# [SOLVED] Default domain controller security setting



## akopar (Nov 25, 2009)

I am trying to open the domain controller security policy and getting a group policy error message "failed to open group policy editor. Details: unspecified error". I can open the domain security policy

I'm running a 2003 Forest on two domain controllers, one with 2003 Standard x64 and the other with 2003 Standard x86. There is an Exchange 2007 server as well. on the event viewer i am also getting this error 

Security policy cannot be propagated. Cannot access the template. Error code = -536870909.
\\hardwarehaus.local\sysvol\hardwarehaus.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.

Your earliest assistance will be very much appreciated!


----------



## 2xg (Aug 5, 2009)

*Re: Default domain controller security setting*

Hi akopar and welcome to TSF!

What happens if you turn off DC1? Are you able to access the AD Users & Computers and the Security Policy? Then do the same thing with DC2, turn it off and see of you're able to access AD Users and Computers and so with the Security Policy? Pls. compare the results on both and post them here. Check the Event Viewer as well and find out if there are any new errors. 

Another request, pls. post ipconfig /all of both servers, you may attached the file if you want.


----------



## akopar (Nov 25, 2009)

*Re: Default domain controller security setting*

Hi thank you so much for the response.
I have done as per request. The Ad users and computers was accessible on both DC's but I couldnt open any of the domain security editors. There were no additional errors. See below your other request


Primary DC

C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : hhllaesvr1
Primary Dns Suffix . . . . . . . : hardwarehaus.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hardwarehaus.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC
Physical Address. . . . . . . . . : 00-01-6C-13-99-B0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.84.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.84.10
DNS Servers . . . . . . . . . . . : 192.168.84.11
192.168.124.60

C:\>

Secondary DC



C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : hhlpomsvr1
Primary Dns Suffix . . . . . . . : hardwarehaus.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : hardwarehaus.local

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.124.251
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :

Ethernet adapter HHL Internal LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-1A-64-C9-05-E4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.124.60
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.124.10
DNS Servers . . . . . . . . . . . : 192.168.124.60
192.168.84.11

C:\>


----------



## 2xg (Aug 5, 2009)

*Re: Default domain controller security setting*



akopar said:


> Hi thank you so much for the response.
> I have done as per request. The Ad users and computers was accessible on both DC's but I couldnt open any of the domain security editors. There were no additional errors. See below your other request
> 
> 
> ...


Hello,

Thanks for the info. This might help, it's called Dcgpofix, it's a buil-in tool from Windows 2003: http://technet.microsoft.com/en-us/library/cc739095(WS.10).aspx

Pls. read these before running the fix tool:
The Dcgpofix tool is intended for use only as a last-resort disaster-recovery tool.

To create regular backups of the default domain and all other GPOs, you must use Group Policy Management Console (GPMC). 

It is also recommended that you backup the Sysvol directory with a regularly scheduled backup procedure.

Pls. update with results.


----------



## akopar (Nov 25, 2009)

*Re: Default domain controller security setting*

Hi
Thank you so much, The dcgpofix tool has resolved it.
need to enable policies again


----------



## 2xg (Aug 5, 2009)

*Re: Default domain controller security setting*



akopar said:


> Hi
> Thank you so much, The dcgpofix tool has resolved it.
> need to enable policies again


Hi akopar, I'm happy that you got it resolved. You should make a note on this for future troubleshooting. 

Can you please mark this Thread Solved which can be found in the Thread Tools?

You are very welcome. :wave:


----------

