Heart attack time. There’s nothing worse than reviewing a Windows Server 2003 event log and seeing row after row of red X application event log entries. This is especially true for something like a bunch of nastygrams indicating group policy is failing on your Active Directory (AD) Domain Controller (DC). It happened on my DC. I went to do my daily review of the logs and sure enough, I had a whole screen of red X events. In fact, the events were occurring every couple of minutes. The exact messages I was getting are at http://support.microsoft.com/default.aspx?scid=kb;en-us;830676 The 1030 and 1058 events are pretty well documented although the actual source of the problem can be VERY elusive.
My DC is similar in design to a Small Business Server (SBS) 2003 implementation. In fact, I plan to move to SBS eventually. My DC is a tri-homed server running ISA 2004 SP1, Exchange 2003 SP1, etc. The ISA server is using the perimeter template and I’ve customised the rules, networks, protocols, etc. rather extensively. I’m like you and seem to always be fiddling with stuff. My most recent set of tweaks were related to DNS so I figured I’d butchered something up and hosed AD.
When reviewing some of the KB articles on the 1030 and 1058, I spent time reviewing the DNS implementation. I was pretty confident it was correct so I started looking at the other potential sources or culprits of this error. I looked at the registry, checked to make sure services are running, checked service dependencies, etc., etc., etc. Nothing seemed to work. Now I’m getting nervous. I’m thinking my SBS implementation might be happening sooner than I thought.
Then I noticed something in http://support.microsoft.com/default.aspx?scid=kb;en-us;314494 that I had blown off. Down at the bottom of the KB, it mentions File and Print Sharing being disabled on the network interface. I thought, surely this can’t be the reason I’m seeing all of the messages. After all, the internal LAN interface has File and Print turned on. The only place I turned F and P off was the WAN interface. So, I turned it back on and cleared the application event log. Time to grab a cup of coffee. I come back a few minutes later and click refresh… sure enough, no events. Kewl. So I surf the web, check email, etc. I come back to check about 20 minutes later… F$&% !!! I couldn’t believe that one little check box caused so much trouble. Geez I was happy. Time to relax. Screw the coffee, where’s my margarita?
Moral of the Story: Don’t Mess With Windows.