Can Anyone Interpret these USERENV.log errors?

[jim]

I am getting the following in the userenv.log I am also
getting userenv errors in my App events every 5 minutes.

USERENV(e8.2f8) 20:05:03:890 ParseRegistryFile: Failed to
read signature with 0
USERENV(e8.2f8) 20:05:04:000 ProcessGPORegistryPolicy:
ParseRegistryFile failed.
USERENV(e8.2f8) 20:05:04:000 ProcessGPOList:
ProcessGPORegistryPolicy failed.
USERENV(e8.2f8) 20:05:04:000 ProcessGPOs: Extension
Registry ProcessGroupPolicy failed, status 0x80004005.
USERENV(ab0.b20) 20:07:09:997 LoadUserProfile: Failed to
impersonate user with 5.

 

[David Everett [MSFT]]

It is possible the registry.pol file in the group policy is corrupted. See
"814751 You receive no warning that the Registry.pol file is corrupted"
http://support.microsoft.com/?id=814751

When you look at the userenv.log, just a few lines higher than what you
sent, do you see a path to a specific policy that is failing to apply? If
you do what is the GUID for the policy?

Also, if you run netdiag /v on the workstation does "Kerberos test" pass or
fail?

 

[jim]

The following is what is logged every 5 minutes in this
log. I did run the test you recommended ant it passed..
(Thanks for your help)

USERENV(f8.904) 04:50:26:350 ParseRegistryFile: Failed to
read signature with 0
USERENV(f8.904) 04:50:26:366 ProcessGPORegistryPolicy:
ParseRegistryFile failed.
USERENV(f8.904) 04:50:26:428 ProcessGPOList:
ProcessGPORegistryPolicy failed.
USERENV(f8.904) 04:50:26:428 ProcessGPOs: Extension
Registry ProcessGroupPolicy failed, status 0x80004005.
USERENV(f8.904) 04:50:33:944 ProcessGPOs: Extension
Security ProcessGroupPolicy failed, status 0x534.

 

[David Everett [MSFT]]

This log is a little different. Are you getting a SceCli error in the
Application event log of the workstation?

Can you send the userenv.log to my temporary hotmail address?

(e-mail address removed)

Verify the Preferred DNS server in the IP Properties of the workstation are
using the Internal DNS that the DC is using.

Thanks,

 

[David Everett [MSFT]]

Hi Jimmy,

You mentioned in an offline thread that "The following is the error im my
app log every 5 mitutes on the servers. I did a net helpmsg on 13 and it
said "The data is invalid"."

Source: Userenv
Description:
Windows cannot access the registry information at

\\domainname.com\sysvol\domainname.com\Policies\{31B2F340-016D-11D2-945F-00C
04FB984F9}\Machine\registry.pol with (13).

I replied with the following solution and you confirmed that it resolved
your issue.
_______________________________________________
It appears the registry.pol file under

\\domainname.com\sysvol\domainname.com\Policies\{31B2F340-016D-11D2-945F-00C
04FB984F9}\Machine is corrupt or "the data is invalid" for some reason.

The {31B2F340-016D-11D2-945F-00C04FB984F9} policy is the Default Domain
Policy.

The only way to recover from this is to remove the bad registry.pol file.
You will loose any custom setting you configured in the Computer
Configuration\Administrative Templates portion of the policy but you can add
them back later if you documented what these settings were. By default
there are none here.

Here are the steps to fix this:

1. Logon to the PDC Emualtor and Move the registry.pol file out of
c:\winnt\sysvol\domain\policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machi
ne to the desktop.

2. From the PDC Emulator open AD Users and Computers and Edit the Default
Domain Policy. Specifically, you want to make a minor change under Computer
Configuration\Administrative Templates to build a new registry.pol file. To
do this just Enable the policy setting called "Disable Autoplay" under
Computer Configuration\Administrative Templates\System. After the new
registry.pol file is generated the policy should apply to clients once it
has replicated to all DCs.

3. You can test it right away on the PDC emulator by running "secedit
/refreshpolicy machine_policy /enforce" (without the quotes) from the
command line. Check Application event log afterwards and verify there are
no SceCli or Userenv Errors.

If you want you can go back into the policy and set "Disable Autoplay" back
to not configured.
_______________________________________________
--
David Everett
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.