Unable to run RSoP/GPResult

I'm running into an issue where I am consistently getting the following error message when trying to run gpresult from the command line:

"ERROR: Logon failure: unknown user name or bad password."

My user account and computer sit in a top level OU.  I should have two group policies applying to my account: 1) Default Domain policy and 2) IT GPO.

The Default Domain policy has the follow settings configured:
1) Turn off background refresh... -- Disabled
2) User Group Policy loopback... -- Enabled - Merge
3) Group Policy slow link detection -- Enabled
4) Turn off RSoP logging -- Not Configured (default is to allow RSoP logging)
5) Remove users ability to invoke machine... -- Disabled

The rest of the options are Not Configured at this point.

The IT GPO does not have any modified settings for Group Policy.

I am member of the Enterprise Admin group.  We are a single, 2003 domain network.  We do use home folders (I:).

Any ideas?


Marc
LVL 2
ACCUmarcAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Computer101Connect With a Mentor Commented:
PAQed with points refunded (250)

Computer101
EE Admin
0
 
Jay_Jay70Commented:
as a test, add you user to the Group Policy Creators/owner group in AD and see if you have better results

can you run an RSOP on the OU in AD
0
 
ACCUmarcAuthor Commented:
I'm using the Group Policy Management console for all editing/modeling.  When I try to run a GP Result model via the GPMC, I get an access denied error message when I try to run it for my workstation.  If I try another machine, I am able to do so.  From the command line, I still get the same error message.

It makes me think there is a policy issue but I can't find a setting that would cause something like this; other than the ones I listed above and they seem to be set correctly for what I want to accomplish.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Jay_Jay70Commented:
permissions on the policy itself, is there any thing awkward in there?
0
 
ACCUmarcAuthor Commented:
I'm not sure.  I just started with this company about a month ago and group policy has been a thorn in my side since.  The previous network guys were complete morons and tore it to shreds.  The previous two network guys had a bunch of "great" ideas on security and, well, I've never seen a domain get so screwed up.

I can't find anything in the policy itself that would cause any major issues and I've never had any conflict before now.  I'm probably going to just rebuild group policy over night and import the new policies tomorrow.  I think that would be the best bet.  I'll try that and see if my problem resolves itself; unless you can think of something that might cause oddities such as this.

Something interesting I just tried.  I placed a block inheritance at the IT level and ran another gpupdate.  This time it took an excessive amount of time before refreshing the policy.  I also received an error message in the RSoP management console regarding WMI?  I've never had a problem with this before.
0
 
Jay_Jay70Commented:
interesting to see if the error is coming from your user or machine side of things - i am guessing the policy itself has something messed up in it, if you are now solely in charge of the network, then i would rebuild the policies as you see fit
0
 
LazarusCommented:
Remove your computer from the domain and then re-add it. It sounds like you have a corrupted machine account. It's easy to do and won't hurt to try.
0
 
ACCUmarcAuthor Commented:
It seems to be working now.  I have no idea what I did either.  I restarted my machine again but now it's running the RSoP at demand.  I did add myself to the Group Policy Creator Owners group but I've restarted since then and forced an update of GP.  

I have no resolution for this issue.  It seems to have resolved itself.
0
 
Jay_Jay70Commented:
hmm very odd...i have no explanation for that
0
 
ACCUmarcAuthor Commented:
I'll make some subtle changes over the next day or so and see if I can recreate the problem.  If I'm able to do so, I'll post what setting(s) it was and how to reverse it.

I really appreciate the assistance!


Marc
0
 
Jay_Jay70Commented:
cheers mate, good luck
0
 
ACCUmarcAuthor Commented:
Rebuilding Group Policy was the answer.  After totally recreating all policies I was able to solve the issue.  I can't locate any conflicting policies but I admit I may have overlooked something.
0
 
Jay_Jay70Commented:
as long as all is well then :)
0
 
bdabyeCommented:
Hi guys

I have the same problem as ACCUmarc (I've inherited a network also). It seems I can't run gpresult or RSOP on domain controllers.  RSOP gives me an access denied message. GPresult gives me the bad login message.  I can run GPResult on workstations !?! .  I don't understand.  I am using the domain administrators account, and I removed and readded the domain administrator to the Group Policy Creator Owners group in the domain, as ACCUmarc suggested.    So if I understand ACCUmarc's comment, I need to recreate all my group policies ??
0
 
ACCUmarcAuthor Commented:
That's exactly what I did.  The Default Domain policy was butchered.  It was fragmented in so many policies that it was the quickest method.  I created a new policy at the domain policy and did it my way.  Magically everything worked after that.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.