Solved

Group Policy in server 2003 ent edition

Posted on 2008-06-09
26
250 Views
Last Modified: 2011-10-19
Hello all
I am running server 2003 ent edition.  I made a group policy to deploy '.msi' software package to my client machines for which I made 2 test machines.  The very first loging both got the software without problem.  So I put another package of '.msi' to be installed.  I uninstalled the previous package from both machines and rebooted both, this time it did't install anything at all.  I wonder why?
Here is what I did:
-Made another group policy to deploy under AD, OU properties, group policy, edit, computer config, software settings, software installation, made another package by directing the path of '.msi' file and under modifications directed the path for '.mst'. The package comes up with the yellow lock sign?
Everytime I restart the machines the package is NOT installed anymore, Help plz
0
Comment
Question by:amanzoor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 16
  • 9
26 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 21746777
1) Is this hte same software ?

2) Did you uninstall via GPO also ?


I hope this helps !
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21747349
Did you right click the new package and select Re-Deploy?

0
 
LVL 4

Author Comment

by:amanzoor
ID: 21748097
Sysexpert:
Yes its the same 'msi' image, no i uninstall it from the client machine.
Netman:
Yes I tried re deploy, it had NO effect, even though I restarted the client machines many times.
Help plz
0
Don't Miss ATEN at InfoComm 2017!

Visit booth #2167 to see the  new ATEN VM3200 32 x 32 Modular Matrix Switch. Other highlights include the VE8950 4K HDMI Over IP Extender, VS1912 12-Port DP Video Wall Media Player  and VK2100 ATEN Control System. Register now with Free Pass Code ATEN288!

 
LVL 51

Expert Comment

by:Netman66
ID: 21748595
Did you delete the original source and/or Software Package?

0
 
LVL 4

Author Comment

by:amanzoor
ID: 21752989
Netman66:
No I did not delete the original source, its still there.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21753508
So basically, all you did was manually remove the installation from the client?

Your original source, original Software Installation policy and new source, mst and Software Installation policy are still there?

If you run a gpresult, are you seeing this policy on the client?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21759541
Netman66:
If I run gpresult under applied group policy objects I can clearly see the 'software installation policy' (in my specific case I named it 'testwithpackageinstall)  as well as the 'Default Domain Policy'.
Help plz
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21759751
mygp
gp.JPG
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21759809
gpresult
gpresult.JPG
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21759991
ok I removed my policy of software installation, rebooted the client machine and checked gpresult again
under applied group policy objects:
I can see
testwithpackageinstall
Default domain policy
Something is NOT being refreshed and my client machine still see the software installation policy.
Help
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21760693
On the Default Domain Policy, I want you to set this option:

Computer Configuration>Administrative Templates>System>Logon:

Always wait for network at computer startup and logon = ENABLED.

Reboot each client workstation at least twice.

Let me know if your policy is now gone.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21760696
I would also like to know how many DCs you have in this location.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21762421
Netman66
I have 2 domain controllers at my location and one at another (in another city).
I am doing the points in the default domain policy right now and let you know. shortly.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21762447
Kool: the software installation policy is GONE.  Now what needs to be done?
Help
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21762585
Create a new Policy linked to a test OU.
In Software Installation, create a new package for the new Office source with the MST present.
Deploy it.
Drop a test computer into that OU and reboot it.

Don't concern yourself with the installed base yet.  Test it on a PC to be sure it deploys.

Once we know it deploys, the next problem lies in what is already installed.  With luck, this MST or MSP is simply a Service pack so deploying it on top of a current install likely won't show any ill effects.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21762794
I made a new software installation policy.  Rebooted the clients a couple of times but no software is intstalled.  gpresult shows now only 'Default domain policy'.  Help plz
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21762815
Where is it linked?

You might also have replication problems between DCs.  It sounds like the DC that the clients are using does not yet have the policy from the server you created it on.

Check SYSVOL on each DC - are they consistent?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21763040
gpresult shows that the policy is coming from serv07 which is located on our other site.  I have made software installation packages on serv01 which is at our location.  Sysvol seems like fine and the contents in the sysvol are exactly the same.  How can I check the consistency in Sysvol?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 21763240
If the client has picked up policy from an offsite server then you have a problem in AD Sites and Services.

In AD Sites and Services you'll have a Default-First-Name-Site.  Rename this to whatever you want to represent the MAIN site (the forest root site).
Create a new subnet that represents the IP subnet of this MAIN site and associate it to the MAIN site.
Create a new Site that represents your remote site.
Create and associate the IP subnet to this new Remote site.
Inside each site, make sure the servers that actually reside on the correct subnet are located there.  I'm going to assume you haven't set up Sites so your remote server will likely be in the Default-First-Site-Name and will need to be moved (within AD Sites and Services) to the new remote site you just created.

Sites are important in that they tell the client workstations which DC to authenticate to as well as where to get their policies.  It looks like your clients get the policy from the wrong server and because it's on a "slow link" it won't process it.

0
 
LVL 4

Author Comment

by:amanzoor
ID: 21763286
Netman66:
I am just going to do it.  One more thing under gpresult:
under computer setttings, group policy was applied from serv07
group policy slow link threshold: 500kbps.............is this effecting? or it is default?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21763302
Also if I open any AD icon it opens from serv07.  
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21763443
Here is my sites and services I am not sure on how to make:
****Create a new subnet that represents the IP subnet of this MAIN site and associate it to the MAIN site.
****Create a new Site that represents your remote site.
****Create and associate the IP subnet to this new Remote site.
****Inside each site, make sure the servers that actually reside on the correct subnet are located there.  I'm going to assume you haven't set up Sites so your remote server will likely be in the Default-First-Site-Name and will need to be moved (within AD Sites and Services) to the new remote site you just created.
Help plz


sites-and-services.JPG
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21763781
Do you have remote access?  You can email me at my alias here at gmail.  This is easier to do than to describe.

Otherwise, let me know.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21763800
Moreover netdiag /fix shows me the old Domain name.  I had renamed my domain 4years of ago, seems like that name is still haunting our DNS.  Help:
DNS test . . . . . . . . . . . . . : Failed
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.oldDOmainname.com. re-registeration on
DNS server '10.10.10.3' failed.
DNS Error code: ERROR_TIMEOUT (Dns server may be down.)
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.oldDOmain.com. re-registeration on DNS server '10.10.10.3' failed.
DNS Error code: ERROR_TIMEOUT (Dns server may be down.)
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.oldDOmain.com. re-registe
ration on DNS server '10.10.10.3' failed.
DNS Error code: ERROR_TIMEOUT (Dns server may be down.)
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.OldDOmain.com. re-registeration on DNS server '10.10.10.3' failed.
DNS Error code: ERROR_TIMEOUT (Dns server may be down.)
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.93d20a43-afc9-41f2-b9e6-2ced1
ce79c41.domains._msdcs.OLdDOmain.com. re-registeration on DNS server '10.10.10.3' fail
ed.
DNS Error code: ERROR_TIMEOUT (Dns server may be down.)
    [FATAL] Failed to fix: DC DNS entry 033d9a08-a06a-488a-a2ee-2bc123d87f72._ms
dcs.OldDOmain.com. re-registeration on DNS server '10.10.10.3' failed.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21763853
Sure, I cannot find your gmail link?
0
 
LVL 4

Author Closing Comment

by:amanzoor
ID: 31465550
Thanks for your time.  I really appreciate it.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question