Solved

Unable to run RSoP/GPResult

Posted on 2006-10-31
17
5,793 Views
Last Modified: 2011-09-08
I'm running into an issue where I am consistently getting the following error message when trying to run gpresult from the command line:

"ERROR: Logon failure: unknown user name or bad password."

My user account and computer sit in a top level OU.  I should have two group policies applying to my account: 1) Default Domain policy and 2) IT GPO.

The Default Domain policy has the follow settings configured:
1) Turn off background refresh... -- Disabled
2) User Group Policy loopback... -- Enabled - Merge
3) Group Policy slow link detection -- Enabled
4) Turn off RSoP logging -- Not Configured (default is to allow RSoP logging)
5) Remove users ability to invoke machine... -- Disabled

The rest of the options are Not Configured at this point.

The IT GPO does not have any modified settings for Group Policy.

I am member of the Enterprise Admin group.  We are a single, 2003 domain network.  We do use home folders (I:).

Any ideas?


Marc
0
Comment
Question by:ACCUmarc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
17 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846151
as a test, add you user to the Group Policy Creators/owner group in AD and see if you have better results

can you run an RSOP on the OU in AD
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17846224
I'm using the Group Policy Management console for all editing/modeling.  When I try to run a GP Result model via the GPMC, I get an access denied error message when I try to run it for my workstation.  If I try another machine, I am able to do so.  From the command line, I still get the same error message.

It makes me think there is a policy issue but I can't find a setting that would cause something like this; other than the ones I listed above and they seem to be set correctly for what I want to accomplish.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846329
permissions on the policy itself, is there any thing awkward in there?
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 2

Author Comment

by:ACCUmarc
ID: 17846354
I'm not sure.  I just started with this company about a month ago and group policy has been a thorn in my side since.  The previous network guys were complete morons and tore it to shreds.  The previous two network guys had a bunch of "great" ideas on security and, well, I've never seen a domain get so screwed up.

I can't find anything in the policy itself that would cause any major issues and I've never had any conflict before now.  I'm probably going to just rebuild group policy over night and import the new policies tomorrow.  I think that would be the best bet.  I'll try that and see if my problem resolves itself; unless you can think of something that might cause oddities such as this.

Something interesting I just tried.  I placed a block inheritance at the IT level and ran another gpupdate.  This time it took an excessive amount of time before refreshing the policy.  I also received an error message in the RSoP management console regarding WMI?  I've never had a problem with this before.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846403
interesting to see if the error is coming from your user or machine side of things - i am guessing the policy itself has something messed up in it, if you are now solely in charge of the network, then i would rebuild the policies as you see fit
0
 
LVL 20

Expert Comment

by:Lazarus
ID: 17846425
Remove your computer from the domain and then re-add it. It sounds like you have a corrupted machine account. It's easy to do and won't hurt to try.
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17846434
It seems to be working now.  I have no idea what I did either.  I restarted my machine again but now it's running the RSoP at demand.  I did add myself to the Group Policy Creator Owners group but I've restarted since then and forced an update of GP.  

I have no resolution for this issue.  It seems to have resolved itself.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846467
hmm very odd...i have no explanation for that
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17846473
I'll make some subtle changes over the next day or so and see if I can recreate the problem.  If I'm able to do so, I'll post what setting(s) it was and how to reverse it.

I really appreciate the assistance!


Marc
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17846552
cheers mate, good luck
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 17884118
Rebuilding Group Policy was the answer.  After totally recreating all policies I was able to solve the issue.  I can't locate any conflicting policies but I admit I may have overlooked something.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17885867
as long as all is well then :)
0
 

Expert Comment

by:bdabye
ID: 19156267
Hi guys

I have the same problem as ACCUmarc (I've inherited a network also). It seems I can't run gpresult or RSOP on domain controllers.  RSOP gives me an access denied message. GPresult gives me the bad login message.  I can run GPResult on workstations !?! .  I don't understand.  I am using the domain administrators account, and I removed and readded the domain administrator to the Group Policy Creator Owners group in the domain, as ACCUmarc suggested.    So if I understand ACCUmarc's comment, I need to recreate all my group policies ??
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 19157398
That's exactly what I did.  The Default Domain policy was butchered.  It was fragmented in so many policies that it was the quickest method.  I created a new policy at the domain policy and did it my way.  Magically everything worked after that.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19428964
PAQed with points refunded (250)

Computer101
EE Admin
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses
Course of the Month11 days, 7 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question