Disclaimer: All postings are provided "AS IS" with no warranties, and confer no rights. This weblog does not represent the thoughts, intentions, plans or strategies of Microsoft. Because a weblog is intended to provide a semi-permanent point-in-time snapshot, you should not consider out of date posts to reflect current thoughts and opinions.
These are very generic client events and are logged whenever the system fails to apply Group Policy settings for either the user or the computer.
One thing to note concerning a Userenv 1030/1058 event is that it doesn’t have to be indicative of a problem, it can be caused by environmental issues like not being able to access a DC (because the network is down) or the network on the machine not being ready when it boots up and attempts to apply GPO’s.
Typical catalysts are:
The GUID of the policy that is reported in the events is also of interest, if you see this being reported only for specific GPO’s then you need to zoom on on those and investigate them for anomalies.It's also useful to note which DC the client is attempting to get Sysvol data from, especially if it only seems to be one particular DC that generates the events while the clients don't get the problem when connected to other DC's.
Consider that you have two security principals involved in the application of all GPO’s; the logged-on user account and the computer account of the machine the user is logged on to. Group Policy processing will do at least two passes (more if Loopback Merge mode is present) and first attempt to apply Computer Group Policy and then User Group Policy. Depending on how Fast Logon Optimization is set up this can be sequential or out of order.
During this operation, the client will attempt to download data from Sysvol on the DC it has a DFS connection with (See dfsutil /pktinfo which DC). Note that this doesn’t have to be the same DC as your logon DC but that is configurable.
The best way to resolve problems related to these two events is to enable Userenv logging on the client side and getting a log to read (See http://blogs.technet.com/instan/archive/2008/09/17/what-is-logged-to-the-userenv-log-file.aspx).
Secondary methods of troubleshooting would be network traces from the client that cover a time period where it logs the events, this should tell you if network problems are preventing the client from talking to the DC.
How to enable user environment debug logging in retail builds of Windows http://support.microsoft.com/kb/221833
Interpreting Userenv log files http://technet.microsoft.com/en-us/library/cc786775.aspx
AD & GPO FAQ http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/26455b36-26bd-4a44-b594-5a9f67bcd8df
DFSUtil in Windows Server 2003 VS DFSUtil in Windows Server 2008 http://blogs.technet.com/filecab/archive/2008/07/11/dfsutil-exe-in-windows-2003-vs-dfsutil-exe-in-windows-2008.aspx
An update for Windows Server 2003 and Windows 2000 Server makes it possible to put the logon server at the top of the DFS referrals list http://support.microsoft.com/kb/831201