I have umpteen event messages relating to Group Policy ManagerSeems that the computer cannot find the specified path. I cannot access any of the policies including the domain default.
This is on a recently installed server so I am setting up users etc. or rather migrating them from the old 2003 server. Any ideas please as I'm not sure what to do to rectify the situation.
What does dcdiag report? Is SYSVOL shared? What are the Event Log messages exactly?
leco (8th April 2009)
It's difficult to say without knowing what steps you've completed so far. I'm guessing you've joined a 2008 Server to an existing 2003 Domain, promoted it to a domain controller and then attempting to open/modify GPOs?
leco (8th April 2009)
Diagnostics report file path not found. SYSVOL is shared. Exact event logs - will report on tomorrow when I'm back at the coal face.What does dcdiag report? Is SYSVOL shared? What are the Event Log messages exactly?
Yes, yes and yes. Long story but I got the folder redirects horribly wrong at first. So set up a test OU with a test user. I set one redirect and tested it on two machines, before moving on to the next, testing again. When I was satisfied that all the redirects were working as they should, I moved each user from their original OU into the new one, renamed their old folder so that I could copy any particular bits over later. I then logged on as the user, set up all the other things that required setting. All was going well as I tested each freshly made user on the two machines, even deleting their local to make sure that the server profile was being used. Part way through the afternoon I noticed I was having to set up things that should have come from the policy. Did a gpupdate but to no avail, went to the server and found all the event messages.Originally Posted by Michael
I have now made all the other users "by hand" copying the local to the server and moving the Document folder by right clicking and entering a path to the server.
I have obviously broken something along the way but what I have no idea. At some point in the afternoon I did get a message about MMC (?) when I closed the Server Manager window, could that be connected?
Sorry for the long post trying to figure out what is happening or has happened - I'm new to Server 2008 and not fully conversant with all the different tools. Well I know they are much the same but in different places which makes them harder to find.
Thanks for helping.
This definitely sounds like a replication problem. Could you confirm the 'File Replication Service' is running on both servers?Part way through the afternoon I noticed I was having to set up things that should have come from the policy.
Then within Active Directory Sites and Services, force replication between both servers.
leco (8th April 2009)
On the 2003 server I was forever having to do that but thought it was something to do with the old/old server which has now been retired altogether. Thanks, will have a go at replication in the morning, I don't want to "disturb" any of the scheduled things that happen at this time of night.
Just a thought have you updated the domain schema to windows 2008 level (Windows Server 2008 ADPREP have you looked at using replication monitor. (Active Directory Replication Monitor)
leco (8th April 2009)
As the server was installed by the supplier I assumed adprep was carried out, will confirm with them tomorrow. I have used replmon previously on the 2003 server so maybe I should try that again. Thanks.
Surely the schema must have been upgraded otherwise you'd get no where at all? (I would of thought). I suppose in theory however due to the mis-matches this could/would stop replication performing successfully. I've never tried
Working on this theory your 2003 Server would create more problems than 2008 Server, which of course is newer. I suppose this depends also which of your domain controllers has the FSMO roles.
DCdiag on the 2003 server shows all tests passed
However, on the 2008 server:
Not advertising as a time server - now sorted
FrsEvent replication error - now sorted
Still have failure on:
DFSREvent - There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
NCSecDesc - Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=(domain name),DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=(domain name),DC=local
SystemLog - 13 errors all on the same date differing times - An Error Event occurred. EventID: 0x00000422
Time Generated: 04/09/2009 14:49:54
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error 0x3afc)
I've looked at the permissions in AD for the Enterprise Domain Controllers, that is set for reading or listing. Can you tell I'm not used to looking in there? Not actually sure what it should be. What do I do next?
Last edited by leco; 9th April 2009 at 07:28 PM.
DFSREvent - A catch all error for problems in the last 24 hours, so not a specific problem in itself
NCSecDesc - Because "adprep /rodcprep" hasn't been run on your schema for an upgraded AD domain. Not a problem in itself & can be ignored if you're not going to be running RODCs, else just run RODCPrep anyway, not going to hurt anything. (Ref: Known Issues for Installing and Removing AD DS)
SystemLog - Did you manage to check they'd upgraded your schema to support W2k8?
Try running: "dsquery * cn=schema,cn=configuration,dc={domain},dc={suffix} -scope base -attr objectVersion” from a cmd prompt - result should be 44.
Also force replication "repadmin /syncall" and see if errors get thrown.
leco (9th April 2009)
I've read that but as I'm not sure what RODC is for I haven't run it.
How do I do that?SystemLog - Did you manage to check they'd upgraded your schema to support W2k8?
Done both of those - result 44 and no errors (sounds like Mastermind!)Try running: "dsquery * cn=schema,cn=configuration,dc={domain},dc={suffix} -scope base -attr objectVersion” from a cmd prompt - result should be 44.
Also force replication "repadmin /syncall" and see if errors get thrown.
Update: Group Policy error events now popping up every 5 minutes on the dot (on the 2003 server it's called Userenv).
Last edited by leco; 9th April 2009 at 08:31 PM.
I've now discovered that the 2008 server has not been backing up all week. Apparently it isn't recognising the external hard drive that's plugged into one of the USB ports. What have I done to deserve this, after fighting for the budget to buy the server on the premise that the network would work better? Not a happy Easter bunny
Last edited by leco; 9th April 2009 at 09:47 PM. Reason: punctuation
Read-Only Domain Controller - a DC that holds a copy of AD, but is read-only, useful for branch-offices etc. (Think BDCs in NT4). Running adprep /rodcprep simply adds into the AD schema the structure necessary to support them. RODC is a rather niche feature, if you run RODC prep, it'll get rid of the errors, else, you can just ignore them.
Good (or bad, depending how you look at it) - 44 means they did upgrade your AD to support Server 2008.
What are the GP errors? Both the Server 2008 & Server 2003 errors would help.
The Server 2008 box isn't using the same name as an old DC server is it?
Thanks for the explanation. Will note the GP error messages tomorrow and post them - unless of course some miracle happens overnight and they have disappeared. I can but hope.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
