Monday, March 27, 2006


Monday morning is here again, with a week an hour shorter than the rest of the year to add that extra kick.

Turned up to my office today to find that no one could access there documents, and my assistant is no where to be found (by that i mean in the hall working with the music department.) After about 15 phone calls 3 people poping into my office i get a free couple of seconds to try and find the problem.

The usual checks arn ran to find that half the school is fine the other half is not just to confuse matters even more.

Thought to myselft this is monday morning 'screw it' set two domain controllers to restart then go and make a cup of coffee, once they have rebooted problem apears to have disapered, not the best fix but it works for now.

Had a look throuh the event viewer on the PDC to find a lot of errors under the application section:
eventid 1030
'Description: Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com. The file must be present at the location <\\domain\sysvol\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The network path was not found. ).'

This error seems to be occurning every five mins, so i thought better do something about it.
As per usual searched the microsoft site and found a few interesting refrencs but nothing that would really solve the problem to thought it would wise to expand the problem a bit, get a bit more understanding of where it is coming from.

It turns out that the policy {31B2F340-016D-11D2-945F-00C04FB984F9} is the machine name of the default domain policy, now i know when i first setup this network i did make some changes in here which have sinced been moved to smaller GPOs. Had a second check to see if there were any custom settings left in the default domain policy to find none apart from Password age.

Reset the Default Domain Policy
So simple, restore it to its previous pointless glory.
now this sounds simple, and it is in a complercated way, all you have to do is modify the 'GptTmpl.inf' located under \sysvol\\{31B2F340-016D-11D2-945F-00C04FB984F9}\">\\\sysvol\\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE\Microsoft\Windows NT\SecEditto read:
[System Access]MinimumPasswordLength = 2
PasswordComplexity = 0
LockoutBadCount = 0
RequireLogonToChangePassword = 0
ForceLogoffWhenHourExpire = 0
ClearTextPassword = 0
[Kerberos Policy]MaxTicketAge = 10
MaxRenewAge = 7
MaxServiceAge = 600
MaxClockSkew = 5
TicketValidateClient = 1
[Registry Values]

Then edit the version number in the '\sysvol\\{31B2F340-016D-11D2-945F-00C04FB984F9}\GPT.INI'">\\\sysvol\\{31B2F340-016D-11D2-945F-00C04FB984F9}\GPT.INI' simply add a '0' to the end.

Run gpudate /force
there is no need to restart the server or logoff.

No errors for 2 hours now!

No comments: