If your DFS Client is disabled, Group Policies may not be applied and your Event log contains messages similar to:
Event Type: Error Event Source: Userenv Event Category: None Event ID: 1000 Date: 4/7/2000 Time: 4:25:40 AM User: NT AUTHORITY\SYSTEM Computer: MYCOMPUTER Description: Windows cannot access the registry information at \\mydomain.com\sysvol\mydomain.com\Policies\\{31B2F340-016D-11D2-945F-00C04FB984F9\}\Machine\registry.pol with (51). Event Type: Error Event Source: SceCli Event Category: None Event ID: 1001 Date: 4/7/2000 Time: 4:30:46 AM User: N/A Computer: MYCOMPUTER Description: Security policy cannot be propagated. Cannot access the template. Error code = 3. \\mydomain.com\sysvol\mydomain.com\Policies\\{31B2F340-016D-11D2-945F-00C04FB984F9\}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. Event Type: Error Event Source: Userenv Event Category: None Event ID: 1000 Date: 4/7/2000 Time: 4:30:46 AM User: NT AUTHORITY\SYSTEM Computer: MYCOMPUTER Description: The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (3).If the DFS Client is disabled, you can NOT access the \\<Active Directory Domain Name>\Sysvol share, which would cause this problem.
To check / enable the DFS Client, use Regedt32 to navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup
Double-click the DisableDFS value name, a REG_DWORD data type.
A data value of 0, the default, enables the DFS Client. A data value of 1 disables the DFS Client.
NOTE: If the DisableDFS value name is missing, the DFS Client is enabled.
0 comments
Hide comments