Event ID 1101 and 1030

G

Guest

I have Windows 2000 Active Directory with some Windows 2003 Standard Servers.
These Win2003 Servers are ONLY for File Servers, and are NOT used for
anything else.

The Win2000 Domain Controllers and Win2003 Servers have DFS Service running
automatically.

When I check Application Event Viewer of my Win2003 Servers, each of my
Win2003 Server has Error Event ID 1101 and 1030.

Event ID: 1101
Source: Userenv
Description: Windows cannot access the the object
OU=_______,DC=______,DC=org in Active Directory. The access to the object may
be denied. Group Policy processing aborted.

Event ID: 1030
Source: Userenv
Description: Windows cannot query for the list of Group Policy objects.
Check the event log for possible messages previously logged by the policy
engine that describes the reason for this.

Could someone please help me?

I try to look for Windows 2003 Server newsgroup; but, there is none. So, I
hope it is appropriate to post this message here.

Thank you,
Ibnu
 
M

Mark Renoden [MSFT]

Hi

This might help:

1. On the Windows 2000-based domain controller, click "Start", point to
"Programs", point to "Administrative Tools", and then click "Active
Directory Users and Computers".

2. On the "View" menu, click "Advanced Features".

3. In the right pane, right-click the OU to which you applied Group Policy
for the 2003 servers, and then click "Properties".

4. Click the "Security" tab, and then click "Authenticated Users" from the
list.

5. In the "Permissions" box, make sure that the "Allow" check box is
selected for "Read".

6. Click the "Group Policy" tab, and then click "Properties".

7. Click the "Security" tab, and then click "Authenticated Users" from the
list.

8. In the "Permissions" box, make sure that the "Allow" check box is
selected for "Read" and "Apply Group Policy".

9. Click "Start", click "Run", type "cmd" (without the quotation marks), and
then click "OK".

10. At the command prompt, type "secedit /refreshpolicy user_policy
/enforce" (without the quotation marks), and then press ENTER.

11. Type "exit" (without the quotation marks), and then press ENTER to quit
the command prompt.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Greetings Mark

Thank you very much for the information.

I have followed and verified your steps below. However, it still does not
work.

The Win2003 Servers are located in
OU=FileServers,OU=AllServers,DC=DomainName,DC=org in Win2000 Active Directory.

The first GPO is applied to Domain (DC=DomainName).
There is no GPO applied to OU=AllServers.
The next GPO is applied to OU=FileServers.

And yet the EventID 1101 indicates that "Windows cannot access the the
object OU=AllServers,DC=DomainName,DC=org in Active Directory. The access to
the object may be denied."

So here are the steps that I take to verify OU=AllServers since there is no
GPO applied to it:
1. Right-click on OU=AllServers, and click "Properties"

2. Click on "Group Policy" tab, and there is no GPO listed there

3. Click on "Security" tab, highlight "Authenticated Users" and there is NO
Permission box that is selected/checked.
(Could this be the reason?. I then continue.)

4. Click on "Advanced..." button, the "Permission Entries" shows that
"Authenticated Users" are "Allow" on "Special" Permission that "Apply to"
"This object only"

5. Click on "View/Edit..." button, it shows "List Contents" and "Read
Permissions" boxes are checked for "Allow"

I then concluded that the "Security" settings on OU=AllServers is okay. Am
I wrong?

Best Regards,
Ibnu


Mark Renoden said:
Hi

This might help:

1. On the Windows 2000-based domain controller, click "Start", point to
"Programs", point to "Administrative Tools", and then click "Active
Directory Users and Computers".

2. On the "View" menu, click "Advanced Features".

3. In the right pane, right-click the OU to which you applied Group Policy
for the 2003 servers, and then click "Properties".

4. Click the "Security" tab, and then click "Authenticated Users" from the
list.

5. In the "Permissions" box, make sure that the "Allow" check box is
selected for "Read".

6. Click the "Group Policy" tab, and then click "Properties".

7. Click the "Security" tab, and then click "Authenticated Users" from the
list.

8. In the "Permissions" box, make sure that the "Allow" check box is
selected for "Read" and "Apply Group Policy".

9. Click "Start", click "Run", type "cmd" (without the quotation marks), and
then click "OK".

10. At the command prompt, type "secedit /refreshpolicy user_policy
/enforce" (without the quotation marks), and then press ENTER.

11. Type "exit" (without the quotation marks), and then press ENTER to quit
the command prompt.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Ibnu said:
I have Windows 2000 Active Directory with some Windows 2003 Standard
Servers.
These Win2003 Servers are ONLY for File Servers, and are NOT used for
anything else.

The Win2000 Domain Controllers and Win2003 Servers have DFS Service
running
automatically.

When I check Application Event Viewer of my Win2003 Servers, each of my
Win2003 Server has Error Event ID 1101 and 1030.

Event ID: 1101
Source: Userenv
Description: Windows cannot access the the object
OU=_______,DC=______,DC=org in Active Directory. The access to the object
may
be denied. Group Policy processing aborted.

Event ID: 1030
Source: Userenv
Description: Windows cannot query for the list of Group Policy objects.
Check the event log for possible messages previously logged by the policy
engine that describes the reason for this.

Could someone please help me?

I try to look for Windows 2003 Server newsgroup; but, there is none. So,
I
hope it is appropriate to post this message here.

Thank you,
Ibnu
Click to expand...
Click to expand...
 
M

Mark Renoden [MSFT]

Hi Ibnu

It sounds like an AD permissions problem on the AllServers OU object. The
simplest solution may be to move the FileServers OU temporarily out of the
AllServers OU (as well as any other OU's that are in the AllServers OU) and
delete and re-create the AllServers OU. Once this is done, move them back.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Ibnu said:
Greetings Mark

Thank you very much for the information.

I have followed and verified your steps below. However, it still does not
work.

The Win2003 Servers are located in
OU=FileServers,OU=AllServers,DC=DomainName,DC=org in Win2000 Active
Directory.

The first GPO is applied to Domain (DC=DomainName).
There is no GPO applied to OU=AllServers.
The next GPO is applied to OU=FileServers.

And yet the EventID 1101 indicates that "Windows cannot access the the
object OU=AllServers,DC=DomainName,DC=org in Active Directory. The access
to
the object may be denied."

So here are the steps that I take to verify OU=AllServers since there is
no
GPO applied to it:
1. Right-click on OU=AllServers, and click "Properties"

2. Click on "Group Policy" tab, and there is no GPO listed there

3. Click on "Security" tab, highlight "Authenticated Users" and there is
NO
Permission box that is selected/checked.
(Could this be the reason?. I then continue.)

4. Click on "Advanced..." button, the "Permission Entries" shows that
"Authenticated Users" are "Allow" on "Special" Permission that "Apply to"
"This object only"

5. Click on "View/Edit..." button, it shows "List Contents" and "Read
Permissions" boxes are checked for "Allow"

I then concluded that the "Security" settings on OU=AllServers is okay.
Am
I wrong?

Best Regards,
Ibnu


Mark Renoden said:
Hi

This might help:

1. On the Windows 2000-based domain controller, click "Start", point to
"Programs", point to "Administrative Tools", and then click "Active
Directory Users and Computers".

2. On the "View" menu, click "Advanced Features".

3. In the right pane, right-click the OU to which you applied Group
Policy
for the 2003 servers, and then click "Properties".

4. Click the "Security" tab, and then click "Authenticated Users" from
the
list.

5. In the "Permissions" box, make sure that the "Allow" check box is
selected for "Read".

6. Click the "Group Policy" tab, and then click "Properties".

7. Click the "Security" tab, and then click "Authenticated Users" from
the
list.

8. In the "Permissions" box, make sure that the "Allow" check box is
selected for "Read" and "Apply Group Policy".

9. Click "Start", click "Run", type "cmd" (without the quotation marks),
and
then click "OK".

10. At the command prompt, type "secedit /refreshpolicy user_policy
/enforce" (without the quotation marks), and then press ENTER.

11. Type "exit" (without the quotation marks), and then press ENTER to
quit
the command prompt.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

Ibnu said:
I have Windows 2000 Active Directory with some Windows 2003 Standard
Servers.
These Win2003 Servers are ONLY for File Servers, and are NOT used for
anything else.

The Win2000 Domain Controllers and Win2003 Servers have DFS Service
running
automatically.

When I check Application Event Viewer of my Win2003 Servers, each of my
Win2003 Server has Error Event ID 1101 and 1030.

Event ID: 1101
Source: Userenv
Description: Windows cannot access the the object
OU=_______,DC=______,DC=org in Active Directory. The access to the
object
may
be denied. Group Policy processing aborted.

Event ID: 1030
Source: Userenv
Description: Windows cannot query for the list of Group Policy objects.
Check the event log for possible messages previously logged by the
policy
engine that describes the reason for this.

Could someone please help me?

I try to look for Windows 2003 Server newsgroup; but, there is none.
So,
I
hope it is appropriate to post this message here.

Thank you,
Ibnu
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

Greetings Mark,

I moved my Win2003 Servers to "Computers" Container and I will see if the
errors disappear.

If the errors disappear, I will create a new OU for my Win2003 Servers and
move them there.

Thank you very much for all your help, and I will keep you posted.

Best Regards,
Ibnu


Mark Renoden said:
Hi Ibnu

It sounds like an AD permissions problem on the AllServers OU object. The
simplest solution may be to move the FileServers OU temporarily out of the
AllServers OU (as well as any other OU's that are in the AllServers OU) and
delete and re-create the AllServers OU. Once this is done, move them back.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Ibnu said:
Greetings Mark

Thank you very much for the information.

I have followed and verified your steps below. However, it still does not
work.

The Win2003 Servers are located in
OU=FileServers,OU=AllServers,DC=DomainName,DC=org in Win2000 Active
Directory.

The first GPO is applied to Domain (DC=DomainName).
There is no GPO applied to OU=AllServers.
The next GPO is applied to OU=FileServers.

And yet the EventID 1101 indicates that "Windows cannot access the the
object OU=AllServers,DC=DomainName,DC=org in Active Directory. The access
to
the object may be denied."

So here are the steps that I take to verify OU=AllServers since there is
no
GPO applied to it:
1. Right-click on OU=AllServers, and click "Properties"

2. Click on "Group Policy" tab, and there is no GPO listed there

3. Click on "Security" tab, highlight "Authenticated Users" and there is
NO
Permission box that is selected/checked.
(Could this be the reason?. I then continue.)

4. Click on "Advanced..." button, the "Permission Entries" shows that
"Authenticated Users" are "Allow" on "Special" Permission that "Apply to"
"This object only"

5. Click on "View/Edit..." button, it shows "List Contents" and "Read
Permissions" boxes are checked for "Allow"

I then concluded that the "Security" settings on OU=AllServers is okay.
Am
I wrong?

Best Regards,
Ibnu


Mark Renoden said:
Hi

This might help:

1. On the Windows 2000-based domain controller, click "Start", point to
"Programs", point to "Administrative Tools", and then click "Active
Directory Users and Computers".

2. On the "View" menu, click "Advanced Features".

3. In the right pane, right-click the OU to which you applied Group
Policy
for the 2003 servers, and then click "Properties".

4. Click the "Security" tab, and then click "Authenticated Users" from
the
list.

5. In the "Permissions" box, make sure that the "Allow" check box is
selected for "Read".

6. Click the "Group Policy" tab, and then click "Properties".

7. Click the "Security" tab, and then click "Authenticated Users" from
the
list.

8. In the "Permissions" box, make sure that the "Allow" check box is
selected for "Read" and "Apply Group Policy".

9. Click "Start", click "Run", type "cmd" (without the quotation marks),
and
then click "OK".

10. At the command prompt, type "secedit /refreshpolicy user_policy
/enforce" (without the quotation marks), and then press ENTER.

11. Type "exit" (without the quotation marks), and then press ENTER to
quit
the command prompt.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

I have Windows 2000 Active Directory with some Windows 2003 Standard
Servers.
These Win2003 Servers are ONLY for File Servers, and are NOT used for
anything else.

The Win2000 Domain Controllers and Win2003 Servers have DFS Service
running
automatically.

When I check Application Event Viewer of my Win2003 Servers, each of my
Win2003 Server has Error Event ID 1101 and 1030.

Event ID: 1101
Source: Userenv
Description: Windows cannot access the the object
OU=_______,DC=______,DC=org in Active Directory. The access to the
object
may
be denied. Group Policy processing aborted.

Event ID: 1030
Source: Userenv
Description: Windows cannot query for the list of Group Policy objects.
Check the event log for possible messages previously logged by the
policy
engine that describes the reason for this.

Could someone please help me?

I try to look for Windows 2003 Server newsgroup; but, there is none.
So,
I
hope it is appropriate to post this message here.

Thank you,
Ibnu
Click to expand...
Click to expand...
Click to expand...
 
G

Guest

Greetings Mark,

So far, the solution seems to work.

Thank you very much for all your help and suggestions.

Best regards,
Ibnu

Mark Renoden said:
Hi Ibnu

It sounds like an AD permissions problem on the AllServers OU object. The
simplest solution may be to move the FileServers OU temporarily out of the
AllServers OU (as well as any other OU's that are in the AllServers OU) and
delete and re-create the AllServers OU. Once this is done, move them back.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Ibnu said:
Greetings Mark

Thank you very much for the information.

I have followed and verified your steps below. However, it still does not
work.

The Win2003 Servers are located in
OU=FileServers,OU=AllServers,DC=DomainName,DC=org in Win2000 Active
Directory.

The first GPO is applied to Domain (DC=DomainName).
There is no GPO applied to OU=AllServers.
The next GPO is applied to OU=FileServers.

And yet the EventID 1101 indicates that "Windows cannot access the the
object OU=AllServers,DC=DomainName,DC=org in Active Directory. The access
to
the object may be denied."

So here are the steps that I take to verify OU=AllServers since there is
no
GPO applied to it:
1. Right-click on OU=AllServers, and click "Properties"

2. Click on "Group Policy" tab, and there is no GPO listed there

3. Click on "Security" tab, highlight "Authenticated Users" and there is
NO
Permission box that is selected/checked.
(Could this be the reason?. I then continue.)

4. Click on "Advanced..." button, the "Permission Entries" shows that
"Authenticated Users" are "Allow" on "Special" Permission that "Apply to"
"This object only"

5. Click on "View/Edit..." button, it shows "List Contents" and "Read
Permissions" boxes are checked for "Allow"

I then concluded that the "Security" settings on OU=AllServers is okay.
Am
I wrong?

Best Regards,
Ibnu


Mark Renoden said:
Hi

This might help:

1. On the Windows 2000-based domain controller, click "Start", point to
"Programs", point to "Administrative Tools", and then click "Active
Directory Users and Computers".

2. On the "View" menu, click "Advanced Features".

3. In the right pane, right-click the OU to which you applied Group
Policy
for the 2003 servers, and then click "Properties".

4. Click the "Security" tab, and then click "Authenticated Users" from
the
list.

5. In the "Permissions" box, make sure that the "Allow" check box is
selected for "Read".

6. Click the "Group Policy" tab, and then click "Properties".

7. Click the "Security" tab, and then click "Authenticated Users" from
the
list.

8. In the "Permissions" box, make sure that the "Allow" check box is
selected for "Read" and "Apply Group Policy".

9. Click "Start", click "Run", type "cmd" (without the quotation marks),
and
then click "OK".

10. At the command prompt, type "secedit /refreshpolicy user_policy
/enforce" (without the quotation marks), and then press ENTER.

11. Type "exit" (without the quotation marks), and then press ENTER to
quit
the command prompt.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

I have Windows 2000 Active Directory with some Windows 2003 Standard
Servers.
These Win2003 Servers are ONLY for File Servers, and are NOT used for
anything else.

The Win2000 Domain Controllers and Win2003 Servers have DFS Service
running
automatically.

When I check Application Event Viewer of my Win2003 Servers, each of my
Win2003 Server has Error Event ID 1101 and 1030.

Event ID: 1101
Source: Userenv
Description: Windows cannot access the the object
OU=_______,DC=______,DC=org in Active Directory. The access to the
object
may
be denied. Group Policy processing aborted.

Event ID: 1030
Source: Userenv
Description: Windows cannot query for the list of Group Policy objects.
Check the event log for possible messages previously logged by the
policy
engine that describes the reason for this.

Could someone please help me?

I try to look for Windows 2003 Server newsgroup; but, there is none.
So,
I
hope it is appropriate to post this message here.

Thank you,
Ibnu
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Event ID 1101 & 1030 problem 1
Event ID 1030 after 1065 error 3
Group policy and event 1030 1
Error when adding new DC 3
Event ID: 1030 on client machine 4
Event ID 1030 2
GPO Error 2
Group Policy Errors 6

Top