Windows Server 2008 Thread, GP error in Technical; I'm trying to write a new policy for redirecting staff documents etc. but I'm getting an error and the policy ...
18th August 2010, 02:13 PM #1
I'm trying to write a new policy for redirecting staff documents etc. but I'm getting an error and the policy is not being applied. (See attached for details) I'm not sure what I should do about it.
22nd August 2010, 03:16 PM #2
I ran RSoP on the server to try to identify the issue. The following users cannot be found - IWAM_Server and IUSR_Server. I am assuming that the second bit of the name (Server) is the name of the containing server, is that right? These may have been deleted when uninstalling and clearing Exchange.
Question: What do I now need to do as this error is on the Default Domain Controller policy? I need some help here as I'm way out of my depth and comfort zone. I've learnt an awful lot since my new DC crashed and burned but now feeling the heat as the new term looms.
ps if there are any mods/admins around this thread should more correctly now be in the Windows Server 2008 forum, as the DC under investigation is not R2. Thanks
Last edited by leco; 22nd August 2010 at 03:27 PM.
Reason: added ps
22nd August 2010, 04:21 PM #3
Moved the thread but can't help with the issue I'm afraid.
What makes you think that the missing users are causing the error?
22nd August 2010, 05:18 PM #4
Thanks Witch. The event viewer prompted me to look for Cannot Find Users, which listed IWAM and IUSR. It went on to give instructions for finding which policy these lost users were in. Hence Default Domain Controller policy. In RSoP the parts of the Policy that are affected are shown with a red cross against them. I could just remove them from the Policy but I'm not sure what they do exactly. Like I said slightly out of my depth here and sadly my external support is on holiday
22nd August 2010, 05:57 PM #5
It's a pure guess as I've never had anything like this before, but it looks like some corruption or misconfiguration of the TerminalServer-server policy.
Do you have a backup of that adml file that you can restore to?
If not, could you remove any links to it and create a new polcicy from scratch?
22nd August 2010, 06:14 PM #6
- Rep Power
I agree with mb2k01, the adm template appears to have got messed up. Go to group policy and look under the administrative templates section and see if it is there, if not you will need to add it back in and look at what settings have been changed. Removing an admin template doesnt undo any settings and you will need the original template to amend those settings in group policy. The alternative is to create another policy and disable that one.
22nd August 2010, 07:42 PM #7
Any backup I might have had went with the loss of the original Master DC and other machines. Completely new territory for me here so could you be kind and give me instructions on exactly what to do please?
Originally Posted by mb2k01
22nd August 2010, 07:44 PM #8
Which admin template am I looking for in which branch of Group Policy? Given that I think this is the default domain controller policy how do I know what has been or should be set on it?
Originally Posted by littlehoughton
22nd August 2010, 08:04 PM #9
The error message seems to suggest it is just the Terminal Server policy at fault (unless you get multiple error messages with different adml names?)
Originally Posted by leco
It might be that it is applied at domain level, but doesn't look like it is the "domain policy".
What Server OS are you running?
Last edited by mb2k01; 22nd August 2010 at 08:07 PM.
22nd August 2010, 10:17 PM #10
I don't think I've got a Terminal Server policy, well not one that I've made anyway. I guess that doesn't necessarily mean there isn't one though. I've looked at the domain controller policy which is where the red crosses are. This server is running 2008, there is another DC that's still on 2003, which is I think the named server in the Cannot find message. Thanks, I'll have a look when I get to work in the morning.
23rd August 2010, 11:22 AM #11
On your 2008 server go to Administrative Tools > Group Policy Management. When it opens you familiar(ish) AD tree down the left hand side. Expand your domain and click on the Group Policy Objects folder, you shoudl then see a list of every policy for your domain. If you notice the TerminalServer policy in there, click on it and it will show you the OU's that it is linked to. From there it is your choice whether you choose to delete, disable or unlink from the individual OU's to test/see whether it gets rid of your errors
23rd August 2010, 11:25 AM #12
A terminal server policy is not listed.
23rd August 2010, 08:50 PM #13
- Rep Power
You will need to check each policy in your GPMC, adm templates are irrelevant to the policy name so you need to check what adm templates you have under each administrative templates in your GP's. You can right click and select add/remove tempates and see if you can spot the adm template or alternatively do a search for *.adm templates or look in %systemroot%\inf or the adm template may already be added just dig under that administrative template branch. Also adm templates do not replicate around your domain controllers so if you manage your GP's from multiple servers you will have to search each one. It is best to designate a server you will use for adding templates then they are all in one place. Also you can usually spot when something is a miss with admin templates when looking at the settings in each GP via the GPMC, under the administrative template section if it cannot read the settings from a adm there is usually a GUID instead of what it should read in plain English.
Thanks to littlehoughton from:
23rd August 2010, 10:21 PM #14
I did as far as I recall, consolidate all the .adms into a central store. Unfortunately this was on the now defunct Master DC. However, I think I copied them all to the 2008 server also. I'll do a search tomorrow and see what I can find. Thanks
24th August 2010, 12:27 PM #15
- Rep Power
Do you have the PolicyDefinitions folder
normally located \\FQDN\SYSVOL\FQDN\policies
For some reason on our 2008 box it created a folder at this location called PolicyUpdates.....and we had loads of errors with GPO's under we created the missing definitions folder
By Darryl_Wilcox in forum Office Software
Last Post: 1st April 2010, 02:36 PM
By UkDraxion in forum Wireless Networks
Last Post: 10th November 2009, 10:37 AM
By Strotzyl in forum Wireless Networks
Last Post: 14th March 2009, 02:46 PM
By ChrisH in forum Windows
Last Post: 10th October 2008, 12:10 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)