event error 1000 in userenv

[luke]

I have the below error. I know there is a article in
knowledge base 258960. I have confirmed that there is only
one ip address for this server. This error occurs every 2
hours.
My server is with windows 2000 SP4 and the latest hotfixes.
I have tried disjoin and re-join the server to the domain
but to no avail.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 11/29/2003
Time: 5:59:49 PM
User: NT AUTHORITY\SYSTEM
Computer: computername
Description: Windows cannot access the registry
information at
\\mydomain.com\sysvol\mydomain.com\Policies\{31B2F340-016D-
11D2-945F-00C04FB984F9}\Machine\registry.pol with (1231).

Please, anyone any idea what is going on?

 

[Alan Sterling \(MSFT\)]

Hi Luke:
To resolve this behavior, on Microsoft Windows 2000 Server-based domain
controllers, reset the share permissions for the %SystemRoot%\SYSVOL\Sysvol
folder to the following default permissions:

Administrators - Full Control

Authenticated Users - Full Control

Everyone - Read

The file permissions for the Sysvol folder may or may not be affected. Their
default settings are as follows:

Administrators - Full Control

Authenticated Users - Read, Read and Execute, and List Folder

System - Full Control

Server Operators - Read, Read and Execute, and List Folder


These permissions are set for the %SystemRoot%\SYSVOL folder and are marked
as inherited (they are checked but dimmed) for the
%SystemRoot%\SYSVOL\Sysvol folder.

Thanks

 

[Bobby Davies]

Even if we are not using roaming profiles?

Hi Luke:
To resolve this behavior, on Microsoft Windows 2000 Server-based domain
controllers, reset the share permissions for the %SystemRoot%\SYSVOL\Sysvol
folder to the following default permissions:

Administrators - Full Control

Authenticated Users - Full Control

Everyone - Read

The file permissions for the Sysvol folder may or may not be affected. Their
default settings are as follows:

Administrators - Full Control

Authenticated Users - Read, Read and Execute, and List Folder

System - Full Control

Server Operators - Read, Read and Execute, and List Folder


These permissions are set for the %SystemRoot%\SYSVOL folder and are marked
as inherited (they are checked but dimmed) for the
%SystemRoot%\SYSVOL\Sysvol folder.

Thanks

 

[Buz [MSFT]]

Hello Bobby,

Roaming profiles have nothing to do with this. Everyone who gets policies
needs to access the Sysvol share including domain controllers and they need
to access it by > > > \\mydomain.com\sysvol\mydomain.com\Policies\{polciy
GUID)

They find this via DNS, so your issue is either DNS, Network Connectivity,
or permissions related.


The error you are getting (1231) maps to "The Network Location Cannot Be
Reached"

From a command prompt type:

net helpmsg 1231

This works for most but not all error numbers.

Also make sure that NetBIOS TCP/IP Service is disabled on the workstations
and servers and that DHCP Client is enabled on both the workstations and
servers (which is the default).



Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.