Microsoft KB Archive/259398

= SceCli Event ID 1001 and UserEnv Event ID 1000 when DFS client is disabled =

Article ID: 259398

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q259398



Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
Group Policies may not be applied and error messages similar to the following messages may be recorded in the Application log in Event Viewer:

Event Type: Error

Event Source: Userenv

Event Category: None

Event ID: 1000

Date: 4/7/2000

Time: 4:25:40 AM

User: NT AUTHORITY\SYSTEM

Computer: MYCOMPUTER

Description: Windows cannot access the registry information at \\ \sysvol\ \Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol with (51).

Event Type: Error

Event Source: SceCli

Event Category: None

Event ID: 1001

Date: 4/7/2000

Time: 4:30:46 AM

User: N/A

Computer: MYCOMPUTER

Description: Security policy cannot be propagated. Cannot access the template. Error code = 3. \\ \sysvol\ \Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.

Event Type: Error

Event Source: Userenv

Event Category: None

Event ID: 1000

Date: 4/7/2000

Time: 4:30:46 AM

User: NT AUTHORITY\SYSTEM

Computer: MYCOMPUTER

Description: The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (3).



CAUSE
The \\ \Sysvol share is a special share that requires the distributed file system (DFS) client to make a connection, and a valid Domain name record in DNS. If the DFS client is disabled, the domain records are missing, or the DNS records are not being registered properly, the error messages are generated.



RESOLUTION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Check the following registry value:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup

DisableDFS: REG_DWORD: range: 0 or 1

0 = enabled; 1 = disabled

Default: 0

Make sure that the value is set to 0, enabling the Dfs client. Also, File and Printer Sharing for Microsoft Networks must be enabled on the interface.

Verify the DNS Forward Lookup Zone has the correct A records for the domain name and domain controllers. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

258213 Registration of gc._msdcs. records in DNS Is required

To ensure the DNS Records are being registered, verify the following registry setting:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Value: RegisterDnsARecords

Data type: REG_DWORD

Default value: 1 (1=Enabled, 0=Disabled)

Keywords: kbdfs kberrmsg kbprb KB259398

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.