Group policy problem, Win Xp sp2

[maxwell]

In our Windows 2000 AD domain, we have five domain
controllers:
PDC 1 (dns server)
BDC 2 (dns server)
BDC 3
BDC 4
BDC 5

Few days ago, three windows Xp SP2 machines started to
cause problems.

When I turn computer on, everything goes well, but just
after logging in it just hangs, --> several restarts and
if I am lucky, problem is gone for a while. If computer is
unplugged from network, everything works well.

I checked event viewer and found these messages

"The Group Policy client-side extension Security failed to
execute. Please look for any errors reported earlier by
that extension."

"Security policy cannot be propagated. Cannot access the
template. Error code = -536870909"

I checked domain controller's (PDC 1) event log, and there
was these messages,

" The group policy client-side extension security was
passed flags (17) and returned a failure status code of (-
536870909)"

and event ID 1265
"The attempt to establish a replication link with
parameters
Partition: DC=yourinfo,DC=yourinfo,DC=yourinfo,DC=com
Source DSA DN: CN=NTDS Settings,CN=NT5-PCI-
20,CN=Servers,CN=GSCIntranet,CN=Sites,CN=Configuration,DC=c
hild,DC=yourdomain,DC=com
Source DSA Address:
<YourDomainController>.<YourDomain.com>
Inter-site Transport (if any): failed with the following
status:
The DSA operation is unable to proceed because of a DNS
lookup failure. The record data is the status code. This
operation will be retried."

I would appreciate, if someone could point me to right
direction, what to do.

 

[Tim Springston [MS]]

Hi Maxwell-

It may be that your default policies GPTTEMPL.INF files are empty or
missing. In a Windows 2000 domain, you would need the RECREATEDEFPOL.EXE
tool to recreate the default policies (a free tool available from PSS-just
call in), and for Windows Server 2003 there is a builtin tool called
DCGPOFIX.EXE.

Please repost if we this does not do the trick.

 

[Jerold Schulman]

THe RECREATEDEFPOL.EXE tool is available for download.
See tip 8061 in the 'Tips & Tricks' at http://www.jsiinc.com

In our Windows 2000 AD domain, we have five domain
controllers:
PDC 1 (dns server)
BDC 2 (dns server)
BDC 3
BDC 4
BDC 5

Few days ago, three windows Xp SP2 machines started to
cause problems.

When I turn computer on, everything goes well, but just
after logging in it just hangs, --> several restarts and
if I am lucky, problem is gone for a while. If computer is
unplugged from network, everything works well.

I checked event viewer and found these messages

"The Group Policy client-side extension Security failed to
execute. Please look for any errors reported earlier by
that extension."

"Security policy cannot be propagated. Cannot access the
template. Error code = -536870909"

I checked domain controller's (PDC 1) event log, and there
was these messages,

" The group policy client-side extension security was
passed flags (17) and returned a failure status code of (-
536870909)"

and event ID 1265
"The attempt to establish a replication link with
parameters
Partition: DC=yourinfo,DC=yourinfo,DC=yourinfo,DC=com
Source DSA DN: CN=NTDS Settings,CN=NT5-PCI-
20,CN=Servers,CN=GSCIntranet,CN=Sites,CN=Configuration,DC=c
hild,DC=yourdomain,DC=com
Source DSA Address:
<YourDomainController>.<YourDomain.com>
Inter-site Transport (if any): failed with the following
status:
The DSA operation is unable to proceed because of a DNS
lookup failure. The record data is the status code. This
operation will be retried."

I would appreciate, if someone could point me to right
direction, what to do.

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Guest]

Everything is in order now, so thank you for your help .