . . . . . . : rome.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : rome.com

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
     VBD Client)
       Physical Address. . . . . . . . . : 00-22-19-66-3F-73
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 172.16.200.135(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.128
       Default Gateway . . . . . . . . . : 172.16.200.203
       DNS Servers . . . . . . . . . . . : 172.16.1.40
                                           172.16.1.41
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{CAE4E8B0-FE4E-4E26-BB64-9D5EC297D
    B70}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    from the first DNS (172.16.1.40):
    C:\Documents and Settings\administrator.ROME>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : UTECH-DC1
       Primary Dns Suffix  . . . . . . . : rome.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : rome.com

    Ethernet adapter Network Bridge:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : MAC Bridge Miniport
       Physical Address. . . . . . . . . : 02-0F-1F-66-B5-23
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 172.16.1.40
       Subnet Mask . . . . . . . . . . . : 255.255.255.128
       Default Gateway . . . . . . . . . : 172.16.1.101
                                           172.16.1.104
       DNS Servers . . . . . . . . . . . : 172.16.1.40
                                           172.16.1.41

    here is the ouput of a 2003 machine that's working fine:
    C:\Documents and Settings\administrator.ROME>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : endosoft-web
       Primary Dns Suffix  . . . . . . . : rome.com
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : rome.com

    Ethernet adapter VLAN DMZ, ID: 6:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) Advanced Network Services Virtua
    l Adapter
       Physical Address. . . . . . . . . : 00-13-72-65-8F-16
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 172.16.200.134
       Subnet Mask . . . . . . . . . . . : 255.255.255.128
       IP Address. . . . . . . . . . . . : 172.16.200.133
       Subnet Mask . . . . . . . . . . . : 255.255.255.128
       Default Gateway . . . . . . . . . : 172.16.200.203
       DNS Servers . . . . . . . . . . . : 172.16.1.40
                                           172.16.1.41

    C:\Documents and Settings\administrator.ROME>gpupdate
    Refreshing Policy...

    User Policy Refresh has not completed in the expected time. Exiting...
    User Policy Refresh has completed.
    Computer Policy Refresh has completed.

    To check for errors in policy processing, review the event log.


    INDEED i noticed the following warning on it:
    event ID 40960

    The Security System detected an authentication error for the server LDAP/UTECH-DC1.rome.com/rome.com@ROME.COM. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.

    (0xc000005e)".

     

    sorry for burden you with all that but, hope that will help knowing what's going on!

    Thursday, March 4, 2010 7:57 PM
  • Hi,

     

    According to Event ID 1030 and 1058, this issues occur if the computers that are on your network cannot connect to certain Group Policy objects. Specifically, these objects are in the Sysvol folders on your network's domain controllers.

     

    To resolve this issue, you may follow the KB 887303's steps to troubleshoot this issue.

    Userenv errors occur and events are logged after you apply Group Policy to computers that are running Windows Server 2003, Windows XP, or Windows 2000

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;887303

     

    Sincerely,

    Wilson Jia


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Proposed as answer by Wilson Jia Friday, March 5, 2010 3:11 AM
    • Marked as answer by Wilson Jia Monday, March 8, 2010 3:01 AM
    • Unmarked as answer by khalid55 Wednesday, March 10, 2010 1:59 PM
    Friday, March 5, 2010 3:11 AM
  • Hi Wilson,
    thank you for the post, actually i followed the step in your link step by step, now i can get in the shrae \\dcname\netlogon from the the 2008 server, but i beleive that just part of the PB is fixed, when i run "gpupdate /force:

    C:\Users\administrator.ROME>gpupdate /force
    Updating Policy...
    User Policy update has completed successfully.
    Computer Policy update has not completed in the expected time. Exiting...
    To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results.

    but this machine belong only to a user group, could that be why it updates user policy and not computer policy?

    Also i still have the error ID 1055:
    The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
    a) Name Resolution failure on the current domain controller.
    b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

    plus some warning of LsaSrv:
    The Security System detected an authentication error for the server cifs/utech-dc2.rome.com. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
    (0xc000005e)".


    any thoughts?





     
    Monday, March 8, 2010 8:26 PM
  • Hello,

    please check the problem machine with:
    nltest /dsgetdc:domainName.com

    nltest /dsgetsite

    also run dcdiag /v and post the complete output.
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, March 8, 2010 9:26 PM
  • Hi,
    here is the output one by one:

    C:\Users\administrator.ROME>nltest /dsgetdc:rome.com
               DC: \\utech-dc2.rome.com
          Address: \\172.16.1.41
         Dom Guid: cc67a4d6-2440-417d-a469-917614c4c11b
         Dom Name: rome.com
      Forest Name: rome.com
     Dc Site Name: Default-First-Site-Name
    Our Site Name: Default-First-Site-Name
            Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLO
    SE_SITE
    The command completed successfully


    C:\Users\administrator.ROME>nltest /dsgetsite
    Default-First-Site-Name
    The command completed successfully

    C:\Users\administrator.ROME>dcdiag /v
    'dcdiag' is not recognized as an internal or external command,
    operable program or batch file.

    thank you!
    • Marked as answer by khalid55 Tuesday, March 9, 2010 7:46 PM
    • Unmarked as answer by khalid55 Tuesday, March 9, 2010 7:46 PM
    Tuesday, March 9, 2010 6:47 PM
  • Hi Khalid55,

    Thanks for your response.

    According to the error 1055, you may check the workaround described in KB 934907.

    Error results when you run the "gpupdate /force" command on a computer that is running Windows Vista: "User policy could not be updated successfully"
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;934907

    Hope it helps.

    Regards,
    Wilson Jia
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, March 15, 2010 7:23 AM
  • Hello,

    you have to install the support\tools\suptools.msi from the Windows server installation disk to have dcdiag available. Also netdiag can be used to check for errors on the server.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, March 15, 2010 11:18 AM
  • Hi All,

    In new 2008 servers, it is not happening, and this most likely has to do with a misconfiguration gateway, thing that was holding the server from talking to the DC the proper way, also i was not able to look up domain groups/users from that server, but after changing the gateway things began working normal right away so i would say it's 99.99% a gateway issue!


    Khalid Touati Network Administrator at Endosoft
    • Marked as answer by khalid55 Friday, November 5, 2010 6:35 PM
    Friday, November 5, 2010 6:35 PM