Fix Group Policy error 1058

Greetings again,
Sorry for not being here for a long period of time. Recently I faced a strange issue which made me to pen down an article about it. So I will share this experience in case you may encounter it in near future.
While updating group policy clients my client was receiving an error indicating that the group policy folder in SYSVOL is not accessible. At first I thought that it might be related to some problems in DFS share and NETLOGON but it seemed everything was working perfectly because there was no error in DFS event log of the domain controllers.

So I tried to change the scope of the problem and looked for error events in System event log and Voilaa! There were massive amounts of 1058 Group Policy errors which were directly related to processing group policy.

I opened one of those events and noticed that it gives information about a GPO with its GUID. The error looked like this:

The processing of Group Policy failed. Windows attempted to read the file \\\sysvol\\Policies\{99A6554D-6618-4C47-99FB-5A71589AFB3F}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved.

I wanted to investigate that GUID and see if that exist or not. Once I opened SYSVOL I noticed that the folder related to that GPO does not exist! Considering this explanation, it is a normal behavior and because the folder which holds the gpt.ini file of that GPO did not exist, the problem occurred.

Since you cannot create folders in SYSVOL directly (Do not even think about creating a dummy folder with same GUID name) you have one other choice to remove those problematic GPOs from GPMC and re-import them back using your backed up settings and documentations. Once you re-create the GPOs, their folders will be created in SYSVOL and problems will fade away.

But since you cannot delete “Default Domain Policy”, you should take another approach for fixing “Default Domain Policy” and “Default Domain Controller Policy”. For these two lovely GPO’s you better use DCGPOFIX and fix them automatically. After fixing your default policies, you need to take a look at your documentations and re-import your settings back. 

About Mahdi

Post Archive

Sticky RIS settings in 'Default Domain Policies'?

Written By Mahdi Tehrani on Saturday, 13 January 2018 11:03

Limit Active Directory user login to 1 session

Written By Mahdi Tehrani on Wednesday, 02 August 2017 10:21

The auditor of auditors: 'LepideAuditor Suite'

Written By Mahdi Tehrani on Tuesday, 23 May 2017 10:56

Protect your domain against WannaCry malware

Written By Mahdi Tehrani on Sunday, 14 May 2017 09:42

‘List Object Mode’ in Active Directory, a myth or future settings?

Written By Mahdi Tehrani on Thursday, 13 April 2017 08:47