How to fix the “Could not connect to Group Policy Client service” Error

Recently a few of our Windows Vista machines have experienced a problem after removing Script Logic Desktop Authority from them, causing non-admin users to not be able to log into the machine.

GP-Client-service-error-large

The message that appears is
“Could not connect to Group Policy Client service. Please consult your system administrator.”
but strangely sometimes manifests as
“Windows could not connect to the system event notification service . Please consult your system administrator.”

After seeing this message, a normal user is dropped back to the Ctrl-Alt-Del logon screen.

This is how you can solve the problem if you are experiencing a similar problem

1. Log on to the machine as administrator
2. click start and into the search box type “Event Viewer” and press enter
3. Look in the Windows Logs under System for any Warnings or Errors. The error message will be something like Windows cannot process Group Policy Client Side Extension (Daci). Exception (in my case it was daci which is part of the script logic desktop authority program)
4. On the details tab, take a note of the GUID for the faulty client side extension
5. click start and into the search box type “regedit” and press enter
6. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions and then click on the string that represents your faulty GP Extension.
7. click on the file menu and choose export and save a backup of the file.
8. Once the registry is backed up you can delete the folder that corresponds to the GUID
9. Do a restart and log on as a normal user.

Problem solved!

Microsoft Distributed Transaction Coordinator Warning

Well I got a new error today other day on one of our domain controllers after doing a restart. A bit of a bug in Windows 2003 SP1 and easy enough to fix. The error is:

Event Type:    Warning
Event Source:    MSDTC
Event Category:    SVC
Event ID:    53258
Date:        05/01/2009
Time:        08:23:06
User:        N/A
Computer:    APOLLO
Description:
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Continue reading “Microsoft Distributed Transaction Coordinator Warning”

Outlook failed to start correctly last time. – and it goes on forever!!

I had this problem a about half a year ago where Outlook 2003 on terminal server would come up with a safe mode message for every user everytime they started it. At the time i solved the problem however a few weeks ago it came back and I couldn’t for the life of me remember how to fix it.

One of the uses of my blog is to document any bits of obscure IT related problems and their solutions so that if they happen to me again in the future i can just look up the solution without having to trawl google and waste time sifting through all the crap. Kinda like an IT helpdesk knowledgebase but for me.

So here goes:

When using Outlook 2003 on a Windows 2000 terminal server, you may receive the following error:

Outlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?

No matter what you click Outlook opens – Yay.

No! The next time you launch Outlook you get the prompt again. And so on….

This is because when Outlook 2003 crashes or fails to load, the program generates this error message when you restart it. Safe Mode is a special operating mode that disables several of Outlook’s features but at least lets the program load so you can see existing emails and access other elements of the software.

What is happening here is that the program is not clearing the entry in the computer’s registry so it continues to display the error message.

To fix the problem you need to go into the registry on the server and do a search for “Resiliency” there will be quite a few entries (dependant on the number of terminal server users), you need to delete every entry that referrs to Outlook it should be something along the lines of:

HKLM\Software\Microsoft\Windows NT\Current Version\Terminal Server\Install\Software\Microsoft\Office\11.0\Outlook\Resiliency

and

HK_USERS\S-x-xxxx….\…..\Software\Microsoft\Office\11.0\Outlook\Resiliency

Once these keys have been deleted the message should go away.

Terminal Server protocol error

Sometimes we have a problem with Windows Update and Terminal server that messes with the protocol causing the following error:

The remote computer disconnected the session because of an error in the licensing protocol. Please try connecting to the remote computer again or contact your server administrator.

To fix this simply do the following:

  1. On the client, navigate to the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing.
  2. Click MSLicensing.
  3. On the Registry menu, click Export Registry File.
  4. In the File name box, type mslicensingbackup, and then click Save.
  5. If you need to restore this registry key in the future, double-click mslicensingbackup.reg.
  6. On the Edit menu, click Delete, and then click Yes to confirm the deletion of the MSLicensing registry subkey.
  7. Close Registry Editor, and then restart the computer.

When the client is restarted, the missing registry key is rebuilt.

Reccurring DNS Error

I have had a reccuring DNS error on our SBS server for quite some time now. I’m not too sure how it came about but i suspect it was something to do with removing a member server that was acting as a second domain controller. The error was:

Event Type:    Error
Event Source:    DNS
Event Category:    None
Event ID:    4000
Date:     18/07/2008
Time:     06:38:39
User:    N/A
Computer:Â Â Â SBS01
Description:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Long story short, i had a duplicate zone in my dns server that was empty – all i needed to do was remove it and restart a few service an hey! no error.

the zone was _msdcs under mydomain.com – it was greyed out with nothing inside it. I had another copy of thiszone above it called _msdcs.mydomain.com which had all the right data in it.

  1. So i deleted the empty _msdcs entry
  2. at a command propmt ran: net stop netlogon
  3. then: ipconfig /flushdns
  4. then restart the DNS server
  5. then run: net start netlogon
  6. and finish with: ipconfig /registerdns

No more error in 6 easy steps! 🙂