Event ID 1006 — Group Policy Preprocessing (Active Directory)

Updated: September 21, 2007

Applies To: Windows Server 2008

red

Group Policy processing requires Active Directory. The Group Policy service reads and updates information stored in Active Directory. The absence of Active Directory (or a domain controller) prevents Group Policy from applying to the computer or user.

Event Details

Product: Windows Operating System
ID: 1006
Source: Microsoft-Windows-GroupPolicy
Version: 6.0
Symbolic Name: gpEvent_FAILED_DS_BIND
Message: The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the Details tab for error code and description.

Resolve

Correct binding to the directory

The Group Policy service logs the error code. This information appears on the Details tab of the error message in Event Viewer. The error code (displayed as a decimal) and error description fields further identify the reason for the failure. Evaluate the error code with the list below:

  • Error code 5
  • Error code 49
  • Error code 258

Error code 5 (Access is denied)

This error code might indicate that the user does not have permisson to Active Directory.

To correct permisssions for accessing Active Directory: 

Error code 49 (Invalid credentials)

This error code might indicate that the user's password expired while the user is still logged on the computer.

To correct invalid credentials: 

  1. Change the user's password.
  2. Lock/unlock the workstation.
  3. Check if there are any system services running as the user account.
  4. Verify the password in service configuration is correct for the user account.

Error code is 258 (Timeout)

This error code might indicate that the DNS configuration is incorrect.

To correct timeout issues:

  1. Use the nslookup tool to confirm _ldap._tcp.<domain-dns-name> records are registered and point to correct servers (where domain-dns-name is the fully qualified domain name of your Active Directory domain).
  2. Use Active Directory troubleshooting procedures to further diagnose the problem (http://go.microsoft.com/fwlink/?LinkId=92707).

Note: These steps may have varying results if your network constrains or blocks ICMP packets.

Verify

Group Policy applies during computer startup and user logon. Afterward, Group Policy applies every 90 to 120 minutes. Events appearing in the event log may not reflect the most current state of Group Policy. Therefore, you should always refresh Group Policy to determine if Group Policy is working correctly.

To refresh Group Policy on a specific computer:

  1. Open the Start menu. Click All Programs and then click Accessories.
  2. Click Command Prompt.
  3. In the command prompt window, type gpupdate and then press ENTER.
  4. When the gpupdate command completes, open the Event Viewer.

Group Policy is working correctly if the last Group Policy event to appear in the System event log has one of the following event IDs:

  • 1500
  • 1501
  • 1502
  • 1503

Related Management Information

Group Policy Preprocessing (Active Directory)

Group Policy Infrastructure

Community Additions

ADD
Show: