-
Title
A Severe Error has occured Which has caused Adanced Audit Configuration to Unload -
Description
When editing Advanced Audit Policies in an existing policy the following error is shown " Severe Error has occured Which has caused Adanced Audit Configuration to Unload"
There is no such Object on the Server (Exception From Hresult : 0x80072030)
This error occurs as well if you try to edit the group policy directly from GPMC and if GPMC is connected to a domain controller running on Windows Server 2022 Datacenter Edition.
-
Cause
Permissions granted to the GPOAdmin Service account are not set correctly on Certain GPOs, when Trying to edit the following in a gpo
Policies - Windows Settings - Security Settings - Advanced Audit Policy Configuration
Or, permissions granted are correct. But, the target DC or preferred DC set on GPOADmin console is running on Windows Server 2022 Datacenter Edition. This issue does not occur if preferred DC runs on a different OS version.
-
Resolution
To test and confirm its a permissions issue
1. Log into GPOadmin server as the GPOadmin Service account
2. Load Group Policy Management Console (GPMC) and connect to the same domain controller that you have set in GPOADmin as Preferred DC, or connect to the PDC if there is no Preferred DC set in the GPOADmin console.3. Test by modifying existing GPO, or create a new one and attempt to modify Advanced Audit Policy Configuration under the following:
Policies - Windows Settings - Security Settings - Advanced Audit Policy Configuration
3. If GPMC has the problem then the permissions that the GPOAdmin Service account has on that Domain or GPO in Sysvol are incorrect, refer to the following article on minimum permissions - https://support.quest.com/gpoadmin/kb/74605
4. Once the permissions are set, retry in GPMC then GPOAdmin. If issue still persists then proceed to next step.
5. If your PDC or Preferred DC is running on Windows Server 2022 DataCenter, then Change preferred domain controller to a different DC that runs on a different OS version. You may change this in GPOADmin console under Options > Options > Preferred Domain Controllers.
6. Test on both GPMC, and GPOADmin logged as the service account in the GPOADmin server and confirm if issue occurs with a different DC on a different OS version.
If issue does not occur in a different OS version, or If changing preferred DC to a different one to test is not an option, then in this case we recommend to open a troubleshoot case with Microsoft to investigate this particular issue with Advanced Audit Policies on Windows Server 2022 Datacenter.