Solved

Group Policy in server 2003 ent edition

Posted on 2008-06-09
26
235 Views
Last Modified: 2011-10-19
Hello all
I am running server 2003 ent edition.  I made a group policy to deploy '.msi' software package to my client machines for which I made 2 test machines.  The very first loging both got the software without problem.  So I put another package of '.msi' to be installed.  I uninstalled the previous package from both machines and rebooted both, this time it did't install anything at all.  I wonder why?
Here is what I did:
-Made another group policy to deploy under AD, OU properties, group policy, edit, computer config, software settings, software installation, made another package by directing the path of '.msi' file and under modifications directed the path for '.mst'. The package comes up with the yellow lock sign?
Everytime I restart the machines the package is NOT installed anymore, Help plz
0
Comment
Question by:amanzoor
  • 16
  • 9
26 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 21746777
1) Is this hte same software ?

2) Did you uninstall via GPO also ?


I hope this helps !
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21747349
Did you right click the new package and select Re-Deploy?

0
 
LVL 4

Author Comment

by:amanzoor
ID: 21748097
Sysexpert:
Yes its the same 'msi' image, no i uninstall it from the client machine.
Netman:
Yes I tried re deploy, it had NO effect, even though I restarted the client machines many times.
Help plz
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21748595
Did you delete the original source and/or Software Package?

0
 
LVL 4

Author Comment

by:amanzoor
ID: 21752989
Netman66:
No I did not delete the original source, its still there.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21753508
So basically, all you did was manually remove the installation from the client?

Your original source, original Software Installation policy and new source, mst and Software Installation policy are still there?

If you run a gpresult, are you seeing this policy on the client?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21759541
Netman66:
If I run gpresult under applied group policy objects I can clearly see the 'software installation policy' (in my specific case I named it 'testwithpackageinstall)  as well as the 'Default Domain Policy'.
Help plz
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21759751
mygp
gp.JPG
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21759809
gpresult
gpresult.JPG
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21759991
ok I removed my policy of software installation, rebooted the client machine and checked gpresult again
under applied group policy objects:
I can see
testwithpackageinstall
Default domain policy
Something is NOT being refreshed and my client machine still see the software installation policy.
Help
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21760693
On the Default Domain Policy, I want you to set this option:

Computer Configuration>Administrative Templates>System>Logon:

Always wait for network at computer startup and logon = ENABLED.

Reboot each client workstation at least twice.

Let me know if your policy is now gone.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21760696
I would also like to know how many DCs you have in this location.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21762421
Netman66
I have 2 domain controllers at my location and one at another (in another city).
I am doing the points in the default domain policy right now and let you know. shortly.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21762447
Kool: the software installation policy is GONE.  Now what needs to be done?
Help
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21762585
Create a new Policy linked to a test OU.
In Software Installation, create a new package for the new Office source with the MST present.
Deploy it.
Drop a test computer into that OU and reboot it.

Don't concern yourself with the installed base yet.  Test it on a PC to be sure it deploys.

Once we know it deploys, the next problem lies in what is already installed.  With luck, this MST or MSP is simply a Service pack so deploying it on top of a current install likely won't show any ill effects.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21762794
I made a new software installation policy.  Rebooted the clients a couple of times but no software is intstalled.  gpresult shows now only 'Default domain policy'.  Help plz
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21762815
Where is it linked?

You might also have replication problems between DCs.  It sounds like the DC that the clients are using does not yet have the policy from the server you created it on.

Check SYSVOL on each DC - are they consistent?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21763040
gpresult shows that the policy is coming from serv07 which is located on our other site.  I have made software installation packages on serv01 which is at our location.  Sysvol seems like fine and the contents in the sysvol are exactly the same.  How can I check the consistency in Sysvol?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 21763240
If the client has picked up policy from an offsite server then you have a problem in AD Sites and Services.

In AD Sites and Services you'll have a Default-First-Name-Site.  Rename this to whatever you want to represent the MAIN site (the forest root site).
Create a new subnet that represents the IP subnet of this MAIN site and associate it to the MAIN site.
Create a new Site that represents your remote site.
Create and associate the IP subnet to this new Remote site.
Inside each site, make sure the servers that actually reside on the correct subnet are located there.  I'm going to assume you haven't set up Sites so your remote server will likely be in the Default-First-Site-Name and will need to be moved (within AD Sites and Services) to the new remote site you just created.

Sites are important in that they tell the client workstations which DC to authenticate to as well as where to get their policies.  It looks like your clients get the policy from the wrong server and because it's on a "slow link" it won't process it.

0
 
LVL 4

Author Comment

by:amanzoor
ID: 21763286
Netman66:
I am just going to do it.  One more thing under gpresult:
under computer setttings, group policy was applied from serv07
group policy slow link threshold: 500kbps.............is this effecting? or it is default?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21763302
Also if I open any AD icon it opens from serv07.  
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21763443
Here is my sites and services I am not sure on how to make:
****Create a new subnet that represents the IP subnet of this MAIN site and associate it to the MAIN site.
****Create a new Site that represents your remote site.
****Create and associate the IP subnet to this new Remote site.
****Inside each site, make sure the servers that actually reside on the correct subnet are located there.  I'm going to assume you haven't set up Sites so your remote server will likely be in the Default-First-Site-Name and will need to be moved (within AD Sites and Services) to the new remote site you just created.
Help plz


sites-and-services.JPG
0
 
LVL 51

Expert Comment

by:Netman66
ID: 21763781
Do you have remote access?  You can email me at my alias here at gmail.  This is easier to do than to describe.

Otherwise, let me know.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21763800
Moreover netdiag /fix shows me the old Domain name.  I had renamed my domain 4years of ago, seems like that name is still haunting our DNS.  Help:
DNS test . . . . . . . . . . . . . : Failed
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.oldDOmainname.com. re-registeration on
DNS server '10.10.10.3' failed.
DNS Error code: ERROR_TIMEOUT (Dns server may be down.)
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.oldDOmain.com. re-registeration on DNS server '10.10.10.3' failed.
DNS Error code: ERROR_TIMEOUT (Dns server may be down.)
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.oldDOmain.com. re-registe
ration on DNS server '10.10.10.3' failed.
DNS Error code: ERROR_TIMEOUT (Dns server may be down.)
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.OldDOmain.com. re-registeration on DNS server '10.10.10.3' failed.
DNS Error code: ERROR_TIMEOUT (Dns server may be down.)
    [FATAL] Failed to fix: DC DNS entry _ldap._tcp.93d20a43-afc9-41f2-b9e6-2ced1
ce79c41.domains._msdcs.OLdDOmain.com. re-registeration on DNS server '10.10.10.3' fail
ed.
DNS Error code: ERROR_TIMEOUT (Dns server may be down.)
    [FATAL] Failed to fix: DC DNS entry 033d9a08-a06a-488a-a2ee-2bc123d87f72._ms
dcs.OldDOmain.com. re-registeration on DNS server '10.10.10.3' failed.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 21763853
Sure, I cannot find your gmail link?
0
 
LVL 4

Author Closing Comment

by:amanzoor
ID: 31465550
Thanks for your time.  I really appreciate it.
0

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now