I am having major group policy issues. I had this problem before and I thought I had it fixed, but now it’s back. It could start working in a day or two, but I want to get rid of it once and for all.
Group policies are not working correctly! There are three policies total – default domain, domain controllers, and a firewall policy - and all of the GPO(s) are working with the exception of the firewall policy. The reason denied is: Access Denied (Security Filtering). The policy has been working correctly for while, and just stopped (again) today.
Prior fix (no policies were running at the time): Removed Authenticated Users from all policies/Ran policy; Added Authenticated Users to all policies/Ran policy, and everything started working fine (for two weeks).
Special observations: any changes on a GPO’s setting results in a “Access Denied (Security Filtering)” in the computer configuration summary, but will run perfectly in the User configuration summary.
Any new GPO’s with a computer configuration setting is not displayed in computer configuration summary at all, but will run perfectly in the User configuration summary.
Two events appear on various pc(s) throughout the domain (but not all). These events happen at exactly the same time – ONE FOR ONE.
No related errors on any servers
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
The Security System could not establish a secured connection with the server ldap/DC01.My.org/My.org@My.org. No authentication protocol was available.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.
Environment: All servers 2003; all workstations XP
One domain controller with one NIC
I’ve climbed all over DNS and GPMC on this thing