Error message when you try to apply a policy setting to Windows Server 2003-based domain controllers and to other domain clients: "Configuration information could not be read from the domain controller"

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

SYMPTOMS
In a domain environment, when you try to apply a Group Policy setting to Microsoft Windows Server 2003-based domain controllers and to other domain clients, the policy setting is not applied. When you try to access the Sysvol folder on a domain controller by using its fully qualified domain name (FQDN) in the form \\contoso.com\Sysvol, you may receive the following error message:
"Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied."
Note you can access the Sysvol folder by using the domain controller's IP address or the domain controller's NetBIOS name.

When this issue occurs, the following event messages may be logged every five minutes in the domain controllers' Application logs.
Event 1058

Event Type: Error
Event Source: Userenv
Event Category: None
Event User: NT AUTHORITY\SYSTEM
Event ID: 1058
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=contoso,DC=com. The file must be present at the location <\\contoso.com\sysvol\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.). Group Policy processing aborted.

Event 1030

Event Type: Error
Event Source: Userenv
Event Category: None
Event User: NT AUTHORITY\SYSTEM
Event ID: 1030
Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. For more information, see Help and Support Center at http://support.microsoft.com.

When you type the dfsutil /pktinfo command at a command prompt on the domain controller, you may see output that resembles the following.
Microsoft(R) Windows(TM) Dfs Utility Version 4.0Copyright (C) Microsoft Corporation 1991-2001. All Rights Reserved.--mup.sys--1 entries...Entry: \contoso.com\sysvolShortEntry: \contoso.com\sysvolExpires in 300 secondsUseCount: 0 Type:0x11 ( OUTSIDE_MY_DOM DFS )   0:[\dc1.contoso.com\sysvol] State:0x21 ( )   1:[\dc2.contoso.com\sysvol] State:0x21 ( )DfsUtil command completed successfully.
CAUSE
This issue may occur if you have used the FQDNs of the domain controllers of the domain forest to create trust relationships between domain controllers in Active Directory Domains and Trusts.
RESOLUTION
To resolve this issue, remove the domain controller entries from Active Directory Domains and Trusts. To do this, follow these steps:
  1. Click Start, type domain.msc, and then click OK to open Active Directory Domains and Trusts.
  2. In the console tree, right-click the domain that contains the trust entries that you want to remove, and then click Properties.
  3. Click the Trusts tab, click the trust entry for a domain controller that you want to remove, and then click Remove.
  4. Follow the instructions on the screen to remove the trust entry for the domain.
  5. Repeat steps 3 and 4 for other domain controller trust entries.
  6. Click OK to close the domain properties dialog box.
  7. Exit Active Directory Domains and Trusts.
  8. Restart all the domain controllers for which you removed the trust entries.
MORE INFORMATION
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
888943 Event 1030 and event 1058 may be logged, and you may not be able to start the Group Policy snap-in on your Windows Small Business Server 2003 computer
Properties

Article ID: 935918 - Last Review: 05/10/2007 14:43:32 - Revision: 2.1

Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

  • kbexpertiseinter kbtshoot kbprb KB935918
Feedback