none
Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect) RRS feed

  • Question

  • I am seeing a very odd error on one of our domain controllers. I have dealt with Event ID 1058 errors whereby a policy (or policies) were not replicating, but we are receiving this error along with error code 1326 on this server, and it is apparently only happening with the default domain policy:

    Log Name:      System
    Source:        Microsoft-Windows-GroupPolicy
    Date:          8/10/2015 3:09:54 PM
    Event ID:      1058
    Task Category: None
    Level:         Error
    Keywords:     
    User:          S-1-5-21-1484152634-2550175353-3916092219-3287
    Computer:      <DC Name>.<domainname>
    Description:
    The processing of Group Policy failed. Windows attempted to read the file http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
        <EventID>1058</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>1</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2015-08-10T19:09:54.008905300Z" />
        <EventRecordID>56008</EventRecordID>
        <Correlation ActivityID="{E6440388-AAF9-4E59-B945-73179E2ADF3F}" />
        <Execution ProcessID="880" ThreadID="3256" />
        <Channel>System</Channel>
        <Computer><dcname>.<domainname></Computer>
        <Security UserID="S-1-5-21-1484152634-2550175353-3916092219-3287" />
      </System>
      <EventData>
        <Data Name="SupportInfo1">4</Data>
        <Data Name="SupportInfo2">820</Data>
        <Data Name="ProcessingMode">0</Data>
        <Data Name="ProcessingTimeInMilliseconds">3432</Data>
        <Data Name="ErrorCode">1326</Data>
        <Data Name="ErrorDescription">The user name or password is incorrect. </Data>
        <Data Name="DCName"><dcname>.<domainname></Data>
        <Data Name="GPOCNName">CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=<domainname>,DC=com</Data>
        <Data Name="FilePath">\\<domainname>\sysvol\<domainname>\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini</Data>
      </EventData>
    </Event>

    (Some information redacted)

    Now, I haven't failed to notice that the username is listed as a SID.  Based on various queries I have done, this SID currently does not exist in our domain.

    This only replicates with one other domain controller, which is our PDC and resides in our corporate datacenter.  It almost seems like DFSR is trying to connect to some outdated DC to replicate, but I cannot find any indication of why it might be doing this.  I have already looked at the DFS Management console on this server and everything looks exactly like it does on every other DC.  The DFSR event logs are also not reporting anything wrong.

    While this doesn't appear to be hurting anything--the default domain policy IS updating in SYSVOL on this server and replication diagnostics all check out OK--I'd like to correct whatever is causing this.  Anyone run into anything similar or have any ideas?

    Monday, August 10, 2015 10:31 PM

Answers

  • Hi Steviek,

    Thanks for your post.

    These issues occur if the computers that are on your network cannot connect to certain Group Policy objects. Specifically, these objects are in the Sysvol folders on your network's domain controllers. Maybe the sysvol replication failed.

    Since the sysvol diagnosis are ok. You could also follow the check: Examine the DNS settings and network properties on the servers and client computers, Examine the Server Message Block signing settings on the client computers and member servers and make sure that the TCP/IP NetBIOS Helper service is started on all  computers

    Refer to the following link:

    https://support.microsoft.com/en-us/kb/887303

    http://social.technet.microsoft.com/wiki/contents/articles/1456.event-id-1058-group-policy-preprocessing-networking.aspx

    Best Regards,

    Mary Dong


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 11, 2015 6:11 AM
    Moderator