Sébastien Le Ray
2016-Mar-18 17:32 UTC
[Samba] Permission denied on GPT.ini (Event ID 1058)
Hi, Yes using rsync followed by a samba-tool ntacl sysvolreset Regards Le 18/03/2016 18:29, lingpanda101 at gmail.com a écrit :> Are you currently replicating the sysvol folder between DC's? > > On 3/18/2016 1:23 PM, Sébastien Le Ray wrote: >> Hi list, >> >> Having a multi-DC Samba 4.1.17 (Debian) setup, we use Computer GPOs. >> >> Machines randomly encounter event 1058 (translation is roughly "GPO >> processing failed. Windows failed to read file >> \\domain\sysvol\domain\Policies\SomeGUID\gpt.ini from a domain >> controller"). It seems to be an issue with computer account because >> User's GPO applies nicely. >> >> Replication (both drs show repl & ldap-cmp) shows no error nor >> difference on the DC used for GPO fetching (according to tcpdump >> since I found no way to get it through windows logs). Rising loglevel >> to 5 show that domain\COMPUTERNAME$ is not found as an user but the >> same occurs for "working" stations. ntacl sysvolreset doesn't change >> anything. >> >> Can somebody point me in the right direction to troubleshoot this? >> >> Regards >> >
lingpanda101 at gmail.com
2016-Mar-18 17:50 UTC
[Samba] Permission denied on GPT.ini (Event ID 1058)
On 3/18/2016 1:32 PM, Sébastien Le Ray wrote:> Hi, > > Yes using rsync followed by a samba-tool ntacl sysvolreset > > Regards > > > Le 18/03/2016 18:29, lingpanda101 at gmail.com a écrit : >> Are you currently replicating the sysvol folder between DC's? >> >> On 3/18/2016 1:23 PM, Sébastien Le Ray wrote: >>> Hi list, >>> >>> Having a multi-DC Samba 4.1.17 (Debian) setup, we use Computer GPOs. >>> >>> Machines randomly encounter event 1058 (translation is roughly "GPO >>> processing failed. Windows failed to read file >>> \\domain\sysvol\domain\Policies\SomeGUID\gpt.ini from a domain >>> controller"). It seems to be an issue with computer account because >>> User's GPO applies nicely. >>> >>> Replication (both drs show repl & ldap-cmp) shows no error nor >>> difference on the DC used for GPO fetching (according to tcpdump >>> since I found no way to get it through windows logs). Rising >>> loglevel to 5 show that domain\COMPUTERNAME$ is not found as an user >>> but the same occurs for "working" stations. ntacl sysvolreset >>> doesn't change anything. >>> >>> Can somebody point me in the right direction to troubleshoot this? >>> >>> Regards >>> >> >Have you tried running 'gpresult /H GPReport.html' on the workstation and see if it provides any details? You can also run 'Group Policy Results' from within Microsoft Group Policy Management snap in. Are you using Item level targeting in your GPO? -- -James
Sébastien Le Ray
2016-Mar-18 18:15 UTC
[Samba] Permission denied on GPT.ini (Event ID 1058)
Le 18/03/2016 18:50, lingpanda101 at gmail.com a écrit :> Have you tried running 'gpresult /H GPReport.html' on the workstation > and see if it provides any details? You can also run 'Group Policy > Results' from within Microsoft Group Policy Management snap in.Yes, it show an error about maximum kerberos tickets exceeded but I take that for a generic error message…> > Are you using Item level targeting in your GPO? >No