Userenv Error on GP's

Userenv Error on GP's

Post by Cort » Fri, 12 Sep 2003 04:16:58


We have a Domain with Win2k Servers and workstations. I
have created a GP to deploy SP4 to all my PC's. My Pc's
are a mixture of Dell and Compaq machines. About half of
my machines received the GP without any problems. The
other half have an error in their application log that
says:

Source: Userenv
Event ID: 1000
User: NT AUTHORITY\SYSTEM
Description: Windows cannot query for the list of Group
Policy objects . A message that describes the reason for
this was previously logged by this policy engine.

I set up the SP4 share with everyone access, so that
should not be an issue. It looks like this is an issue on
those individual machines.

All the clients are in the same OU where the policy is
being applied.
We have 3 DC's in our domain. But I checked and the PC's
that aren't getting the policy are authenticating with all
the DC's, and not one specific one that might not have the
policy.
All the DC's have the DFS service started and set to
automatic
All the clients are on DHCP and are getting the same DNS
info. The clients are all in the same subnet too.

Please help. Thanks.
 
 
 

Userenv Error on GP's

Post by Kidem-port » Fri, 12 Sep 2003 11:56:19

Your DNS probably isnt set correctly in the TCP properties, where is your
DNS pointing to now?

 
 
 

Userenv Error on GP's

Post by Sabin Nair » Fri, 12 Sep 2003 14:35:20

Hi Cort,

- are all the clients W2k or XP? or both?
- i assume, you have used a "set l" on cmd prompt to find the authenticating
DC. This would be good for W2k cleints, but not Windows XP as they would
show the DC name from the last successful attempt
- try running "netdiag /v" on the problem clients and check to see who is
the authenticating DC, check the kerberos tests, ensure name resolution
- if all are true and you are sure that they indeed are not logging on with
cached credentials, try swapping the NIC cards

Please send a repost with your findings.
--
Thanks
Sabin Nair M.S(Computer Engg.), MCSE, MCSA
Directory Services Team
Microsoft Corp.

"Please do not send e-mail directly to this alias.
This alias is for newsgroup purposes only."