Solved

Unable to run RSoP/GPResult

Posted on 2006-10-31
17
5,711 Views
Last Modified: 2011-09-08
I'm running into an issue where I am consistently getting the following error message when trying to run gpresult from the command line:

"ERROR: Logon failure: unknown user name or bad password."

My user account and computer sit in a top level OU.  I should have two group policies applying to my account: 1) Default Domain policy and 2) IT GPO.

The Default Domain policy has the follow settings configured:
1) Turn off background refresh... -- Disabled
2) User Group Policy loopback... -- Enabled - Merge
3) Group Policy slow link detection -- Enabled
4) Turn off RSoP logging -- Not Configured (default is to allow RSoP logging)
5) Remove users ability to invoke machine... -- Disabled

The rest of the options are Not Configured at this point.

The IT GPO does not have any modified settings for Group Policy.

I am member of the Enterprise Admin group.  We are a single, 2003 domain network.  We do use home folders (I:).

Any ideas?


Marc
0
Comment
Question by:ACCUmarc
17 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846151
as a test, add you user to the Group Policy Creators/owner group in AD and see if you have better results

can you run an RSOP on the OU in AD
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17846224
I'm using the Group Policy Management console for all editing/modeling.  When I try to run a GP Result model via the GPMC, I get an access denied error message when I try to run it for my workstation.  If I try another machine, I am able to do so.  From the command line, I still get the same error message.

It makes me think there is a policy issue but I can't find a setting that would cause something like this; other than the ones I listed above and they seem to be set correctly for what I want to accomplish.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846329
permissions on the policy itself, is there any thing awkward in there?
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17846354
I'm not sure.  I just started with this company about a month ago and group policy has been a thorn in my side since.  The previous network guys were complete morons and tore it to shreds.  The previous two network guys had a bunch of "great" ideas on security and, well, I've never seen a domain get so screwed up.

I can't find anything in the policy itself that would cause any major issues and I've never had any conflict before now.  I'm probably going to just rebuild group policy over night and import the new policies tomorrow.  I think that would be the best bet.  I'll try that and see if my problem resolves itself; unless you can think of something that might cause oddities such as this.

Something interesting I just tried.  I placed a block inheritance at the IT level and ran another gpupdate.  This time it took an excessive amount of time before refreshing the policy.  I also received an error message in the RSoP management console regarding WMI?  I've never had a problem with this before.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846403
interesting to see if the error is coming from your user or machine side of things - i am guessing the policy itself has something messed up in it, if you are now solely in charge of the network, then i would rebuild the policies as you see fit
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 17846425
Remove your computer from the domain and then re-add it. It sounds like you have a corrupted machine account. It's easy to do and won't hurt to try.
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17846434
It seems to be working now.  I have no idea what I did either.  I restarted my machine again but now it's running the RSoP at demand.  I did add myself to the Group Policy Creator Owners group but I've restarted since then and forced an update of GP.  

I have no resolution for this issue.  It seems to have resolved itself.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846467
hmm very odd...i have no explanation for that
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17846473
I'll make some subtle changes over the next day or so and see if I can recreate the problem.  If I'm able to do so, I'll post what setting(s) it was and how to reverse it.

I really appreciate the assistance!


Marc
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846552
cheers mate, good luck
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17884118
Rebuilding Group Policy was the answer.  After totally recreating all policies I was able to solve the issue.  I can't locate any conflicting policies but I admit I may have overlooked something.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17885867
as long as all is well then :)
0
 

Expert Comment

by:bdabye
ID: 19156267
Hi guys

I have the same problem as ACCUmarc (I've inherited a network also). It seems I can't run gpresult or RSOP on domain controllers.  RSOP gives me an access denied message. GPresult gives me the bad login message.  I can run GPResult on workstations !?! .  I don't understand.  I am using the domain administrators account, and I removed and readded the domain administrator to the Group Policy Creator Owners group in the domain, as ACCUmarc suggested.    So if I understand ACCUmarc's comment, I need to recreate all my group policies ??
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 19157398
That's exactly what I did.  The Default Domain policy was butchered.  It was fragmented in so many policies that it was the quickest method.  I created a new policy at the domain policy and did it my way.  Magically everything worked after that.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19428964
PAQed with points refunded (250)

Computer101
EE Admin
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Resolve DNS query failed errors for Exchange
This video discusses moving either the default database or any database to a new volume.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now