Microsoft KB Archive/258296

From BetaArchive Wiki
Knowledge Base


Cannot Access Group Policy Objects--Event ID 1000 and Event ID 1001 Logged

Article ID: 258296

Article Last Modified on 2/28/2007


APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server


This article was previously published under Q258296

SYMPTOMS

If the primary network adapter in a multihomed domain controller does not have File and Printer Sharing bound to it, multiple problems are logged or displayed when you attempt to work with Group Policy objects on the domain controller.

The Application log contains the following error messages:

UserEnv 1000 The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (3).

SceCli 1001 Security policy cannot be propagated. Cannot access the template. Error code = 3. \\domain name\sysvol\domain name\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.

UserEnv 1000 Windows cannot access the registry information at \\domain name\sysvol\domain name\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol with (51).

Attempting to gain access to the Group Policy objects by using the Domain Security policy and the Default Domain Controller Security policy displays a "Group Policy Error" error message. The text of the message states: "Failed to Open Group Policy Object. You may not have appropriate rights. Details: The network path not found."

Attempting to access the Group Policy objects by using the Active Directory Users and Computers snap-in or Group Policy Editor displays a "Domain Controller for Domain domain name not found" error message. There are several options, none of which work.

Attempting to open the Sysvol share by using \\domain name\sysvol causes a "Remote Computer not available" error message.

CAUSE

Windows 2000 is attempting to access its Sysvol share through the primary network adapter to read the group policies. Because the share is unavailable through that adapter, the operation does not work.

RESOLUTION

Change the binding order of the network adapters so that the adapter that is listed at the top of the Connections list has File and Printer Sharing bound to it:

  1. Click Start, point to Settings, click Control Panel, and then double click Network and Dial-up Connections.
  2. On the Advanced menu, click Advanced Settings.
  3. In the Connections box, click the network adapter with File and Printer Sharing bound to it.
  4. Click the arrow buttons on the right side to move the adapter to the top of the list.
  5. Click OK.


STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Keywords: kbenv kbgpo kbnetwork kbprb KB258296



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/258296&oldid=378686
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki