Blog Of Directory Service
  • ···
  • Home
  • ···
  • ···
  • About Me
  • ···
  • ···
  • Contact Me
  • ···
  • ···
LinkedInTechNet
Post Page
Home/Blog/Post/

Fix Group Policy error 1058

  • Post On 2016-04-22

Greetings again,

Sorry for not being here for a long period of time. Recently I faced a strange issue which made me to pen down an article about it. So I will share this experience in case you may encounter it in near future.

While updating group policy clients my client was receiving an error indicating that the group policy folder in SYSVOL is not accessible. At first I thought that it might be related to some problems in DFS share and NETLOGON but it seemed everything was working perfectly because there was no error in DFS event log of the domain controllers.

So I tried to change the scope of the problem and looked for error events in System event log and Voilaa! There were massive amounts of 1058 Group Policy errors which were directly related to processing group policy.

I opened one of those events and noticed that it gives information about a GPO with its GUID. The error looked like this:

The processing of Group Policy failed. Windows attempted to read the file \\Contoso.com\sysvol\Contoso.com\Policies\{99A6554D-6618-4C47-99FB-5A71589AFB3F}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved.

I wanted to investigate that GUID and see if that exist or not. Once I opened SYSVOL I noticed that the folder related to that GPO does not exist! Considering this explanation, it is a normal behavior and because the folder which holds the gpt.ini file of that GPO did not exist, the problem occurred.

Since you cannot create folders in SYSVOL directly (Do not even think about creating a dummy folder with same GUID name) you have one other choice to remove those problematic GPOs from GPMC and re-import them back using your backed up settings and documentations. Once you re-create the GPOs, their folders will be created in SYSVOL and problems will fade away.

But since you cannot delete “Default Domain Policy”, you should take another approach for fixing “Default Domain Policy” and “Default Domain Controller Policy”. For these two lovely GPO’s you better use DCGPOFIX and fix them automatically. After fixing your default policies, you need to take a look at your documentations and re-import your settings back.

Active Directory
  • (0)
  • (341)
Mahdi Tehrani

info@mahditehrani.ir

Leave a comment
Comments
Search
Categories
Concepts (4)
Group Policy (1)
Active Directory (13)
PowerShell (2)
Latest Posts

Why NTDS size is different on different Domain Controllers?

  • Post On 2018-05-28

Limit Active Directory user login to 1 session

  • Post On 2017-08-24

Protect your domain against WannaCry malware

  • Post On 2017-05-23

The auditor of auditors: 'LepideAuditor Suite'

  • Post On 2017-05-23

‘List Object Mode’ in Active Directory, a myth or future settings?

  • Post On 2017-04-23

Fix Group Policy error 1058

  • Post On 2016-04-22

Bulk change specific permissions for users

  • Post On 2015-04-23

Create Shadow Groups (Dynamic Groups) in Active Directory

  • Post On 2015-03-23

Manipulate delegation wizard in Active Directory

  • Post On 2014-10-22

Am I locked out? Where? How?

  • Post On 2014-10-22
!APP License
Copyright © 2023 TondarNet V1.0.0