Uable to save changes to Group Policy

TheMSsForum.com: The Microsoft Software Forum

I have posted in this in several groups, no responses. Trying again! See
previous posts below.

Since I posted the last time, I have done a "repair" install of Server 2k3
complete with all updates etc. Recreated the domain, same issue.

On a second server, i created a new/different domain, same issue.
I have repeatedly tried resetting permissions/ownership/etc, no effect on
the problem

I am certain this issue is related to the Symantec AV V10.0.2 as I have
another new out of the box unit with R2 which has never had SAV installed, no
issues there.

I am sure this is an early detection of a problem that will be plaguing R2
users as I see it posted through out the newsgroups and have yet to see a
resolution. So any suggestions/fixes would be greatly appreciated. I am on my
way to formatting and reinstalling on three brand new servers as a result.
While I have that luxery in the lab I am sure there are many in a production
environment who dont.
ORIGINAL POSTS:
I have seen numerous posts regarding this issue, no real answers.
My scenero: Three new Windows 2003 Servers Standard Edition R2. Lab
environment, everything fresh. the only setups done are basic domain and
active directory and entering users. Symantec Antivirus Corporate 10.0
installed but disabled. One server is PDC, others are BDC and connected by
VPN (again, lab environment with VPN up and running.) All seems to work well.
Settings replicate properly, licenses replicate properly. No real issues
other than when trying to set GPO, the following error occurs: "group policy
snapin was unable to save your changes due to the following error: the
process cannot access the file because it is being used by another process".
I have read post after post and tried all the suggestions given (which were
few) but none has helped. I thought perhaps replication between the servers
was the issue, but shutting down the BDCs does not effect the situation. If i
go to
D:\WINDOWS\SYSVOL\sysvol\mydomain.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\MACHINE\Microsoft\Windows
NT\SecEdit\GptTmpl.inf and edit the file manually, it still does not let me
save returning an error saying it cannot create the file followed by the full
path. I have reset permissions, ownership, all to no avail. Any responses
greatly appreciated!

UPDATE: I spoke with Symantec support today, found v10.0.2 of SAV Corp. is
not compatible and is problematic when used with Windows server 2003 R2. I
removed SAV from all three servers, removed the domain controller roll from
all three and recreated the domain on the primary server. I still have the
above error when trying to change GPO. In removing the rolls, it seems there
are numerous problems created by installing the SAV V10.0.2 BEWARE!! At this
point it looks as if I will have to start from scratch, format and
reninstall. Any suggestions guys?? I really do not want to go through the
process of reloading 3 servers!
THANKS~~!!
Top

Re: Uable to save changes to Group Policy by Lanwench

Lanwench
Thu May 11 10:03:18 CDT 2006

Inline....

In news:8B32D5A8-5B04-4AF5-9FC4-9BEFFDA300EB@microsoft.com,
Michael <Michael@discussions.microsoft.com> typed:
> I have posted in this in several groups, no responses.

Did you post in microsoft.public.windows.group_policy? That's the most
logical choice, I'd think....with perhaps a crosspost to
m.p.windows.server.active_directory. This isn't really a security issue.

<snip>

>
> I am certain this issue is related to the Symantec AV V10.0.2 as I
> have another new out of the box unit with R2 which has never had SAV
> installed, no issues there.

I'm not a fan of Symantec products in general... sounds like you've isolated
the problem. If their product is not listed as being compatible with R2, you
shouldn't install it on R2 except in a lab environment such as you've done.

>
> I am sure this is an early detection of a problem that will be
> plaguing R2 users as I see it posted through out the newsgroups and
> have yet to see a resolution.

I'd say the only resolution is for people to check for software
compatibility before installing *anything* on a production server.


> So any suggestions/fixes would be
> greatly appreciated. I am on my way to formatting and reinstalling on
> three brand new servers as a result. While I have that luxery in the
> lab I am sure there are many in a production environment who dont.

You may be right, sad to say - but again, people need to check with their
software vendors for application compatibility before installing software.

> ORIGINAL POSTS:
> I have seen numerous posts regarding this issue, no real answers.
> My scenero: Three new Windows 2003 Servers Standard Edition R2. Lab
> environment, everything fresh. the only setups done are basic domain
> and active directory and entering users. Symantec Antivirus Corporate
> 10.0 installed but disabled. One server is PDC, others are BDC


...minor pedantic correction - there's no PDC/BDC distinction in AD - just
DCs :-)

<snip>
>
> UPDATE: I spoke with Symantec support today, found v10.0.2 of SAV
> Corp. is not compatible and is problematic when used with Windows
> server 2003 R2. I removed SAV from all three servers, removed the
> domain controller roll from all three and recreated the domain on the
> primary server. I still have the above error when trying to change
> GPO. In removing the rolls, it seems there are numerous problems
> created by installing the SAV V10.0.2 BEWARE!! At this point it looks
> as if I will have to start from scratch, format and reninstall. Any
> suggestions guys?? I really do not want to go through the process of
> reloading 3 servers!
> THANKS~~!!

Since yours is a lab environment, in the future you might consider using
virtual server sessions that you can 'roll back' ....and/or cloned server
images you can reload after testing. I'm not sure what else to advise,
sorry. Best of luck...perhaps someone else will post with happier news.


Top