Group Policy File Access Monitor Monitor

  • ID:  Microsoft.Windows.GroupPolicy.2008.Runtime.GroupPolicyPreprocessingNetworking.System.CorrectconnectivitytotheGroupPolicytemplate.EventBased.UnitMonitor
  • Description:   
  • Target:  Group Policy 2008 Runtime
  • Enabled:  On Essential Monitoring

Operational States

Name State Description
ManualReset Success  
NegativeHealthState Error  

Alert Details

Monitor State Message Priority Severity Auto Resolution
NegativeHealthState (Error) Group Policy Preprocessing (Networking) Alert Medium Match Monitor Health Yes

Run As Profiles

Name
Default

Monitor Knowledgebase

Summary

Group Policy File Access

Group Policy processing requires network connectivity to one or more domain controllers. The Group Policy service reads information from Active Directory and the sysvol share located on a domain controller. The absence of network connectivity prevents Group Policy from applying to the user or computer.

Causes
This unit monitor does not contain any causes.
Resolutions

Correct connectivity to the Group Policy template

The Group Policy service logs the name of the domain controller and the error code. This information appears on the Details tab of the error message in Event Viewer. The error code (displayed as a decimal) and error description fields further identify the reason for the failure. Evaluate the error code with the list below:

  • Error code 3

  • Error code 5

  • Error code 53

Error code 3 (The system cannot find the path specified)

This error code usually indicates that the client computer cannot find the path specified in the event.

This failure may be caused by the DFS Client not running. Refer to the Microsoft Knowledge Base article about how to resolve this failure.

To test client connectivity to the domain controller's sysvol:

  • Identify the domain controller used by computer. The domain controller name is logged in the details of the error event.

  • Identify if failure happened during user or computer processing. For user policy processing, the User field of the event will show a valid user name; for computer policy processing, the User field will show "SYSTEM".

  • Compose full network path to the gpt.ini as \\<em><dcName></dcName></em>\SYSVOL\<<em>domain</em>>\Policies\<<em>guid</em>>\gpt.ini where <<em>dcName</em>> is the name of the domain controller, <<em>domain</em>> is the name of the domain, and <<em>guid</em>> is the GUID of the policy folder. All of this information appears in the event.

  • Verify you can read gpt.ini using the full network path obtained in the previous step. To do this, launch a command window and type <file_path></file_path>, where <file_path></file_path> is the path constructed in the previous step, and press ENTER. NOTE: You must launch this command as the user or computer whose credentials previously failed.

  • Follow Network troubleshooting procedures to diagnose the problem further.

Error code 5 (Access is denied)

This error code usually indicates that the user or computer does not have the appropriate permissions to access the path specified in the event.

On the domain controller: Ensure the the user and computer have appropriate permission to read the path specified in the event.

To test computer and user credentials:

Error code 53 (The network path was not found)

This error code usually indicates that the computer cannot resolve the name in the provided network path.

To test network path name resolution:

External References
This monitor does not contain any external references.

See Also for Windows Server 2003/2008 Group Policy Management Pack


Downloads for Windows Server 2003/2008 Group Policy Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED