Network File Errors Occur After You Install Windows XP SP1

 
The information in this article applies to:
bulletMicrosoft Windows 2000 Server, versions SP1, SP2, SP3
bulletMicrosoft Windows 2000 Professional, versions SP1, SP2, SP3
bulletMicrosoft Windows XP Professional SP1
 

SYMPTOMS

After you install Windows XP Service Pack 1 (SP1), you may see a variety of errors relating to Windows XP SP1 client computers. These errors may include, but are not limited to the following errors:

bulletWhen you open Microsoft Office files, they are opened as read-only (you have to click Save As to save a file).
bulletYou cannot copy files.
bulletThe file or the network path no longer exists.
bulletNetwork paths are not accepted by any network provider.
bulletThe following event ID messages are logged after you apply Group Policy objects (GPOs):
 
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 2/8/2002
Time: 7:25:40 AM
User: NT AUTHORITY\SYSTEM
Computer: MYCOMPUTER
Description: Windows cannot access the file gpt.ini for GPO
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=lcds,DC=lab
The file must be present at the location \\lcds.lab\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
(Access is denied) Group Policy processing aborted.


Event Type: Error
Event Source: SceCli
Event Category: None
Event ID: 1030
Date: 2/8/2002
Time: 7:30:46 AM
User: N/A
Computer: MYCOMPUTER
Description: Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.
bulletThe following event ID message is logged:
 
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 2/8/2002
Time: 12:30:46 AM
User: N/A
Computer: NT AUTHORITY\SYSTEM
Description: Windows cannot access the file gpt.ini for GPO CN={GUID},CN=Policies,CN=System,DC=DOMAIN,DC=com. The file must be present at the location <\\domain.com\SysVol\domain.com\Policies\{GUID}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.
bulletYou receive the following error message when you try to open a file on a network share:
 
Cannot open the File on network share
Make sure a disk is in the drive you specified.
bulletYou cannot find the file that you specify, even when you select a file from Windows Explorer.
bulletSome files are corrupted.

Generic error messages that indicate errors copying a file or opening a file appear at random on the Windows XP SP1 client.

CAUSE

These problems occur because of an incompatibility in Server Message Block (SMB) signing between Microsoft Windows 2000 and Windows XP SP1. By default, SMB signing is turned on on domain controllers only when possible. By default, you only experience this problem when you copy files to and from a domain controller. However, if you apply policy settings or set registry keys to servers, you may experience problems when you copy files to and from a server.

RESOLUTION

To resolve this problem, apply the Q329170 hotfix that is described in the following Microsoft Knowledge Base article:

Q329170 File or Network Path No Longer Exists Error Message When You Copy Files in Windows XP SP1

WORKAROUND

To work around this problem, use Group Policy settings to turn off SMB signing. To do so, set the Default Domain Controller policy settings to Disabled:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Right-click the Domain Controllers organizational unit, and then click Properties.
  3. Click the Group Policies tab.
  4. Click Default Domain Controllers Policy, and then click Edit.
  5. Go to the following location:

    Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

  6. If any of the following policy settings are set to Enabled, double click the setting, click to select the Define this policy setting check box, click Disabled, and then click OK.

    NOTE: By default, only one setting is set to Enabled.
    bulletDigitally sign client communication (always)
    bulletDigitally sign client communication (when possible)
    bulletDigitally sign server communication (always)
    bulletDigitally sign server communication (when possible)


     

  7. Close Group Policy editor, click OK, and then quit Active Directory Users and Computers.

    By default, Group Policy settings are refreshed on domain controllers every five minutes. To force the policy settings to be refreshed on Windows 2000 immediately, run the following command:

    secedit /refreshpolicy machine_policy /enforce

  8. After the settings are applied, restart Windows 2000.

The following list describes the default settings for the Default Domain Controllers policy settings:

bulletDigitally sign client communication (always): Not defined
bulletDigitally sign client communication (when possible): Not defined
bulletDigitally sign server communication (always): Not defined
bulletDigitally sign server communication (when possible): Enabled

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

Q161372 How to Enable SMB Signing in Windows NT

Q314494 Group Policies Are Not Applied The Way You Expect; Event ID 1058 and Event ID 1030 Errors in the Application Log

First Published: Oct 21 2002 9:34AM