Share via

How to fix Active Directory Group Policy errors 7017 and 1058?

Adam Bohil 61 Reputation points
2024-10-21T18:58:20.11+00:00

Hello all!

I have a lab set up for learning Active Directory. There are 2 domain controllers (DC1 and DC2) and one Windows 10 domain member (Win10).

DC2 doesn't seem to be applying GPOs as expected. When I run a gpresult on DC2, it shows "2 Errors Detected" in the Summary section:

  • 7017:

The system calls to access specified file completed. \company.dev\SysVol\bohil.dev\Policies{995A8A95-5E43-447D-8164-CC4B7082D825}\gpt.ini The call failed after 0 milliseconds.

  • 1058:

The processing of Group Policy failed. Windows attempted to read the file \company.dev\SysVol\bohil.dev\Policies{995A8A95-5E43-447D-8164-CC4B7082D825}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.

One thing I noticed as I start looking into this is the sysvol directories aren't the same on both domain controllers. Here's what I'm seeing:

\DC1\SYSVOL\company.dev\Policies
User's image

\company.dev\sysvol\company.dev\Policies
User's image

\DC2\SYSVOL\company.dev\Policies
User's image

My research seems to be taking me down the road of Authoritative SYSVOL Restore, but I'm not sure I need to go there yet. And, I don't know that would fix the problem. Is there something I should be looking at to ensure I'm getting at the root cause of the problem?

Thanks!

Windows for business Windows Client for IT Pros Directory services Active Directory
Windows for business Windows Server User experience Other
0 comments
Accepted answer
  1. Yanhong Liu 14,195 Reputation points Microsoft External Staff
    2024-10-22T07:13:38.3666667+00:00

    Hello

    Thank you for posting in Q&A forum

    If sysvol aren't the same on both domain controllers. it means that your DC DFSR have meet some problem so it can't sync file from two folder, if client receive order to sync 8 policies, but only find 7 policies at DC which he contacts, then update will fail.

    D2 (Non-Authoritative Sync):

    This process is used when only a few domain controllers are out of sync. It replicates SYSVOL from the most up-to-date domain controller.

    D4 (Authoritative Sync):

    This process is used when more than half of the domain controllers are out of sync, or if there's a significant corruption. It involves restoring SYSVOL from a backup and then replicating it to all domain controllers.

    and you can follow the step which below link to fixed it

    Force synchronization for Distributed File System Replication (DFSR) replicated sysvol replication - Windows Server | Microsoft Learn

    Best regards

    Yanhong

    =====================================

    If the answer is helpful, please click "Accept answer" and upvote it

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.