Failed to Open the Group Policy Object. You may not have appropriate rights

Discussion in 'Active Directory' started by Fritz, Mar 24, 2005.

  1. Fritz

    Fritz Guest

    This is the first DC in the domain (Win 2000 AD) that according to the
    previous admin had corrupt AD. The prev. admin ran "dcpromo /forceremoval"
    on the server in order to correct the issue, followed by "dcpromo" and
    pulled the AD data from another DC. The other DC seems to be working
    correctly and is set to be the FSMO but somehow when systems other than
    Win2000/XP try to join the domain, they get a message that the domain
    couldn't be contacted. I see that the \\firstdc01\netlogon share does not
    exist on that system and there are a lot these SAM events in the Event
    Viewer:

    "The account-identifier allocator failed to initialize properly. The record
    data contains the NT error code that caused the failure. Windows 2000 will
    retry the initialization until it succeeds; until that time, account
    creation will be denied on this Domain Controller. Please look for other SAM
    event logs that may indicate the exact reason for the failure."

    When I run replmon, it shows that the DCs are replicating correctly. What's
    wrong and how do I fix it?

    Thanks in advance! :)
     
    Fritz, Mar 24, 2005
    #1
    1. Advertisements

  2. Fritz

    Allen Firouz Guest

    Fritz:

    Sounds like a NetBIOS issue. Windows 2000 and XP use NetBIOS and DNS to
    resolve domain names. Older OS's use WINS or NetBIOS. Check to make sure
    that the NetBIOS name for the domain is right (netdiag \test:nbtnm) . Also,
    I recommend running DCDIAG on your DC to ensure that all necessary sysvol
    shares are replicating properly. Post back with any additional info or
    questions.

    -Allen Firouz
     
    Allen Firouz, Mar 24, 2005
    #2
    1. Advertisements

  3. Fritz

    Fritz Guest

    Thanks for the tip. Here's the result of the command you posted. I'm not
    sure how to correct the problem.


    Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the
    local
    machine. This machine is not working properly as a DC.


    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{579F0504-0892-4D8B-863F-034A7ECE85DA}
    NetBT_Tcpip_{2B5D7B0D-7FB0-499D-853B-C85849274701}
    2 NetBt transports currently configured.


    NetBT name test. . . . . . . . . . : Passed


    The command completed successfully
     
    Fritz, Mar 24, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.