none
Event IDs: 1030 and 1058 RRS feed

  • Question

  • Hi guys

    i have a big problem that i have been fighting with for quite some time and have found no solution:

    I have a domain "catoca.com" with 2 sites:

    1-Luanda (10.9.48.x - 255.255.255.0 network)
    *This site have 2 domain controllers:
    1-LDADC001 = DC, GC, DNS, DHCP, also holds FSMO
    2-LDADC002 = DC, GC, DNS

    2-SAURIMO (10.9.32.x - 255.255.252.0 network)
    *This site has one domain controller which is the problematic one
    1-SAUDC001 = DC, GC, DNS, DHCP

    This SAUDC001 has been constantly flooded with these 2 events:

    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1030
    Date:  26-11-2009
    Time:  20:46:43
    User:  NT AUTHORITY\SYSTEM
    Computer: SAUDC001
    Description:
    Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1058
    Date:  26-11-2009
    Time:  20:46:43
    User:  NT AUTHORITY\SYSTEM
    Computer: SAUDC001
    Description:
    Windows cannot access the file gpt.ini for GPO cn={862C7901-E768-4E70-992B-E2CE4DA4219C},cn=policies,cn=system,DC=catoca,DC=com. The file must be present at the location <\\catoca.com\SysVol\catoca.com\Policies\{862C7901-E768-4E70-992B-E2CE4DA4219C}\gpt.ini>. (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted.

    These are my current problems at SAURIMO SITE (SAUDC001)

    1- If i try to acess any of the domain shares (sysvol and netlogon) i receive the error:
    *\\saudc001\sysvol is not accessible. You might not have permission to use this network resource. Contact the Adminstrator of this server to find out if you have access permissions.

    2-If i try to connect to the domain \\catoca.com, i receive the error:
    * the network location cannot be reached.....

    3-If i try to join any computer to the domain on this site, i receive the error:
    *windows cannot find the network path. Verify that the netiwork path is correct and the destination computer is not busy or turned off.......

    4- I tried to dcpromo another Windows 2003 server machine in hope that i could replace the problematic one but i receive this error:
    *The wizard cannot gain access to the list of domains in the forest. The error is: The network address is invalid


    Right now i dont know what else to do and i am very preocupied because this is the only DC on this site and i have a lot of users authenticating on it

    PLEASE NEED HELP URGENTLYYYYYYYYY

    REGARDS

    Thursday, November 26, 2009 8:37 PM

All replies

  • Hello,

    1- If i try to acess any of the domain shares (sysvol and netlogon) i receive the error:
    *\\saudc001\sysvol is not accessible. You might not have permission to use this network resource. Contact the Adminstrator of this server to find out if you have access permissions.

    Did you check if the shares exist under the sysvol folder?

    2-If i try to connect to the domain \\catoca.com, i receive the error:
    * the network location cannot be reached.....

    Any firewall between the site? How are the sites connected? Can you ping between the sites with ip address, computername and FQDN?

    3-If i try to join any computer to the domain on this site, i receive the error:
    *windows cannot find the network path. Verify that the netiwork path is correct and the destination computer is not busy or turned off.......

    Sounds like DNS, please post an unedited ipconfig /all from the client and the problem DC.

    4- I tried to dcpromo another Windows 2003 server machine in hope that i could replace the problematic one but i receive this error:
    *The wizard cannot gain access to the list of domains in the forest. The error is: The network address is invalid

    Do you use AD integrated zones in DNS and are all DCs liste with there A record and Nameserver record(if DNS server)? Are they also listed in the subfolders under the zone in there belonging one?

    Was there a restore on a DC from an image after a crash before?



    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, November 26, 2009 8:48 PM
  • Hello,

    1-Yes, the share exist under the sysvol folder.

    2-No, there is no firewall between the 2 sites; these are connected by 2 routers. I can ping between the sites using ip address, computername and FQDN

    3- SERVER
    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    C:\Documents and Settings\Administrator>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SAUDC001
       Primary Dns Suffix  . . . . . . . : catoca.com
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : catoca.com

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
     VBD Client)
       Physical Address. . . . . . . . . : 00-1C-23-C0-F5-E7
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 10.9.32.40
       Subnet Mask . . . . . . . . . . . : 255.255.252.0
       Default Gateway . . . . . . . . . : 10.9.32.1
       DNS Servers . . . . . . . . . . . : 10.9.32.40
                                           10.9.48.16
       NetBIOS over Tcpip. . . . . . . . : Disabled


    CLIENT
    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    C:\Documents and Settings\Administrator>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : CTCDC002
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : catoca.com

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . : catoca.com
       Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
     VBD Client)
       Physical Address. . . . . . . . . : 00-1C-23-C0-F1-D9
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IP Address. . . . . . . . . . . . : 10.9.34.145
       Subnet Mask . . . . . . . . . . . : 255.255.252.0
       Default Gateway . . . . . . . . . : 10.9.33.1
       DHCP Server . . . . . . . . . . . : 10.9.32.40
       DNS Servers . . . . . . . . . . . : 10.9.32.40
                                           10.9.32.39
       Lease Obtained. . . . . . . . . . : Thursday, November 26, 2009 11:58:42 PM
       Lease Expires . . . . . . . . . . : Friday, November 27, 2009 11:58:42 AM

    Ethernet adapter Local Area Connection 2:

       Media State . . . . . . . . . . . : Media disconnected
       Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
     VBD Client) #2
       Physical Address. . . . . . . . . : 00-1C-23-C0-F1-DB

    Yes i use AD integrated zones in DNS and are all DCs listed with there A record and Nameserver record. they also listed in the subfolders under the zone in there belonging one.

    No. there was no restore from a image file on this server

    Thursday, November 26, 2009 11:50 PM
  • Hi Mphandi,

    It looks like you have DNS issues in your Domain. Please check the following and rever back with the results -

    1. As you mentioned that you have 3 Domain Controllers in the Domain and they are acting as DNS Servers so when you try to Nslookup followed by Domain Name, you should get te three DNS Servers listed. If there is any other Stale Record existing there, you need to manually remove it from DNS Console. You will find the Stale Record under Name Server TAB when you go to the Properies of Primary Zones (Both Domain and _Msdcs)

    The same can also be verified by Pinging the Domain Name. When you try to Ping the Domain Name from an Server you should get replies from any of these three Server randomly.

    2. Are you able to Ping all the Domain Controllers to and fro using FQDN and NetBios Name ?

    3. Post Netdiag and Dcdiag from Problem DC here.

    I am pretty sure it's a DNS issue as you are getting the relevant message while doing Dcpromo as well. Once you fix this, things should go fine.

    4. Check the Network Binding on the Domain Controllers and make sure the Active NIC is at the top.

    5. Run 'Net Share' on all the Domain Controller and make sure you have Netlogon and Sysvol Shares present.

    6. Going by the Issue you are getting, i am pretty sure you would be getting FRS Event on the Domain Controllers. Please post the Event ID's you are getting on DC's

    7. Check if the Policies under Sysvol Folder are in Sync on all the DC's.

    8. Are you logged in with Domain or Enterprise Admin provilidges ?

    Revert back with the answers so that i ca assist you further.

    Thanks,
    Nitin
    Friday, November 27, 2009 1:52 AM
  • Thanks for the reply,

    1- Yes, when i nslookup on either site i get all 3 servers listed. No other records listed.

    Yes, i do get a reply from any the servers. This also depends on which site you are pinging from.

    2- I tested pinging to and from all domain controllers using Netbios and FQDN and it works.

    3- I will post netdiag and dcdiag in a new reply to you because the size of text is too big

    4- Checked and had to change bindings in LDADC001 and LDADC002

    5- ran net share on all DCs and Netlogon and Sysvol Shares are present


    6- EVENTS ON SAUDC001

    Event Type: Information
    Event Source: NtFrs
    Event Category: None
    Event ID: 13516
    Date:  26-11-2009
    Time:  10:21:03
    User:  N/A
    Computer: SAUDC001
    Description:
    The File Replication Service is no longer preventing the computer SAUDC001 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
     
    Type "net share" to check for the SYSVOL share.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

    Event Type: Information
    Event Source: DNS
    Event Category: None
    Event ID: 2502
    Date:  27-11-2009
    Time:  9:24:20
    User:  N/A
    Computer: SAUDC001
    Description:
    The DNS server has completed a scavenging cycle but no nodes were visited. Possible causes of this condition include:
     
      1) No zones are configured for scavenging by this server.
      2) A scavenging cycle was performed within the last 30 minutes.
      3) An error occurred during scavenging.
     
    The next scavenging cycle is scheduled to run in 0 hours.
     
    The event data will contain the error code if there was an error during the scavenging cycle.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     


    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1030
    Date:  27-11-2009
    Time:  10:36:46
    User:  NT AUTHORITY\SYSTEM
    Computer: SAUDC001
    Description:
    Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1058
    Date:  27-11-2009
    Time:  10:36:46
    User:  NT AUTHORITY\SYSTEM
    Computer: SAUDC001
    Description:
    Windows cannot access the file gpt.ini for GPO cn={862C7901-E768-4E70-992B-E2CE4DA4219C},cn=policies,cn=system,DC=catoca,DC=com. The file must be present at the location <\\catoca.com\SysVol\catoca.com\Policies\{862C7901-E768-4E70-992B-E2CE4DA4219C}\gpt.ini>. (The network location cannot be reached. For information about network troubleshooting, see Windows Help. ). Group Policy processing aborted.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    7- I have checked and all policies are in sync. I have also made a test by creating a simple txt file on a dc on the Luanda site and replicated ok to the Saurimo Site

    8- I am logged as the domain administrator

    Friday, November 27, 2009 10:01 AM
  • DCDIAG RESULTS


    Domain Controller Diagnosis

    Performing initial setup:
       * Verifying that the local machine SAUDC001, is a DC.
       * Connecting to directory service on server SAUDC001.
       * Collecting site info.
       * Identifying all servers.
       * Identifying all NC cross-refs.
       * Found 3 DC(s). Testing 1 of them.
       Done gathering initial info.

    Doing initial required tests
      
       Testing server: SMC-SAURIMO\SAUDC001
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             * Active Directory RPC Services Check
             ......................... SAUDC001 passed test Connectivity

    Doing primary tests
      
       Testing server: SMC-SAURIMO\SAUDC001
          Starting test: Replications
             * Replications Check
             * Replication Latency Check
                DC=ForestDnsZones,DC=catoca,DC=com
                   Latency information for 3 entries in the vector were ignored.
                      3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                DC=DomainDnsZones,DC=catoca,DC=com
                   Latency information for 3 entries in the vector were ignored.
                      3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                CN=Schema,CN=Configuration,DC=catoca,DC=com
                   Latency information for 3 entries in the vector were ignored.
                      3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                CN=Configuration,DC=catoca,DC=com
                   Latency information for 3 entries in the vector were ignored.
                      3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                DC=catoca,DC=com
                   Latency information for 3 entries in the vector were ignored.
                      3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
             * Replication Site Latency Check
             ......................... SAUDC001 passed test Replications
          Test omitted by user request: Topology
          Test omitted by user request: CutoffServers
          Starting test: NCSecDesc
             * Security Permissions check for all NC's on DC SAUDC001.
             * Security Permissions Check for
               DC=ForestDnsZones,DC=catoca,DC=com
                (NDNC,Version 2)
             * Security Permissions Check for
               DC=DomainDnsZones,DC=catoca,DC=com
                (NDNC,Version 2)
             * Security Permissions Check for
               CN=Schema,CN=Configuration,DC=catoca,DC=com
                (Schema,Version 2)
             * Security Permissions Check for
               CN=Configuration,DC=catoca,DC=com
                (Configuration,Version 2)
             * Security Permissions Check for
               DC=catoca,DC=com
                (Domain,Version 2)
             ......................... SAUDC001 passed test NCSecDesc
          Starting test: NetLogons
             * Network Logons Privileges Check
             [SAUDC001] An net use or LsaPolicy operation failed with error 1231, The network location cannot be reached. For information about network troubleshooting, see Windows Help..
             ......................... SAUDC001 failed test NetLogons
          Starting test: Advertising
             The DC SAUDC001 is advertising itself as a DC and having a DS.
             The DC SAUDC001 is advertising as an LDAP server
             The DC SAUDC001 is advertising as having a writeable directory
             The DC SAUDC001 is advertising as a Key Distribution Center
             The DC SAUDC001 is advertising as a time server
             The DS SAUDC001 is advertising as a GC.
             ......................... SAUDC001 passed test Advertising
          Starting test: KnowsOfRoleHolders
             Role Schema Owner = CN=NTDS Settings,CN=LDADC001,CN=Servers,CN=SMC-LUANDA,CN=Sites,CN=Configuration,DC=catoca,DC=com
             Role Domain Owner = CN=NTDS Settings,CN=LDADC001,CN=Servers,CN=SMC-LUANDA,CN=Sites,CN=Configuration,DC=catoca,DC=com
             Role PDC Owner = CN=NTDS Settings,CN=LDADC001,CN=Servers,CN=SMC-LUANDA,CN=Sites,CN=Configuration,DC=catoca,DC=com
             Role Rid Owner = CN=NTDS Settings,CN=LDADC001,CN=Servers,CN=SMC-LUANDA,CN=Sites,CN=Configuration,DC=catoca,DC=com
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=LDADC001,CN=Servers,CN=SMC-LUANDA,CN=Sites,CN=Configuration,DC=catoca,DC=com
             ......................... SAUDC001 passed test KnowsOfRoleHolders
          Starting test: RidManager
             * Available RID Pool for the Domain is 6103 to 1073741823
             * LDADC001.catoca.com is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 5603 to 6102
             * rIDPreviousAllocationPool is 5603 to 6102
             * rIDNextRID: 5623
             ......................... SAUDC001 passed test RidManager
          Starting test: MachineAccount
             Checking machine account for DC SAUDC001 on DC SAUDC001.
             Could not open pipe with [SAUDC001]:failed with 1231: The network location cannot be reached. For information about network troubleshooting, see Windows Help.
             Could not get NetBIOSDomainName
             Failed can not test for HOST SPN
             Failed can not test for HOST SPN
             * SPN found :LDAP/SAUDC001.catoca.com/catoca.com
             * SPN found :LDAP/SAUDC001.catoca.com
             * SPN found :LDAP/SAUDC001
             * Missing SPN :(null)
             * SPN found :LDAP/87379c83-a3de-4e0e-a49e-0ce420fb81aa._msdcs.catoca.com
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/87379c83-a3de-4e0e-a49e-0ce420fb81aa/catoca.com
             * SPN found :HOST/SAUDC001.catoca.com/catoca.com
             * SPN found :HOST/SAUDC001.catoca.com
             * SPN found :HOST/SAUDC001
             * Missing SPN :(null)
             * SPN found :GC/SAUDC001.catoca.com/catoca.com
             ......................... SAUDC001 failed test MachineAccount
          Starting test: Services
             Could not open Remote ipc to [SAUDC001]:failed with 1231: The network location cannot be reached. For information about network troubleshooting, see Windows Help.
             ......................... SAUDC001 failed test Services
          Test omitted by user request: OutboundSecureChannels
          Starting test: ObjectsReplicated
             SAUDC001 is in domain DC=catoca,DC=com
             Checking for CN=SAUDC001,OU=SAURIMO,OU=Domain Controllers,DC=catoca,DC=com in domain DC=catoca,DC=com on 1 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=SAUDC001,CN=Servers,CN=SMC-SAURIMO,CN=Sites,CN=Configuration,DC=catoca,DC=com in domain CN=Configuration,DC=catoca,DC=com on 1 servers
                Object is up-to-date on all servers.
             ......................... SAUDC001 passed test ObjectsReplicated
          Starting test: frssysvol
             * The File Replication Service SYSVOL ready test
             [SAUDC001] An net use or LsaPolicy operation failed with error 1231, The network location cannot be reached. For information about network troubleshooting, see Windows Help..
             The registry lookup failed to determine the state of the SYSVOL.  The

             error returned  was 1231

             (The network location cannot be reached. For information about network troubleshooting, see Windows Help.)

             .  Check the FRS event log to see if the SYSVOL has successfully been

             shared.
             ......................... SAUDC001 failed test frssysvol
          Starting test: frsevent
             * The File Replication Service Event log test
             ......................... SAUDC001 failed test frsevent
          Starting test: kccevent
             * The KCC Event log test
             Failed to enumerate event log records, error The network location cannot be reached. For information about network troubleshooting, see Windows Help.
             ......................... SAUDC001 failed test kccevent
          Starting test: systemlog
             * The System Event log test
             Failed to enumerate event log records, error The network location cannot be reached. For information about network troubleshooting, see Windows Help.
             ......................... SAUDC001 failed test systemlog
          Test omitted by user request: VerifyReplicas
          Starting test: VerifyReferences
             The system object reference (serverReference)

             CN=SAUDC001,OU=SAURIMO,OU=Domain Controllers,DC=catoca,DC=com and

             backlink on

             CN=SAUDC001,CN=Servers,CN=SMC-SAURIMO,CN=Sites,CN=Configuration,DC=catoca,DC=com

             are correct.
             The system object reference (frsComputerReferenceBL)

             CN=SMCLDA015,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=catoca,DC=com

             and backlink on

             CN=SAUDC001,OU=SAURIMO,OU=Domain Controllers,DC=catoca,DC=com are

             correct.
             The system object reference (serverReferenceBL)

             CN=SMCLDA015,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=catoca,DC=com

             and backlink on

             CN=NTDS Settings,CN=SAUDC001,CN=Servers,CN=SMC-SAURIMO,CN=Sites,CN=Configuration,DC=catoca,DC=com

             are correct.
             ......................... SAUDC001 passed test VerifyReferences
          Test omitted by user request: VerifyEnterpriseReferences
          Test omitted by user request: CheckSecurityError
      
       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
      
       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
      
       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
      
       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
      
       Running partition tests on : catoca
          Starting test: CrossRefValidation
             ......................... catoca passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... catoca passed test CheckSDRefDom
      
       Running enterprise tests on : catoca.com
          Starting test: Intersite
             Skipping site SMC-LUANDA, this site is outside the scope provided by

             the command line arguments provided.
             Skipping site SMC-SAURIMO, this site is outside the scope provided by

             the command line arguments provided.
             ......................... catoca.com passed test Intersite
          Starting test: FsmoCheck
             GC Name: \\SAUDC001.catoca.com
             Locator Flags: 0xe00001fc
             PDC Name: \\LDADC001.catoca.com
             Locator Flags: 0xe000037d
             Time Server Name: \\SAUDC001.catoca.com
             Locator Flags: 0xe00001fc
             Preferred Time Server Name: \\LDADC001.catoca.com
             Locator Flags: 0xe000037d
             KDC Name: \\SAUDC001.catoca.com
             Locator Flags: 0xe00001fc
             ......................... catoca.com passed test FsmoCheck
          Test omitted by user request: DNS
          Test omitted by user request: DNS

    Friday, November 27, 2009 10:05 AM
  • hello,

    The size of text for the Netdiag results is TOO BIG. Is there any otherway to post it???

    Friday, November 27, 2009 10:09 AM
  • Hello Guys, I am still fighting with this problem with no solution until now. Can anyone please help!!!
    Tuesday, December 1, 2009 7:24 AM
  • Hi Mphandi,

    Apologize for the delay in reply.

    Allright so the issue you are getting is for following GPO "cn={862C7901-E768-4E70-992B-E2CE4DA4219C},cn=policies,cn=system,DC=catoca,DC=com".

    - We need to check if this GPO  GUID {862C7901-E768-4E70-992B-E2CE4DA4219C} is present at the Location  " \\catoca.com\SysVol\catoca.com\Policies "
    If it's not present than you can check the same in 'NtfrsPreExisting' Folder which you will see once you unhide the hidden files from Folder Options View Menu.

    - We can than look for this GPO in Adsiedit.msc by going to Domain Partition - System - Policies. You will see all the Policy GUID's present at that location. Check if you see this GUID over there.
    If the GUID is present in both Sysvol and Adsiedit than a Version Mismatch can also cause such issues.

    To check and correct the Version you can open the Gpt.ini File at the location \\catoca.com\SysVol\catoca.com\Policies\{862C7901-E768-4E70-992B-E2CE4DA4219C}\gpt.ini  and see the Version Number.
    Check if the same Version Number exist in AD as well. You can look for it in the Properties of GPO GUID under Adsiedit.msc ( Domain Partition- System - Policies ). The Attribute to look for would be 'versionNumber'

    If the Version is not matching, you can edit the Version in AD and than Force Replication across.

    Revert back with the results.

    Thanks,
    Nitin
    Tuesday, December 1, 2009 5:26 PM