Group policy issue............
Windows Server Forum Index Windows Server
Server discussion on Windows platform.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winserverhelp.com
Group policy issue............

 
Post new topic   Reply to topic    Windows Server Forum Index -> Active Directory
Author Message
Guest
Posted: Fri Nov 11, 2005 1:50 pm    Post subject: Group policy issue............ Reply with quote
I'm getting the following errors logged on my workstations in an AD
domain I've recently setup...... and groups policies aren't getting
applied to my workstations any suggestions on whats the
cause............

Application Event Log


Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 5/31/2002
Time: 5:36:16 PM
User: N/A
Computer: TREATMENT
Description:
Automatic certificate enrollment for local system failed to contact the

active directory (0x80072095). A directory service error has occurred.

Enrollment will not be performed.


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 5/31/2002
Time: 5:35:15 PM
User: NT AUTHORITY\SYSTEM
Computer: TREATMENT
Description:
Windows cannot determine the user or computer name. (An internal error
occurred. ). Group Policy processing aborted.


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


System Event Log


Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 5/31/2002
Time: 5:57:45 PM
User: N/A
Computer: TREATMENT
Description:
The Security System detected an attempted downgrade attack for server
ldap/312server1.mydomain.com. The failure code from authentication
protocol
Kerberos was "No authority could be contacted for authentication.
(0x80090311)".


Thanks alot

Momo
Back to top
Paul Williams [MVP]
Guest
Posted: Sun Nov 13, 2005 1:50 pm    Post subject: Re: Group policy issue............ Reply with quote
Don't worry about the Autoenrollment one for now.

The other two are probably down to a DNS misconfiguration. Ensure that the
DNS zone that maps to your AD namespace allows dynamic updates, and that the
clients are configured to a). point to your DC/ DNS server (not a public
one) and b). configured to register in DNS (this is enabled by default).


www.eventid.net is a good place to find other, helpful hints on what could
be wrong. Just remember that you MUST use an internal DNS server that is
authorative for your AD namespace, and not a public one, e.g. your ISPs.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
Back to top
Zeno
Guest
Posted: Mon Nov 14, 2005 1:50 pm    Post subject: Re: Group policy issue............ Reply with quote
I've checked the DNS settings and they seem to be correct. What seems
to be strange is I can't access the \sysvol directory on the DC's which

may be the cause.....


I tried clicking on \sysvol and it gives an error "you don't have
permissions to use this network resource........ the user have not
been granted the requested logon type at this computer..........."


I can't even access the UNC path.....


Tried changing the "Access computer from network policy and that seems
fine.... also checked permissions on \sysvol directory and they seem
fine tooo
Back to top
 
Post new topic   Reply to topic    Windows Server Forum Index -> Active Directory All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




New Topics Powered by phpBB