So… I have this customer… and for quite a while now (unsure how long – I suspect a year or more) they have been having challenges enumerating & applying group policies. Event ID 1030/1058 would appear in their Application Logs… and it was no fun…
I did the usual stuff. I asked Dr. Google of course. I tried permissions. I tried re-shares. I checked FRS and DFS and many other TLAs along the way. Nothing. From the 2x domain controllers, I could access the serversysvoldomainpolicies stuff just fine. I could also access the domainsysvoldomainpolicies stuff. No problems.
But, from domain joined servers/computers, it was a no go. I could get to serversysvoldomain but it was empty. Same with domainsysvoldomain – empty.
Finally, I dropped to a command prompt and found this
Do you see it? No, I don't mean my horrible "coloring job" – I mean the Junction pointing to C:Winntpath… Really? WINNT? What decade is this?
Anyway, without trying to figure out who/what/why, I simply removed that junction point and re-added it with "mklink" like so
Then, I did a "gpupdate /force" to force a Group Policy Update. Then went to check the logs again…
BAM! I still got it…
Hope this helps. I found many "me too" people with issues, and many different forums suggesting many different fixes. I thought I would add my own fix to the mix. Woah, that rhymed.
G'nite.
My friend. I had the same problem and was resolved after remove all groups of the user. Then i went puting the groups one-by-one until find the problem group.
Hi Daryl,
my JUNCTION path was pointing to “domain.local”.
1/ Would I still need to make that change since WINNT wasn’t part of the path?
2/ If so, would you be able to email me the command to removed and re-add the JUNCTION entry to my gmail account at bostonbajan@gmail.com
thank you in advance.