Microsoft KB Archive/935918

= Error message when you try to apply a policy setting to Windows Server 2003-based domain controllers and to other domain clients: &quot;Configuration information could not be read from the domain controller&quot; =

Article ID: 935918

Article Last Modified on 5/10/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

-



SYMPTOMS
In a domain environment, when you try to apply a Group Policy setting to Microsoft Windows Server 2003-based domain controllers and to other domain clients, the policy setting is not applied. When you try to access the Sysvol folder on a domain controller by using its fully qualified domain name (FQDN) in the form \\ \Sysvol, you may receive the following error message:

&quot;Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.&quot;

Note you can access the Sysvol folder by using the domain controller's IP address or the domain controller's NetBIOS name.

When this issue occurs, the following event messages may be logged every five minutes in the domain controllers' Application logs.

Event 1058

Event Type: Error

Event Source: Userenv

Event Category: None

Event User: NT AUTHORITY\SYSTEM

Event ID: 1058

Description:

Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC= ,DC=. The file must be present at the location <\\ \sysvol\ \Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.). Group Policy processing aborted.

Event 1030

Event Type: Error

Event Source: Userenv

Event Category: None

Event User: NT AUTHORITY\SYSTEM

Event ID: 1030

Description:

Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. For more information, see Help and Support Center at http://support.microsoft.com.

When you type the dfsutil /pktinfo command at a command prompt on the domain controller, you may see output that resembles the following. Microsoft(R) Windows(TM) Dfs Utility Version 4.0 Copyright (C) Microsoft Corporation 1991-2001. All Rights Reserved.

--mup.sys-- 1 entries... Entry: \contoso.com\sysvol ShortEntry: \contoso.com\sysvol Expires in 300 seconds UseCount: 0 Type:0x11 ( OUTSIDE_MY_DOM DFS ) 0:[\dc1.contoso.com\sysvol] State:0x21 1:[\dc2.contoso.com\sysvol] State:0x21

DfsUtil command completed successfully.



CAUSE
This issue may occur if you have used the FQDNs of the domain controllers of the domain forest to create trust relationships between domain controllers in Active Directory Domains and Trusts.



RESOLUTION
To resolve this issue, remove the domain controller entries from Active Directory Domains and Trusts. To do this, follow these steps:
 * 1) Click Start, type domain.msc, and then click OK to open Active Directory Domains and Trusts.
 * 2) In the console tree, right-click the domain that contains the trust entries that you want to remove, and then click Properties.
 * 3) Click the Trusts tab, click the trust entry for a domain controller that you want to remove, and then click Remove.
 * 4) Follow the instructions on the screen to remove the trust entry for the domain.
 * 5) Repeat steps 3 and 4 for other domain controller trust entries.
 * 6) Click OK to close the domain properties dialog box.
 * 7) Exit Active Directory Domains and Trusts.
 * 8) Restart all the domain controllers for which you removed the trust entries.



MORE INFORMATION
For more information, click the following article number to view the article in the Microsoft Knowledge Base:

888943 Event 1030 and event 1058 may be logged, and you may not be able to start the Group Policy snap-in on your Windows Small Business Server 2003 computer

Keywords: kbexpertiseinter kbtshoot kbprb KB935918

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.