Solved

Unable to run RSoP/GPResult

Posted on 2006-10-31
17
5,729 Views
Last Modified: 2011-09-08
I'm running into an issue where I am consistently getting the following error message when trying to run gpresult from the command line:

"ERROR: Logon failure: unknown user name or bad password."

My user account and computer sit in a top level OU.  I should have two group policies applying to my account: 1) Default Domain policy and 2) IT GPO.

The Default Domain policy has the follow settings configured:
1) Turn off background refresh... -- Disabled
2) User Group Policy loopback... -- Enabled - Merge
3) Group Policy slow link detection -- Enabled
4) Turn off RSoP logging -- Not Configured (default is to allow RSoP logging)
5) Remove users ability to invoke machine... -- Disabled

The rest of the options are Not Configured at this point.

The IT GPO does not have any modified settings for Group Policy.

I am member of the Enterprise Admin group.  We are a single, 2003 domain network.  We do use home folders (I:).

Any ideas?


Marc
0
Comment
Question by:ACCUmarc
17 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846151
as a test, add you user to the Group Policy Creators/owner group in AD and see if you have better results

can you run an RSOP on the OU in AD
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17846224
I'm using the Group Policy Management console for all editing/modeling.  When I try to run a GP Result model via the GPMC, I get an access denied error message when I try to run it for my workstation.  If I try another machine, I am able to do so.  From the command line, I still get the same error message.

It makes me think there is a policy issue but I can't find a setting that would cause something like this; other than the ones I listed above and they seem to be set correctly for what I want to accomplish.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846329
permissions on the policy itself, is there any thing awkward in there?
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17846354
I'm not sure.  I just started with this company about a month ago and group policy has been a thorn in my side since.  The previous network guys were complete morons and tore it to shreds.  The previous two network guys had a bunch of "great" ideas on security and, well, I've never seen a domain get so screwed up.

I can't find anything in the policy itself that would cause any major issues and I've never had any conflict before now.  I'm probably going to just rebuild group policy over night and import the new policies tomorrow.  I think that would be the best bet.  I'll try that and see if my problem resolves itself; unless you can think of something that might cause oddities such as this.

Something interesting I just tried.  I placed a block inheritance at the IT level and ran another gpupdate.  This time it took an excessive amount of time before refreshing the policy.  I also received an error message in the RSoP management console regarding WMI?  I've never had a problem with this before.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846403
interesting to see if the error is coming from your user or machine side of things - i am guessing the policy itself has something messed up in it, if you are now solely in charge of the network, then i would rebuild the policies as you see fit
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 17846425
Remove your computer from the domain and then re-add it. It sounds like you have a corrupted machine account. It's easy to do and won't hurt to try.
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17846434
It seems to be working now.  I have no idea what I did either.  I restarted my machine again but now it's running the RSoP at demand.  I did add myself to the Group Policy Creator Owners group but I've restarted since then and forced an update of GP.  

I have no resolution for this issue.  It seems to have resolved itself.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846467
hmm very odd...i have no explanation for that
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17846473
I'll make some subtle changes over the next day or so and see if I can recreate the problem.  If I'm able to do so, I'll post what setting(s) it was and how to reverse it.

I really appreciate the assistance!


Marc
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846552
cheers mate, good luck
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17884118
Rebuilding Group Policy was the answer.  After totally recreating all policies I was able to solve the issue.  I can't locate any conflicting policies but I admit I may have overlooked something.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17885867
as long as all is well then :)
0
 

Expert Comment

by:bdabye
ID: 19156267
Hi guys

I have the same problem as ACCUmarc (I've inherited a network also). It seems I can't run gpresult or RSOP on domain controllers.  RSOP gives me an access denied message. GPresult gives me the bad login message.  I can run GPResult on workstations !?! .  I don't understand.  I am using the domain administrators account, and I removed and readded the domain administrator to the Group Policy Creator Owners group in the domain, as ACCUmarc suggested.    So if I understand ACCUmarc's comment, I need to recreate all my group policies ??
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 19157398
That's exactly what I did.  The Default Domain policy was butchered.  It was fragmented in so many policies that it was the quickest method.  I created a new policy at the domain policy and did it my way.  Magically everything worked after that.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19428964
PAQed with points refunded (250)

Computer101
EE Admin
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AD health monitoring 2 71
DHCP setup on Windows Server 2012 11 155
Sonicwall AP 3 56
SQL Server Reporting Services Service Start Timeout 4 48
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now