I recently had an issue where a hosting environment was registering a lot of Netlogon Event 1030/1058 issues, being unable to find the Group Policy objects or download them. In this example, the server DC is the domain controller for DOMAIN.LCL.
_Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 10/09/2009
Time: 06:24:29
User: NT AUTHORITY\SYSTEM
Computer: DC
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this. For more information, see Help and Support Center at_ http://go.microsoft.com/fwlink/events.asp.
_Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 10/09/2009
Time: 06:24:29
User: NT AUTHORITY\SYSTEM
Computer: DC
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=DOMAIN,DC=LCL. The file must be present at the location <\DOMAIN.LCL\sysvol\DOMAIN.LCL\Policies{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Windows cannot find the network path. Verify that the network path is correct and the destination computer is not busy or turned off. If Windows still cannot find the network path, contact your network administrator. ). Group Policy processing aborted. For more information, see Help and Support Center at_ http://go.microsoft.com/fwlink/events.asp.
On the affected machines, when navigating to \DOMAIN.LCL there were no shares available, however navigating to \DC shows the NETLOGON and SYSVOL shares. Pinging DOMAIN.LCL and then the DC showed that the IP addresses were not the same as expected, DOMAIN.LCL was resolving to the backup network, whereas DC was resolving to the servers LAN IP.
I checked the DNS records for the server, which were correct. Investigating the adaptor binding settings under Control Panel > Network Connections > Advanced > Advanced Settings showed that the backup network’s adaptor was first in the list. I moved the adaptor for the LAN to the top of the list and OK’d my way out. I restarted the NETLOGON service and the issue was solved.
Windows servers have never been particularly good at being multi-homed, especially domain controllers. My advice comes from some bitter experience…
Hope that helps!