# Event ID Error 1091 and 1085



## VeGeTa-X (Jun 10, 2008)

Greetings,
I am having issues with my domain controllers they are receiving an error message in the application tab in the event log event id 1085 and 1091. It seems to be that computers that in the domain controller’s container and that have the default domain controller group policy applied to that container receive error message 1085 and 1091 in the event log. When I move one the computers out of that container and out it to an ou that does not have the default domain controller group policy applied and do a gpupdate /force on that computer the error message does not come up. This error message will come up in the event log about every 5-6 minutes or if you do gpupdate /force in the in the domain controller container. All of my computers have the latest Microsoft Windows Updates and I have even tried the fix on http://support.microsoft.com/kb/823608 but my computers had the latest updates applied to them so this fix could not be applied. My next step is to do a Dcgpofix but I will leave this as a last resort option. Any suggestions would help. Thx


Source Usernev
Category None
Type Error 
Event ID: 1085
User NT AUTHORITY\SYSTEM
Description:The Group Policy client-side extension IP Security failed to execute. Please look for any errors reported earlier by that extension.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Source Usernev
Category None
Type Error 
Event ID: 1091
User NT AUTHORITY\SYSTEM
Description: The Group Policy client-side extension IP Security failed to log RSOP (Resultant Set of Policy) data. Please look for any errors reported earlier by that extension.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## ktryc (Aug 30, 2007)

i had the same problem not too long ago, i had to demote the DC the run DCPromo again.
Also if it is deploying DHCP, make sure the pool is set up correctly. And the DC IP settings are correct also (prim and sec DNS and WINS)
If it is happing to more than 1 DC, check the Primary DC.


----------



## VeGeTa-X (Jun 10, 2008)

ktryc said:


> i had the same problem not too long ago, i had to demote the DC the run DCPromo again.
> Also if it is deploying DHCP, make sure the pool is set up correctly. And the DC IP settings are correct also (prim and sec DNS and WINS)
> If it is happing to more than 1 DC, check the Primary DC.


Hi ktryc, were you receiving the same error messages as me and when you ran a rsop.msc did you receive the error message below? This all started when I was was adding a ipsec policy and I deleted when I was done these error messages started to come up.



IP Security failed due to the error listed below and failed to log resultant set of policy information.
The policy object does not exist.


----------

