Error message when opening a Domain Group Policy Object

[Jane]

Hi,

I got error message as:

The domain controller for Group Policy operations is not
available. You may cancel this operation for this session
or retry using one of the following domain controller
choices:
The one with the Operations Master token for the PDC
emulator

The one used by the Active Directory Snap-ins

Use any available domain controller


When I choose any of these options, I got the following
error message:

Failed to find a domain controller. There may be a policy
that prevents you from selecting another domain
controller.


Details: The network path was not found.

Seems like http://support.microsoft.com/default.aspx?
scid=kb;en-us;257435

But I have checked two possible reasons:
1.File and Printer Sharing for Microsoft Networks is not
enabled on the domain controller.
2.The TCP/IP NetBIOS Helper service is disabled.

They are all correct setting on server.

Thanks.

 

[Steven L Umbach]

Those settings also need to be correct on the domain controller itself.. I
would check the Event Viewer for the domain controllers to see if they are
reporting any pertinent errors [relating to sysvol or such] and try to ping
the domain controller first by IP address and then by name to establish
basic network connectivity or not. Also run netdiag on the computer you are
trying this from and maybe on the domain controller in addition to dcdiag on
the domain controller lookin for any failed tests. These tools are located
on the install cd under support/tools where you will need to run setup. I
suppose you could have a problem with dns configuration which can lead to a
lot of problems in an AD domain. Netdiag and dcdiag may show that. ---
Steve

 

[Jane]

Thanks,

There is Netlogon Error in system log. EventID:5774

"Registration of the DNS record '9f145c13-a4bd-42ce-8a7e-
5204954416f3._msdcs.xyz.com. 600 IN CNAME abc.xyz.com.'
failed with the following error:
DNS operation refused. "

There is another error in application log. EventID:1002

"Default group policy object cannot be created. Error
80070035 to open GPO Domain EFS Recovery Policy in domain
LDAP://DC=xyz,DC=com. "

What should I do? Thanks again.

-----Original Message-----
Those settings also need to be correct on the domain controller itself.. I
would check the Event Viewer for the domain controllers to see if they are
reporting any pertinent errors [relating to sysvol or such] and try to ping
the domain controller first by IP address and then by name to establish
basic network connectivity or not. Also run netdiag on the computer you are
trying this from and maybe on the domain controller in addition to dcdiag on
the domain controller lookin for any failed tests. These tools are located
on the install cd under support/tools where you will need to run setup. I
suppose you could have a problem with dns configuration which can lead to a
lot of problems in an AD domain. Netdiag and dcdiag may show that. ---
Steve

Hi,

I got error message as:

The domain controller for Group Policy operations is not
available. You may cancel this operation for this session
or retry using one of the following domain controller
choices:
The one with the Operations Master token for the PDC
emulator

The one used by the Active Directory Snap-ins

Use any available domain controller


When I choose any of these options, I got the following
error message:

Failed to find a domain controller. There may be a policy
that prevents you from selecting another domain
controller.


Details: The network path was not found.

Seems like http://support.microsoft.com/default.aspx?
scid=kb;en-us;257435

But I have checked two possible reasons:
1.File and Printer Sharing for Microsoft Networks is not
enabled on the domain controller.
2.The TCP/IP NetBIOS Helper service is disabled.

They are all correct setting on server.

Thanks.

.

 

[Steven L Umbach]

http://eventid.net is a good place to look up info on Event ID's as is
Microsoft. See the link below for what Eventid.net reported on 5774 as it
relates to dns and 1002 lists a lot of possibilities based on the source
reported. The dns problem could be causing the problem opening Group policy.
The next thing I would do is to run netdiag and dcdiag on the domain
controller looking for failed tests and warnings/errors. First I would check
that dns is configured correctly on the domain controllers in that they must
point to themselves or another domain controller in the domain running AD
dns zone. If they are, sometimes running netdiag /fix followed by restarting
the netlogon service can help. -- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;219289 --- description
of netdiag /fix
http://www.eventid.net/display.asp?eventid=5774&source=
http://www.eventid.net/display.asp?eventid=1002&source=

Thanks,

There is Netlogon Error in system log. EventID:5774

"Registration of the DNS record '9f145c13-a4bd-42ce-8a7e-
5204954416f3._msdcs.xyz.com. 600 IN CNAME abc.xyz.com.'
failed with the following error:
DNS operation refused. "

There is another error in application log. EventID:1002

"Default group policy object cannot be created. Error
80070035 to open GPO Domain EFS Recovery Policy in domain
LDAP://DC=xyz,DC=com. "

What should I do? Thanks again.

-----Original Message-----
Those settings also need to be correct on the domain controller itself.. I
would check the Event Viewer for the domain controllers to see if they are
reporting any pertinent errors [relating to sysvol or such] and try to ping
the domain controller first by IP address and then by name to establish
basic network connectivity or not. Also run netdiag on the computer you are
trying this from and maybe on the domain controller in addition to dcdiag on
the domain controller lookin for any failed tests. These tools are located
on the install cd under support/tools where you will need to run setup. I
suppose you could have a problem with dns configuration which can lead to a
lot of problems in an AD domain. Netdiag and dcdiag may show that. ---
Steve

Hi,

I got error message as:

The domain controller for Group Policy operations is not
available. You may cancel this operation for this session
or retry using one of the following domain controller
choices:
The one with the Operations Master token for the PDC
emulator

The one used by the Active Directory Snap-ins

Use any available domain controller


When I choose any of these options, I got the following
error message:

Failed to find a domain controller. There may be a policy
that prevents you from selecting another domain
controller.


Details: The network path was not found.

Seems like http://support.microsoft.com/default.aspx?
scid=kb;en-us;257435

But I have checked two possible reasons:
1.File and Printer Sharing for Microsoft Networks is not
enabled on the domain controller.
2.The TCP/IP NetBIOS Helper service is disabled.

They are all correct setting on server.

Thanks.

.

 

[Jane]

Thanks, Steve.

I will try.

-----Original Message-----
http://eventid.net is a good place to look up info on Event ID's as is
Microsoft. See the link below for what Eventid.net reported on 5774 as it
relates to dns and 1002 lists a lot of possibilities based on the source
reported. The dns problem could be causing the problem opening Group policy.
The next thing I would do is to run netdiag and dcdiag on the domain
controller looking for failed tests and warnings/errors. First I would check
that dns is configured correctly on the domain controllers in that they must
point to themselves or another domain controller in the domain running AD
dns zone. If they are, sometimes running netdiag /fix followed by restarting
the netlogon service can help. -- Steve

http://support.microsoft.com/default.aspx?scid=kb;en- us;219289 --- description
of netdiag /fix
http://www.eventid.net/display.asp?eventid=5774&source=
http://www.eventid.net/display.asp?eventid=1002&source=

Thanks,

There is Netlogon Error in system log. EventID:5774

"Registration of the DNS record '9f145c13-a4bd-42ce- 8a7e-
5204954416f3._msdcs.xyz.com. 600 IN CNAME abc.xyz.com.'
failed with the following error:
DNS operation refused. "

There is another error in application log. EventID:1002

"Default group policy object cannot be created. Error
80070035 to open GPO Domain EFS Recovery Policy in domain
LDAP://DC=xyz,DC=com. "

What should I do? Thanks again.

-----Original Message-----
Those settings also need to be correct on the domain controller itself.. I
would check the Event Viewer for the domain controllers to see if they are
reporting any pertinent errors [relating to sysvol or such] and try to ping
the domain controller first by IP address and then by name to establish
basic network connectivity or not. Also run netdiag on the computer you are
trying this from and maybe on the domain controller in addition to dcdiag on
the domain controller lookin for any failed tests.

These
tools are located

on the install cd under support/tools where you will

need
to run setup. I

suppose you could have a problem with dns configuration which can lead to a
lot of problems in an AD domain. Netdiag and dcdiag may show that. ---
Steve

Hi,

I got error message as:

The domain controller for Group Policy operations is not
available. You may cancel this operation for this session
or retry using one of the following domain controller
choices:
The one with the Operations Master token for the PDC
emulator

The one used by the Active Directory Snap-ins

Use any available domain controller


When I choose any of these options, I got the following
error message:

Failed to find a domain controller. There may be a policy
that prevents you from selecting another domain
controller.


Details: The network path was not found.

Seems like http://support.microsoft.com/default.aspx?
scid=kb;en-us;257435

But I have checked two possible reasons:
1.File and Printer Sharing for Microsoft Networks is not
enabled on the domain controller.
2.The TCP/IP NetBIOS Helper service is disabled.

They are all correct setting on server.

Thanks.



.

.