Error message when opening a Domain Group Policy Object

View Full Version : Error message when opening a Domain Group Policy Object

Jane

Hi,

I got error message as:

The domain controller for Group Policy operations is not
available. You may cancel this operation for this session
or retry using one of the following domain controller
choices:
The one with the Operations Master token for the PDC
emulator

The one used by the Active Directory Snap-ins

Use any available domain controller

When I choose any of these options, I got the following
error message:

Failed to find a domain controller. There may be a policy
that prevents you from selecting another domain
controller.

Details: The network path was not found.

Seems like http://support.microsoft.com/default.aspx?
scid=kb;en-us;257435

But I have checked two possible reasons:
1.File and Printer Sharing for Microsoft Networks is not
enabled on the domain controller.
2.The TCP/IP NetBIOS Helper service is disabled.

They are all correct setting on server.

Thanks.

Steven L Umbach

Those settings also need to be correct on the domain controller itself.. I
would check the Event Viewer for the domain controllers to see if they are
reporting any pertinent errors [relating to sysvol or such] and try to ping
the domain controller first by IP address and then by name to establish
basic network connectivity or not. Also run netdiag on the computer you are
trying this from and maybe on the domain controller in addition to dcdiag on
the domain controller lookin for any failed tests. These tools are located
on the install cd under support/tools where you will need to run setup. I
suppose you could have a problem with dns configuration which can lead to a
lot of problems in an AD domain. Netdiag and dcdiag may show that. ---
Steve

"Jane" wrote in message
news:16ed201c41815$1ccaf760$a301280a@phx.gbl...[color=blue]
> Hi,
>
> I got error message as:
>
> The domain controller for Group Policy operations is not
> available. You may cancel this operation for this session
> or retry using one of the following domain controller
> choices:
> The one with the Operations Master token for the PDC
> emulator
>
> The one used by the Active Directory Snap-ins
>
> Use any available domain controller
>
>
> When I choose any of these options, I got the following
> error message:
>
> Failed to find a domain controller. There may be a policy
> that prevents you from selecting another domain
> controller.
>
>
> Details: The network path was not found.
>
> Seems like http://support.microsoft.com/default.aspx?
> scid=kb;en-us;257435
>
> But I have checked two possible reasons:
> 1.File and Printer Sharing for Microsoft Networks is not
> enabled on the domain controller.
> 2.The TCP/IP NetBIOS Helper service is disabled.
>
> They are all correct setting on server.
>
> Thanks.
>[/color]

Jane

Thanks,

There is Netlogon Error in system log. EventID:5774

"Registration of the DNS record '9f145c13-a4bd-42ce-8a7e-
5204954416f3._msdcs.xyz.com. 600 IN CNAME abc.xyz.com.'
failed with the following error:
DNS operation refused. "

There is another error in application log. EventID:1002

"Default group policy object cannot be created. Error
80070035 to open GPO Domain EFS Recovery Policy in domain
LDAP://DC=xyz,DC=com. "

What should I do? Thanks again.
[color=blue]
>-----Original Message-----
>Those settings also need to be correct on the domain[/color]
controller itself.. I[color=blue]
>would check the Event Viewer for the domain controllers[/color]
to see if they are[color=blue]
>reporting any pertinent errors [relating to sysvol or[/color]
such] and try to ping[color=blue]
>the domain controller first by IP address and then by[/color]
name to establish[color=blue]
>basic network connectivity or not. Also run netdiag on[/color]
the computer you are[color=blue]
>trying this from and maybe on the domain controller in[/color]
addition to dcdiag on[color=blue]
>the domain controller lookin for any failed tests. These[/color]
tools are located[color=blue]
>on the install cd under support/tools where you will need[/color]
to run setup. I[color=blue]
>suppose you could have a problem with dns configuration[/color]
which can lead to a[color=blue]
>lot of problems in an AD domain. Netdiag and dcdiag may[/color]
show that. ---[color=blue]
>Steve
>
>"Jane" wrote in[/color]
message[color=blue]
>news:16ed201c41815$1ccaf760$a301280a@phx.gbl...[color=green]
>> Hi,
>>
>> I got error message as:
>>
>> The domain controller for Group Policy operations is not
>> available. You may cancel this operation for this[/color][/color]
session[color=blue][color=green]
>> or retry using one of the following domain controller
>> choices:
>> The one with the Operations Master token for the PDC
>> emulator
>>
>> The one used by the Active Directory Snap-ins
>>
>> Use any available domain controller
>>
>>
>> When I choose any of these options, I got the following
>> error message:
>>
>> Failed to find a domain controller. There may be a[/color][/color]
policy[color=blue][color=green]
>> that prevents you from selecting another domain
>> controller.
>>
>>
>> Details: The network path was not found.
>>
>> Seems like http://support.microsoft.com/default.aspx?
>> scid=kb;en-us;257435
>>
>> But I have checked two possible reasons:
>> 1.File and Printer Sharing for Microsoft Networks is not
>> enabled on the domain controller.
>> 2.The TCP/IP NetBIOS Helper service is disabled.
>>
>> They are all correct setting on server.
>>
>> Thanks.
>>[/color]
>
>
>.
>[/color]

Steven L Umbach

[url]http://eventid.net[/url] is a good place to look up info on Event ID's as is
Microsoft. See the link below for what Eventid.net reported on 5774 as it
relates to dns and 1002 lists a lot of possibilities based on the source
reported. The dns problem could be causing the problem opening Group policy.
The next thing I would do is to run netdiag and dcdiag on the domain
controller looking for failed tests and warnings/errors. First I would check
that dns is configured correctly on the domain controllers in that they must
point to themselves or another domain controller in the domain running AD
dns zone. If they are, sometimes running netdiag /fix followed by restarting
the netlogon service can help. -- Steve

[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;219289[/url] --- description
of netdiag /fix
[url]http://www.eventid.net/display.asp?eventid=5774&source=[/url]
[url]http://www.eventid.net/display.asp?eventid=1002&source=[/url]

"Jane" wrote in message
news:1300f01c418ea$69c3f3c0$a001280a@phx.gbl...[color=blue]
> Thanks,
>
> There is Netlogon Error in system log. EventID:5774
>
> "Registration of the DNS record '9f145c13-a4bd-42ce-8a7e-
> 5204954416f3._msdcs.xyz.com. 600 IN CNAME abc.xyz.com.'
> failed with the following error:
> DNS operation refused. "
>
> There is another error in application log. EventID:1002
>
> "Default group policy object cannot be created. Error
> 80070035 to open GPO Domain EFS Recovery Policy in domain
> LDAP://DC=xyz,DC=com. "
>
> What should I do? Thanks again.
>[color=green]
> >-----Original Message-----
> >Those settings also need to be correct on the domain[/color]
> controller itself.. I[color=green]
> >would check the Event Viewer for the domain controllers[/color]
> to see if they are[color=green]
> >reporting any pertinent errors [relating to sysvol or[/color]
> such] and try to ping[color=green]
> >the domain controller first by IP address and then by[/color]
> name to establish[color=green]
> >basic network connectivity or not. Also run netdiag on[/color]
> the computer you are[color=green]
> >trying this from and maybe on the domain controller in[/color]
> addition to dcdiag on[color=green]
> >the domain controller lookin for any failed tests. These[/color]
> tools are located[color=green]
> >on the install cd under support/tools where you will need[/color]
> to run setup. I[color=green]
> >suppose you could have a problem with dns configuration[/color]
> which can lead to a[color=green]
> >lot of problems in an AD domain. Netdiag and dcdiag may[/color]
> show that. ---[color=green]
> >Steve
> >
> >"Jane" wrote in[/color]
> message[color=green]
> >news:16ed201c41815$1ccaf760$a301280a@phx.gbl...[color=darkred]
> >> Hi,
> >>
> >> I got error message as:
> >>
> >> The domain controller for Group Policy operations is not
> >> available. You may cancel this operation for this[/color][/color]
> session[color=green][color=darkred]
> >> or retry using one of the following domain controller
> >> choices:
> >> The one with the Operations Master token for the PDC
> >> emulator
> >>
> >> The one used by the Active Directory Snap-ins
> >>
> >> Use any available domain controller
> >>
> >>
> >> When I choose any of these options, I got the following
> >> error message:
> >>
> >> Failed to find a domain controller. There may be a[/color][/color]
> policy[color=green][color=darkred]
> >> that prevents you from selecting another domain
> >> controller.
> >>
> >>
> >> Details: The network path was not found.
> >>
> >> Seems like http://support.microsoft.com/default.aspx?
> >> scid=kb;en-us;257435
> >>
> >> But I have checked two possible reasons:
> >> 1.File and Printer Sharing for Microsoft Networks is not
> >> enabled on the domain controller.
> >> 2.The TCP/IP NetBIOS Helper service is disabled.
> >>
> >> They are all correct setting on server.
> >>
> >> Thanks.
> >>[/color]
> >
> >
> >.
> >[/color][/color]

Jane

Thanks, Steve.

I will try.

[color=blue]
>-----Original Message-----
>[url]http://eventid.net[/url] is a good place to look up info on[/color]
Event ID's as is[color=blue]
>Microsoft. See the link below for what Eventid.net[/color]
reported on 5774 as it[color=blue]
>relates to dns and 1002 lists a lot of possibilities[/color]
based on the source[color=blue]
>reported. The dns problem could be causing the problem[/color]
opening Group policy.[color=blue]
>The next thing I would do is to run netdiag and dcdiag on[/color]
the domain[color=blue]
>controller looking for failed tests and warnings/errors.[/color]
First I would check[color=blue]
>that dns is configured correctly on the domain[/color]
controllers in that they must[color=blue]
>point to themselves or another domain controller in the[/color]
domain running AD[color=blue]
>dns zone. If they are, sometimes running netdiag /fix[/color]
followed by restarting[color=blue]
>the netlogon service can help. -- Steve
>
>[url]http://support.microsoft.com/default.aspx?scid=kb;en-[/url][/color]
us;219289 --- description[color=blue]
>of netdiag /fix
>[url]http://www.eventid.net/display.asp?eventid=5774&source=[/url]
>[url]http://www.eventid.net/display.asp?eventid=1002&source=[/url]
>
>"Jane" wrote in[/color]
message[color=blue]
>news:1300f01c418ea$69c3f3c0$a001280a@phx.gbl...[color=green]
>> Thanks,
>>
>> There is Netlogon Error in system log. EventID:5774
>>
>> "Registration of the DNS record '9f145c13-a4bd-42ce-[/color][/color]
8a7e-[color=blue][color=green]
>> 5204954416f3._msdcs.xyz.com. 600 IN CNAME abc.xyz.com.'
>> failed with the following error:
>> DNS operation refused. "
>>
>> There is another error in application log. EventID:1002
>>
>> "Default group policy object cannot be created. Error
>> 80070035 to open GPO Domain EFS Recovery Policy in[/color][/color]
domain[color=blue][color=green]
>> LDAP://DC=xyz,DC=com. "
>>
>> What should I do? Thanks again.
>>[color=darkred]
>> >-----Original Message-----
>> >Those settings also need to be correct on the domain[/color]
>> controller itself.. I[color=darkred]
>> >would check the Event Viewer for the domain controllers[/color]
>> to see if they are[color=darkred]
>> >reporting any pertinent errors [relating to sysvol or[/color]
>> such] and try to ping[color=darkred]
>> >the domain controller first by IP address and then by[/color]
>> name to establish[color=darkred]
>> >basic network connectivity or not. Also run netdiag on[/color]
>> the computer you are[color=darkred]
>> >trying this from and maybe on the domain controller in[/color]
>> addition to dcdiag on[color=darkred]
>> >the domain controller lookin for any failed tests.[/color][/color][/color]
These[color=blue][color=green]
>> tools are located[color=darkred]
>> >on the install cd under support/tools where you will[/color][/color][/color]
need[color=blue][color=green]
>> to run setup. I[color=darkred]
>> >suppose you could have a problem with dns configuration[/color]
>> which can lead to a[color=darkred]
>> >lot of problems in an AD domain. Netdiag and dcdiag may[/color]
>> show that. ---[color=darkred]
>> >Steve
>> >
>> >"Jane" wrote in[/color]
>> message[color=darkred]
>> >news:16ed201c41815$1ccaf760$a301280a@phx.gbl...
>> >> Hi,
>> >>
>> >> I got error message as:
>> >>
>> >> The domain controller for Group Policy operations is[/color][/color][/color]
not[color=blue][color=green][color=darkred]
>> >> available. You may cancel this operation for this[/color]
>> session[color=darkred]
>> >> or retry using one of the following domain controller
>> >> choices:
>> >> The one with the Operations Master token for the PDC
>> >> emulator
>> >>
>> >> The one used by the Active Directory Snap-ins
>> >>
>> >> Use any available domain controller
>> >>
>> >>
>> >> When I choose any of these options, I got the[/color][/color][/color]
following[color=blue][color=green][color=darkred]
>> >> error message:
>> >>
>> >> Failed to find a domain controller. There may be a[/color]
>> policy[color=darkred]
>> >> that prevents you from selecting another domain
>> >> controller.
>> >>
>> >>
>> >> Details: The network path was not found.
>> >>
>> >> Seems like http://support.microsoft.com/default.aspx?
>> >> scid=kb;en-us;257435
>> >>
>> >> But I have checked two possible reasons:
>> >> 1.File and Printer Sharing for Microsoft Networks is[/color][/color][/color]
not[color=blue][color=green][color=darkred]
>> >> enabled on the domain controller.
>> >> 2.The TCP/IP NetBIOS Helper service is disabled.
>> >>
>> >> They are all correct setting on server.
>> >>
>> >> Thanks.
>> >>
>> >
>> >
>> >.
>> >[/color][/color]
>
>
>.
>[/color]