can't start GPO

M

Miha Bernik

I just installed a Win2k server and promote it to be a DC for my domain. It
has 2 NIC (private and public).
The problem is, when I try to run 'Doman Controller Security Policy' or
'Domain Security Policy' I get the following error:

"Failed to open the Grop Policy Object.You may not have appropriate rights"
"The remote computer is not available"
"The network path was not found"

I think that this could be some kind of a DNS problem but don't know how to
fix it. All other services are running OK, also all computers in LAN have
access to the internet.

Thanks in advance for all your help
Miha
 
A

Ace Fekay [MVP]

In
Miha Bernik said:
I just installed a Win2k server and promote it to be a DC for my
domain. It has 2 NIC (private and public).
The problem is, when I try to run 'Doman Controller Security Policy'
or 'Domain Security Policy' I get the following error:

"Failed to open the Grop Policy Object.You may not have appropriate
rights" "The remote computer is not available"
"The network path was not found"

I think that this could be some kind of a DNS problem but don't know
how to fix it. All other services are running OK, also all computers
in LAN have access to the internet.

Thanks in advance for all your help
Miha
Click to expand...

Dual NICs usually cause problems with AD if DNS is installed on the machine
due to which record is being resolved when the client or the DC queries to
"find" the domain.

In your case, assuming that one NIC is external and you are not hosting
public records, I would do this to clean it up:

In IP properties, point both NICs to just YOUR DNS server and Not the ISP's.
In DNS properties, interface tab, listen to just the internal IP.
In DNS properties, forwarder tab, type in the ISP's DNS address.
In Network & Dialup Window, Advanced menu, Advanced settings, in the top
window,move the internal interface to the top of the binding order.
On the extrernal NIC properties, uncheck File Print Services, MS Client.
On the extrernal NIC properties, IP properties, Advanced, WINS tab, disable
NetBIOS
Delete any external IP address in your zone name in DNS.
Make sure also that dynamic updates are set to Yes in the zone's properties.
Makes sure your Priamry DNS Suffix is spelled exactly as the zone name.

If your internal domain name is the same as your external domain name, then
there are a couple other steps too.

Hope this helps.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DNS issue 1
OUTLOOK 2003set rules with GPO 3
Event ID 1058 14
Group Policy Issue/Question 1
GPO problem 2
can't modify local security settings 2
DNS and DNS Zone problems. 6
Can't access DNS - Errors 1030 and 1058 5

Top