Sébastien Le Ray
2016-Mar-18 17:23 UTC
[Samba] Permission denied on GPT.ini (Event ID 1058)
Hi list, Having a multi-DC Samba 4.1.17 (Debian) setup, we use Computer GPOs. Machines randomly encounter event 1058 (translation is roughly "GPO processing failed. Windows failed to read file \\domain\sysvol\domain\Policies\SomeGUID\gpt.ini from a domain controller"). It seems to be an issue with computer account because User's GPO applies nicely. Replication (both drs show repl & ldap-cmp) shows no error nor difference on the DC used for GPO fetching (according to tcpdump since I found no way to get it through windows logs). Rising loglevel to 5 show that domain\COMPUTERNAME$ is not found as an user but the same occurs for "working" stations. ntacl sysvolreset doesn't change anything. Can somebody point me in the right direction to troubleshoot this? Regards
lingpanda101 at gmail.com
2016-Mar-18 17:29 UTC
[Samba] Permission denied on GPT.ini (Event ID 1058)
Are you currently replicating the sysvol folder between DC's? On 3/18/2016 1:23 PM, Sébastien Le Ray wrote:> Hi list, > > Having a multi-DC Samba 4.1.17 (Debian) setup, we use Computer GPOs. > > Machines randomly encounter event 1058 (translation is roughly "GPO > processing failed. Windows failed to read file > \\domain\sysvol\domain\Policies\SomeGUID\gpt.ini from a domain > controller"). It seems to be an issue with computer account because > User's GPO applies nicely. > > Replication (both drs show repl & ldap-cmp) shows no error nor > difference on the DC used for GPO fetching (according to tcpdump since > I found no way to get it through windows logs). Rising loglevel to 5 > show that domain\COMPUTERNAME$ is not found as an user but the same > occurs for "working" stations. ntacl sysvolreset doesn't change anything. > > Can somebody point me in the right direction to troubleshoot this? > > Regards >-- -James
Sébastien Le Ray
2016-Mar-18 17:32 UTC
[Samba] Permission denied on GPT.ini (Event ID 1058)
Hi, Yes using rsync followed by a samba-tool ntacl sysvolreset Regards Le 18/03/2016 18:29, lingpanda101 at gmail.com a écrit :> Are you currently replicating the sysvol folder between DC's? > > On 3/18/2016 1:23 PM, Sébastien Le Ray wrote: >> Hi list, >> >> Having a multi-DC Samba 4.1.17 (Debian) setup, we use Computer GPOs. >> >> Machines randomly encounter event 1058 (translation is roughly "GPO >> processing failed. Windows failed to read file >> \\domain\sysvol\domain\Policies\SomeGUID\gpt.ini from a domain >> controller"). It seems to be an issue with computer account because >> User's GPO applies nicely. >> >> Replication (both drs show repl & ldap-cmp) shows no error nor >> difference on the DC used for GPO fetching (according to tcpdump >> since I found no way to get it through windows logs). Rising loglevel >> to 5 show that domain\COMPUTERNAME$ is not found as an user but the >> same occurs for "working" stations. ntacl sysvolreset doesn't change >> anything. >> >> Can somebody point me in the right direction to troubleshoot this? >> >> Regards >> >