Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

domain group policy problems

Status
Not open for further replies.
bfletch

bfletch

MIS
May 3, 2000
167
US
I am having a problem that the Domain Group Policy. It is not replicating to the client machines. When I verify on all the machine's registry about the changes I made to Domain Group Policy it still shows the old settings.
I have used the secedit /refreshpolicy machine_policy /enforce and /refreshpolicy machine_policy /enforce command to make it quicker, but still not getting to my clients. I have waited over 20 mins now and never took that long before when I changed the policy (ie new schedule time) I am only running 3 clients and they are all 2K SP4. I was working fine, but all the
sudden stopped any suggestions? I have checked all my logs and the error that is common to all of my workstations is as follows:

Source: Userenv
Event ID: 1000
User: NT AUTHORITY\SYSTEM

Windows cannot query for the list of Group Policy objects . A message that
describes the reason for this was previously logged by this policy engine.

I have even deleted the policy and re-do it, but did not help. The only other difference I have done was patch SQL with SP3. Any suggestions? Thanks in advance.

B
 
Sort by date Sort by votes
Refreshing wont do anything if the clients are getting that error :)

The first thing you want to check is DNS. Are the clients pointing to your domain controller for DNS?
 
Upvote 0 Downvote
Yep. They are point to the correct spot. They were getting the updates fine except for my PDC, I was getting this error:

Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done.

For best results in resolving this event, log on with a non-administrative account and search for "troubleshooting 1202 events".
A user account in one or more Group policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped nor deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions:

Come to find out the security ID giving me the issue was SQLDebugger. So I installed SP3 to SQL and it created the SQLDebugger user and got rid of that error and now I am getting the error I mentioned above on all of my client machines.....I am stumped.

B
 
Upvote 0 Downvote
Are there any other userenv errors on the clients? The one you posted says to look for another event for the reason. It doesn't always log one though.
 
Upvote 0 Downvote
Not that I know of...At least not in event viewer, if there is one somewhere else then I am unaware to even look.
 
Upvote 0 Downvote
Here is the information I get when I setup that log:

USERENV(d4.2f4) 16:01:15:543 GetMachineToken: AcceptSecurityContext failed with 0x80090324
USERENV(d4.2f4) 16:01:15:543 GetGPOInfo: Failed to get the machine token with -2146893020
USERENV(d4.2f4) 16:01:15:543 ProcessGPOs: GetGPOInfo failed.
USERENV(d4.2f4) 16:08:15:540 GetMachineToken: AcceptSecurityContext failed with 0x80090324
USERENV(d4.2f4) 16:08:15:540 GetGPOInfo: Failed to get the machine token with -2146893020
USERENV(d4.2f4) 16:08:15:540 ProcessGPOs: GetGPOInfo failed.
USERENV(d4.2f4) 16:15:15:538 GetMachineToken: AcceptSecurityContext failed with 0x80090324
USERENV(d4.2f4) 16:15:15:538 GetGPOInfo: Failed to get the machine token with -2146893020
USERENV(d4.2f4) 16:15:15:538 ProcessGPOs: GetGPOInfo failed.
USERENV(d4.2f4) 16:22:16:167 GetMachineToken: AcceptSecurityContext failed with 0x80090324
USERENV(d4.2f4) 16:22:16:167 GetGPOInfo: Failed to get the machine token with -2146893020
USERENV(d4.2f4) 16:22:16:167 ProcessGPOs: GetGPOInfo failed.
USERENV(d4.2f4) 16:29:16:164 GetMachineToken: AcceptSecurityContext failed with 0x80090324
USERENV(d4.2f4) 16:29:16:164 GetGPOInfo: Failed to get the machine token with -2146893020
USERENV(d4.2f4) 16:29:16:164 ProcessGPOs: GetGPOInfo failed.
 
Upvote 0 Downvote
That kind of looks like the secure channel between the client and the domain has broken for some reason.

Have you tried disjoining a client from the domain and rejoining it?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
359
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
823
fredmartinmaine
fredmartinmaine
froggy8
  • Locked
  • Question
cant add my windows 7 pc to my domain 1
Replies
3
Views
329
hairlessupportmonkey
hairlessupportmonkey
Till
  • Locked
  • Question
Domain Admin Login Mail Notification
Replies
1
Views
319
technome
technome

Part and Inventory Search

Sponsor

Back
Top