Microsoft KB Archive/259398

From BetaArchive Wiki
Knowledge Base


SceCli Event ID 1001 and UserEnv Event ID 1000 when DFS client is disabled

Article ID: 259398

Article Last Modified on 2/28/2007


APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition


This article was previously published under Q259398

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry


SYMPTOMS

Group Policies may not be applied and error messages similar to the following messages may be recorded in the Application log in Event Viewer:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 4/7/2000
Time: 4:25:40 AM
User: NT AUTHORITY\SYSTEM
Computer: MYCOMPUTER
Description: Windows cannot access the registry information at \\mydomain.com\sysvol\mydomain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol with (51).

Event Type: Error
Event Source: SceCli
Event Category: None
Event ID: 1001
Date: 4/7/2000
Time: 4:30:46 AM
User: N/A
Computer: MYCOMPUTER
Description: Security policy cannot be propagated. Cannot access the template. Error code = 3. \\mydomain.com\sysvol\mydomain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 4/7/2000
Time: 4:30:46 AM
User: NT AUTHORITY\SYSTEM
Computer: MYCOMPUTER
Description: The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (3).

CAUSE

The \\Active Directory Domain Name\Sysvol share is a special share that requires the distributed file system (DFS) client to make a connection, and a valid Domain name record in DNS. If the DFS client is disabled, the domain records are missing, or the DNS records are not being registered properly, the error messages are generated.

RESOLUTION

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Check the following registry value:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup
DisableDFS: REG_DWORD: range: 0 or 1
0 = enabled; 1 = disabled
Default: 0


Make sure that the value is set to 0, enabling the Dfs client. Also, File and Printer Sharing for Microsoft Networks must be enabled on the interface.

Verify the DNS Forward Lookup Zone has the correct A records for the domain name and domain controllers. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

258213 Registration of gc._msdcs.<DnsForestName> records in DNS Is required


To ensure the DNS Records are being registered, verify the following registry setting:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Value: RegisterDnsARecords
Data type: REG_DWORD
Default value: 1 (1=Enabled, 0=Disabled)


Keywords: kbdfs kberrmsg kbprb KB259398



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/259398&oldid=316637
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki