November 12

How to Fix GPO Sysvol Permissions Error

Problems:

In a multi domain controllers Forest, some of the domain controllers have the following error

The SYSVOL permissions of one or more GPO’s on this domain controller are not in sync with the permissions for the GPO’s on the Baseline domain controller.

 

The Cause:

Domain controllers create two Domain Admin accounts with permissions on the GPOs. You can not see them  in the GUI but running icacls {GPO UID}, you can see two Domain Admin accounts.

In GUI, you only see one Domain Admins account

Run CMD in elevated mode,  you can see there are two main admins account

icacls “{GPO UID}”

The Solutions

First, remove both domain admin account

icacls “{GPO UID}” /remove:g “<localdomain>\Domain Admins”

Second,  add a single Domain Admin account back to the GPO

icacls “{GPO UID}” /grant “<localdomain>\Domain Admins”:(OI)(CI)(F)

Third, do the same on the other affected Domain controllers.

Finally, wait or manually forced replication again with these two commands

repadmin /syncall

repadmin /syncall /AdePq

 

July 4

How to Configure PDC to synchronize time with external NTP server

1) Stop the W32Time service: C:>net stop w32time
2) Configure the external time sources, type: C:> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
3) Make your PDC a reliable time source for the clients. Type: C:>w32tm /config /reliable:yes
4) Start the w32time service: C:>net start w32time

type w32tm /resync  (this will force a sync to the new servers)

finally, check if the server is using the new ntp server.

w32tm /query /source
Display time source

 

 

March 21

WDS Client Failed to Start Error 0xc0000001

Problem:

In the server, you see the following error in the WDS log file:

                The Following Client failed TFTP Download:   ErrorCode: 13

At the client computer, you see the following error screen:

                Windows failed to start. A recent hardware or software change might be the cause.  Status:0xC0000001

Solution:

Make the following changes on WDS server

Open tab “TFTP” and change the maximum block size to e.g. 1024.

Uncheck “enable variable Window Extension”

 

If the wds server and the client machine are located in different networks, add  ip helper-address in the switch.

ip helper-address x.x.x.x   (WDS server's ip address)

Solution 2: add the drivers to the install image package.

1 Download the latest laptop/desktop network card driver and add the driver package.

 

 

Add driver packages to the Install Image