[roguecoolman]

I'm getting 1058/1030 errors and it's pointing to an access denied error on gpt.ini in the default domain policy. I'm getting this on all DC's on my child domain in the event viewer.

I've consulted the following thread as well: http://www.petri.co.il/forums/showthread.php?t=1101

and numerous others.

so far i know this:

1. i can net user \\anydc\sysvol and no connection issue
2. I can physically access the files and all folders that the error is pointing to on any dc

When I checked the folder permission for folder {31B..} under \\DC\SYSVOL\child.domain.com\policies\{31b..}

was:

Administrators - Full Control
Authenticated users - Read and Execute
Server Operators - Read and Execute
Creator Owner - Special - Full Control
System - Special - Full Control

this was inherited to all file and folders under the root folder.

Is the permissions correct? What is the default permissions for default domain policy in sysvol share?

the other GPO's folder permissions are:

Domain Admins (Child Domain\Domain Admins) - Full Control
Creator Owner - Full Control
SYSTEM - Full Control
Enterprise ADmins (Root forest\Enterprise Admins) - full control
Authenticated Users - Read and Execute
Enterprise Domain Controllers - Read and Execute

should i reset the "problem" folder to the the following above?

I really hate this error because it's so hard to track down.

Other than seeing this on my event viewer, there is nothing wrong with the domain. Users can login and so forth.


Thanks in advance

[kapilsharma11]

Hi,

Check this out:

http://support.microsoft.com/kb/888943

http://support.microsoft.com/kb/842804

Regards,

[roguecoolman]

Thanks for your reply.

The first KB article doesn't apply to me as I don't have problems opening up the gpo snap-in.

I've looked through the 2nd article and verified the services are started. I've doubled checked the sysvol share/ntfs permission and it's set to what other articles have pointed out.

I'm curious, but under the sysvol/policies share, are all the permissions there different for every policy? Does anyone know what the default domain policy permissions should be?

[roguecoolman]

I've also noticed a strange thing. On my DC, whenever I access the sysvol share, i get an event ID 3019 MRxSMB warning - The redirector failed to determine the connection type?

every time i navigate a folder I get one warning in the SYSVOL share. Is this normal?

[kapilsharma11]

Hi,

You can safely ignore this information:

http://support.microsoft.com/kb/315244

Regards,

[kapilsharma11]

Additionally default permissions are as given in below KB:

http://support.microsoft.com/kb/319808

Regards,

[roguecoolman]

Thanks for the links!

so status update, after rebooting the servers the messages have completely disappeared.

prior to that, I thought there was some FRS replication issue or something so i watched it with sonar and nothing turned up. As far as I can tell, the domain was functioning fine before the reboot. After the reboot there has been no change in functionality, just the errors are gone.

this is quite mysterious.