`
izuoyan
  • 浏览: 8880895 次
  • 性别: Icon_minigender_1
  • 来自: 上海
社区版块
存档分类
最新评论
阅读更多
事件类型:错误
事件来源:Userenv
事件种类:无
事件 ID:1030
日期:2005-9-23
事件:9:41:35
用户:NT AUTHORITY\SYSTEM
计算机:WEB服务器/辅助DC
描述:
Windows 不能查询组策略对象列表。请查看事件日志,从中寻找策略引擎以前可能记录的描述此原因的消息。

Details
Product: Windows Operating System
ID: 1030
Source: Userenv
Version: 5.2
Symbolic Name: EVENT_GPO_QUERY_FAILED
Message: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
Explanation

A network connectivity or configuration problem exists. Group Policy settings cannot be applied until the problem is fixed.

User Action

To troubleshoot the network connectivity or configuration problem, try one or all of the following:

  • In Event Viewer, click System, and check for any networking-related messages, such as Netlogon messages, that indicate a network connectivity issue.
  • At the command prompt, type netdiag, and note any errors. Those errors usually have to be resolved before Group Policy processing can continue.
  • At the command prompt, type gpupdate, and then check Event Viewer to see if the Userenv 1030 event is logged again.
  • To verify that the domain controller can be contacted through Domain Name System (DNS), try to access \\mydomain.com\sysvol\mydomain.com, where mydomain.com is the fully qualified DNS name of your domain.
  • Verify that you can access the domain controller by using tools such as the Active Directory Users and Computers snap-in.
  • Check to see whether other computers on your network are having the same problem.
  • If this computer is a part of a cross-forest domain, verify that the forest for the user account is currently available and can be contacted by the computer on which the Group Policy processing failed.
Event ID: 1030
Source Userenv
Type Error
Description Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.
Things to understand What is the Group Policy?
What is the role of Userenv?
Comments Adrian Grigorof (Last update 5/30/2004):
As per M810907 (applicable to Windows XP) this may occur in conjunction with Event id 1058 and it is a confirmed (known) problem with XP. A hotfix is available.

This event is also reported in many instances of upgrades from Windows NT or Windows 2000 to Windows 2003 Server.
Some other recommendations in regards to this (from newsgroup posts) is to verify that:
- DFS service on all DCs is started and set to "Automatic"
- there are no FRS issues - (if there are, toubleshoot those first)
- TCP/IP Netbios Helper service is started and set to "Automatic"
- the "Everyone" has the "bypass traverse checking" user right
on the default domain controller policy
- the antivirus (if installed) is not scanning the sysvol or subfolders, if so, exclude it
- consider that the error description in event id 1058 ("network path not found" or "access denied") is caused by different problems and have different solutions.

Other posts from Microsoft engineer suggest that if a domain controller is multi-homed (more than 1 network card) they may experience this problem (note that "network card" could mean a physical or a virtual one - i.e. VMWare or VPN virtual adapters). The posts also indicate that the Client for Microsoft Networks and the File and Printer Sharing services have to be bound to the network adapter.

See also M307900 on updating Windows 2000 Group Policy for Windows XP.

In some other conditions (upgrading to Windows 2003 Server), the 1030 event appears together with event id 1097 from Userenv. From a newsgroup post by a Microsoft engineer: "What is happening is that the TCP/IP Netbios Helper Service is trying to start before the KDC starts upon reboot. It corrects itself. You can safely ignore it. I am trying to get these errors suppressed in a later service pack or hotfix. You can track this running subsequent userenv and netlogon logs. See M221833 and M109626."

If this occurs in conjunction with event id 1058 you can work around this issue by using the Dfsutil.exe file - see M830676.

Ionut Marin (Last update 5/21/2005):
See M842804 for a hotfix applicable to Microsoft Windows 2000 and Microsoft Windows Server 2003.

As per Microsoft: "This behavior occurs if the SMB signing settings for the Workstation service and for the Server service contradict each other. When you configure the domain controller in this way, the Workstation service on the domain controller cannot connect to the domain controller's Sysvol share. Therefore, you cannot start Group Policy snap-ins. Also, if SMB signing policies are set by the default domain controller security policy, the problem affects all the domain controllers on the network. Therefore, Group Policy replication in the Active Directory directory service will fail, and you will not be able to edit Group Policy to undo these settings". See M839499 to fix this problem.

As per Microsoft: "This issue may occur if you have account names that use non-ASCII characters, such as ö and é. Windows 2000 Server and Windows Server 2003 do not distinguish between non-ASCII and ASCII characters in account names.
Windows NT 4.0 distinguishes between ASCII and non-ASCII characters in account names. For example, in a Windows NT 4.0-based domain, you can use Administrator and Administratör as separate account names. However, in Active Directory, both Administrator and Administratör effectively have the same logon credentials. This scenario causes the conflict". See M883271 for details on this issue.

From a newsgroup post: "I connected to the Sysvol share as the current user (non- administrator), and noticed that I could get into "mydomain" directory, but when I tried to get into Policies I received "Access Denied". All of the share/file permissions were correct, allowing this user to get to the share and to traverse/read the files within it. I tracked it down to the fact that I was not allowing read access for Authenticated Users, Everyone, Domain Users, and/or the users Group from the root (C:) to the SYSVOL directory. Once I allowed Everyone, or Authenticated Users, or Domain Users read permissions to from C: -> WINNT -> SYSVOL the users were then able to receive the GPO’s".

From a newsgroup post: "Here is what you should do to get rid of this error and of Event ID 1058 on Windows Server 2003. Edit the hosts file on each domain controller. Put in the IP address for your domain controller (the local IP address should be first in the list), and then next to the IP address do not put the host name, but put the name of the domain. Then list the IP address for each domain controller in your domain, on the same hosts file (with the domain name next to it). In other words, your hosts file should look like this (if you have just two domain controllers):
<IP 1> yourdomainname.com

<IP 2> yourdomainname.com

Where <IP 1> = the IP address of the local domain controller for this hosts file.
Where <IP 2> = the IP address of your other domain controller.

yourdomainname.com = the name of your domain

The list would be reversed (as far as IP address) on the hosts file on the other domain controller. Yes, you need a hosts file on each domain controller".

Also check M290647, M832215, M834649, M886516, M887303, M887421, M888943, and MSW2KDB for more details on this event.

Anonymous (Last update 3/23/2005):
This happened when I was prompted to change my password, and did, but I stayed logged on to a remote Windows 2003 server with my old credentials. The server locked after the timeout and I left it that way for a couple days. The error stopped when I logged off and logged back on with the new password.

Warren Anacoura (Last update 12/9/2004):
Our XP Clients started showing up these errors in the Application Log after we installed Service Pack 2. There is a corresponding warning EventID 40961 from source LsaSrv in the System log. The problem seems to be related to the background group policy refresh failing if the user has locked the workstation. Setting group policy to prevent lock workstation corrects the problem but a better fix seems to be uninstalling the Client for Microsoft Networks from the NIC, reinstalling it, and rebooting.

Jahan Ghaemi (Last update 11/24/2004):
I saw this error in my class after one of my students was working on renaming his domain controller. I fixed the problem by running DCGPOFIX on the Win2k3 server followed by a reboot. See the link to “Dcgpofix” for details on this command.

Daniel Conlon (Last update 10/5/2003):
After upgrading from Win2k to Win2k3 I found I was getting this error every 5 minutes in event log along with error 1053. To solve it I had set the following attributes in the Default Domain Controller Policy:
1. Network Access: Let Everyone permissions apply to anonymous users = "Enabled".
2. Network Access: Shares that can be accessed anonymously -> Add SYSVOL to the list. This is because the servers are trying to access the SYSVOL share as LocalSystem which by default does not have access to network resources.

John Poff (Last update 8/28/2003):
On Windows 2003 I received this error when I disabled TCP/IP NetBios help service. Apparently this has changed since Windows 2000. You can no longer disable this service and have access to Group Policy Objects.

Sean Wallbridge
In the past, I was configuring Domain Controller's in a Windows 2000 domain to have the Distributed File System Services stopped and set to manual until such time as they were needed.This was a recommendation based on services that could be stopped according to Microsoft from some time ago to bring machines to a "only what is required state".We disabled DFS worldwide with Windows 2000, NT and Win98 clients with no issues incurred by this.

However, after a while I discovered I was having all sorts of Group Policy application errors on my Windows XP workstation in my Windows 2000 domain.

Looks like Windows XP speaks quite a bit differently to AD and wants/needs more information (and expects it from DFS shares - \\<domain>.<name>).In fact, from my XP machine, I tried connecting to my domain share (\\<domain>.<name>) and I was told access was denied yet it was available from Win2k machines (event ids 1030 and 1058). So, if you have Windows XP clients or just plain aren't worried about someone cranking up DFS and screwing something up somewhere, plan on leaving DFS enabled again.

Also, while working through this I discovered that besides the already cool "Resultant Set of Policy" MMC snap-in in Windows XP, there is also a "GPUPDATE" command in Windows XP which, when used with the /force switch, will blast computer policy settings to your Windows XP machine immediately.

Tom Holland
As per Microsoft: "This behavior may occur if both of the following conditions are true:
Your Windows XP-based computer is a member of a domain.
-and-
The Microsoft Distributed File System (DFS) client is turned off (disabled).
NOTE: The \\Active Directory Domain Name\Sysvol share is a special share that requires the DFS client to make a connection." See M314494.
分享到:
评论

相关推荐

    userenv 头文件 dll lib

    userenv 头文件 dll lib userenv 头文件 dll lib

    Oracle中的USERENV和SYS_CONTEXT范例

    Oracle中的USERENV和SYS_CONTEXT范例

    userenv.dll

    userenv

    userenv.rar

    userenv.dll

    PostgreSQL实现USERENV函数(兼容oracle)

    oracle中使用USERENV 函数来获取当前会话变量的函数,支持的参数有: CLINET_INFO 返回最高可达64个字节存储的用户会话信息,可由应用程序使用DBMS_APPLICATION_INFO包。 ENTRYID 返回当前审计条目编号。审计...

    userenv.info:userenv.info 不见了。 请使用userenv.net。 谢谢@oogatta!

    用户环境信息麻省理工学院执照

    hive和oracle函数对照表.xlsx

    包含hive和oracle的常用函数对比关系表,可以用于查询hive函数转换成oracle函数,或者oracle函数转换hive函数之间的相互转换。

    Avast 2050 License Faker by ZeNiX 2012-06-29

    到 ProgramFile 的 Avast 和 Avast\Setup 底下如果發現 Userenv.dll 請刪除。 2012-04-18 增加搜索並且取消 Avast 的非法(盜版)提示。 本人覺得這個解決方式並不完美。 2012-03-14 底下版本测试 OK Avast ...

    系统dll文件修复小工具

    可修复常用的dll文件,例如:Dsound.dll,Ddraw.dll,D3d8.dll,rpcss.dll,olepro32.dll,d3d8...imm32.dll,usp10.dll, midimap.dll,dinput8.dll,userenv.dll,,ctfmon.exe,conime.exe,msvcrt.dll,dbghelp.dll,D3D8THK.DLL

    plsqldev 11.0.6.1796 64位中文绿色破解版

    用select userenv('language') nls_lang from dual; 查询出Oracle的编码,例如:SIMPLIFIED CHINESE_CHINA.ZHS16GBK 右击"我的电脑" - "属性" - "高级" - "环境变量" - "系统环境变量": 点击"新建", 变量名设置为...

    ORACLE隐藏参数查看及修改的方法

    查看隐藏参数 SELECT x.ksppinm name, y.ksppstvl value, y.ksppstdf isdefault, decode(bitand(y.ksppstvf,7),1,'MODIFIED',4,'SYSTEM_MOD','FALSE') ismod, decode(bitand(y....y.inst_id = userenv('Instanc

    Oracle中获取会话信息的两个函数分享

    1、 USERENV(OPTION)   返回当前的会话信息.   OPTION=’ISDBA’若当前是DBA角色,则为TRUE,否则FALSE.   OPTION=’LANGUAGE’返回数据库的字符集.   OPTION=’SESSIONID’为当前会话标识符.   OPTION=’...

    关于Oracle数据库中的N层认证具体介绍

    Oracle至少提供两种在所有各层保持用户身份的方法:代理认证和应用程序上下文参数CLIENT_IDENTIFIER。...Oracle9i有预定义的应 用程序上下文名字空间USERENV,它含有用户会话信息,包括预定义的属性CLIENT_IDENTIFIER。

    ORACLE中如何找到未提交事务的SQL语句详解

    在Oracle数据库中,我们能否找到未提交事务(uncommit transactin)的SQL语句或其他相关信息呢?...SQL&gt; select userenv('sid') from dual; USERENV('SID') -------------- 63 SQL&gt; delete from test where obj

    MYSQL,SQLSERVER,ORACLE常用的函数

    SQL中的单记录函数 1.ASCII 返回与指定的字符对应的十进制数; SQL&gt; select ascii('A') A,ascii('a') a,ascii('0') zero,ascii(' ') space from dual; A A ZERO SPACE --------- --------- --------- --------- ...

    oracle函数大全.doc

    ORACLE函数大全 ________________________________________ 作者:[本站编辑] 来源:[CSDN] 浏览:[ ] SQL中的单记录函数 1.ASCII 返回与指定的字符对应的十进制数;...SQL&gt; select ascii('A') A,ascii('a') a,...

    软件应用问题:Pycharm出现ImportError:DLL load failed错误

    在安装好Anaconda+PyCharm环境后,第二天打开Pycharm运行程序出现问题:ImportError:DLL load failed。但是在Anaconda Prompt下可以正常运行。 在尝试使用命令卸载和安装numpy等一系列操作后,问题任然没有解决。...

    PLSQL Developer10.0.5.1710

    oracle字符集查询: select userenv('language') from dual; 配置环境变量,右击“我的电脑”-“属性”-“高级”-“环境变量”-“系统变量”,增加如下内容: 配置NLS_LANG=SIMPLIFIED CHINESE_CHINA.ZHS16GBK 2.运行...

    解决pycharm双击但是无法打开的情况

    最近电脑超级乱,一通删。。然后。。emm。... 补充知识:pycharm无法打开某项目 今天突然pycharm有个项目打不开,其他都可以正常打开,百度良久,都没找到,可能这种情况极少出现。 最后找到一个类似情况的,解决办法是...

Global site tag (gtag.js) - Google Analytics