Group Policy processing has been aborted because the GPLink property of an object cannot be accessed

Group_Policy_processing_has_been_aborted_because_the_GPLink_property_of_an_object_cannot_be_accessed_5_Rule (Rule)

Knowledge Base article:

Summary

UserEnv experienced an error applying Group Policy to the domain controller. Group Policy must be applied successfully for domain controllers to function properly because domain controllers get several critical permissions, such as Access this computer from network, through policy.

Because of the architecture of UserEnv, Microsoft Operations Manager (MOM) is unable to directly report the specific problem.

Sample Event:

Windows cannot access the GPLink property for the object %1 in Active Directory. The access to the object may be denied. The return value is (%2). Group Policy processing aborted.

Causes

This is usually caused by corruption in the Active Directory® directory service.

Resolutions

Check the object that is identified in the event to see if it needs to be fixed.

To enable UserEnv logging, see Knowledge Base article 221833, “How to Enable User Environment Debug Logging in Retail Builds of Windows,” at http://go.microsoft.com/fwlink/?LinkId=25636. The log file provides details for the specific error.

External

Element properties:

Target

Microsoft.Windows.Server.2003.AD.DomainControllerRole

Category

EventCollection

Enabled

True

Alert Generate

True

Alert Severity

Warning

Alert Priority

Normal

Remotable

True

Alert Message

Group Policy processing has been aborted because the GPLink property of an object cannot be accessed

{0}

Event Log

Application

Comment

Mom2005ID='{6E0FB53C-349C-4FD4-BCB7-63163A562C4F}';MOM2005GroupID=

Member Modules:

ID	Module Type	TypeId	RunAs
DS	DataSource	Microsoft.Windows.EventProvider	Default
CollectEventData	WriteAction	Microsoft.SystemCenter.CollectEvent	Default
CollectEventDataWarehouse	WriteAction	Microsoft.SystemCenter.DataWarehouse.PublishEventData	Default
GenerateAlert	WriteAction	System.Health.GenerateAlert	Default

Source Code:

<Rule ID="Group_Policy_processing_has_been_aborted_because_the_GPLink_property_of_an_object_cannot_be_accessed_5_Rule" Comment="Mom2005ID='{6E0FB53C-349C-4FD4-BCB7-63163A562C4F}';MOM2005GroupID=" Enabled="onEssentialMonitoring" Target="AD2003Core!Microsoft.Windows.Server.2003.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>1099</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>UserEnv</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>UserName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>System</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertOwner>$Data/PublisherName$</AlertOwner>

      <AlertMessageId>$MPElement[Name="Group_Policy_processing_has_been_aborted_because_the_GPLink_property_of_an_object_cannot_be_accessed_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

    <WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>