Results 1 to 7 of 7

Thread: Event ID:1030 & 1054 GP not applied

  1. #1
    Junior Member
    Join Date
    Nov 2004
    Posts
    4

    Exclamation Event ID:1030 & 1054 GP not applied

    I have a new domain on a windows 2003 server running as a Domain Controller/dns server. There are no other DC's on this domain. There are other domains on this network that have their own settings. My clients are Windows XP Pro.

    The clients are set to use the dns server of my new domain.

    I am able to join my new domain, search for computers, and Nslookup appears to work. However domain policies are not applied I get a Event ID: 1030 and 1054 in the error logs on the clients. I began trying to debug these problems but can't seem to figure out what is configured wrong on the server.

    When I use DCDIAG on the clients or server it reports no problems.

    When I use Netdiag I get changing problems.

    For this example my domain is called mydomain.local

    Netdiag shows host name as computername.different.org
    this different.org is the name of the other domain which runs the network and not mydomain.local... ??

    DC List Test Failed - Error No Browser Servers Found

    When I do a Netdiag /test:dclist it passes the test

    Some times when I run the netdiag I also get a DNS test failed the DNS registration for computername.mydomain.local is incorrect on all dns servers.

    I am not sure what to try next. I am sure it is something I just don't know that I have configured incorrectly.

    I'd appreciate your help!

    Thanks,

    Willard
    Last edited by wills3; November 10th, 2004 at 15:41 PM. Reason: format mistakes

  2. #2
    Junior Member
    Join Date
    Nov 2004
    Posts
    4

    DHCP comes from the other Domain

    Perhaps the problem is that the DHCP service is provided by a server on the other domain (same network) different.org? Could this be why I get those messages.

  3. #3
    Junior Member
    Join Date
    Nov 2004
    Location
    Kentucky
    Posts
    38
    That is very possible since that DHCP server..on your old domain, maybe be giving your clients the address to that dns server on the old domain instead of the new.

    Have you tried to scavenge stale resource records? Maybe it replicated data from the dns servers on the other domain. Also check your fowarders, by default they are set to forward to all other domains. But you might want to turn that off for the new domain. Also, to see a move advanced log of group policy apply issues on your client machines. If you go to windows\debug\usermode\userenv.log. Look in there and see what common errors your getting. It will tell you if the client machines are even seeing the GP. Hope any of this helps.

  4. #4
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    686
    Is your DHCP server including the DNS of the other domain in the provided settings?
    Is the DHCP server registering the leases in that DNS/DC server?
    Is it nearly Christmas already?

  5. #5
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,222
    I never did really thought on how to run more than one Domain in the same network. I had always separated the networks thru the physical media. As pointed out DHCP will register automatically with DNS. I also hear in one webcast 2 weeks ago, that on multiple domains (here becomes kind of fuzzy my memory) even thought you are registered with one domain, if you are getting settings from another, it will try to talk with the other bla bla bla. Sorry, I can't remember well, but it should provide some area to think. I would say, Check which GC you are connecting too. Check the DNS settings in the DNS server. (from the DNS console and the network properties) Make sure it is pointing to itself, and that it has forwarders set up. Check the partners replication (you don't want it to synch with other domain DNS)(thought then again, in some cases you might want to)
    I find it a lot easier, to make a list of which server should have which service, and then I check to make sure those settings are true

  6. #6
    Junior Member
    Join Date
    Nov 2004
    Posts
    4

    Problem Solved

    All,

    Happy news!!

    This problem has been solved. Thank you all, for your help!!

    Although the single or dual cause could not determined these are the two things that seemed to contribute to the problem.

    I had two NIC's on the client one was not connected to the internet the other was. I disabled one totally.

    I had Norton Internet Security but it was still set to only trust the old domain. I added the ip address of the new DC/DNS/AD server.

    The clue here was the error message in GPMC which said there was a core failure - I could edit and see GP's from the machine in question but GP could not be applied..

    I did a:
    ipconfig /flushdns
    ipconfig /registerdns

    Everything appears to be working now according to GPMC. (It is so much easier to use the new GPMC then the old MMC RSOP add in)

    Also the KB MS document:

    http://www.microsoft.com/downloads/d...displaylang=en

    for trouble shooting GP in MS Win Serv 2003 was a big help.


    My next task is to determine how to properly harden my DC/AD/DNS server with a firewall.

    HAPPY HOLIDAYS!!!

  7. #7
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,222
    IF you want to really harden it, then you know you need layer 7, and that the servers have to have firewall in them too. I haven't played with the firewall in the server because my boss seems to think it is more important to give the users continuos access withouth interruptions (which will occurr while deployment and testing) than security. He thinks a layer 2 and 3 firewall is enough. Should I show him the logs from my web server??

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •