GPO access denied.

You need to first go through the logs on those DCs and also run dcdiag and see what sort of errors you are getting on those DCs that are having this problem.
So all you did was just promote a new box and nothing else?
Thanks
Mike

      Starting test: NetLogons
         [EXCHANGE] An net use or LsaPolicy operation failed with error 5, Acces
s is denied..
         ......................... SERVER failed test NetLogons
     
      Starting test: MachineAccount
         Could not open pipe with [SERVER]:failed with 5: Access is denied.
         Could not get NetBIOSDomainName
         Failed can not test for HOST SPN
         Failed can not test for HOST SPN
         * Missing SPN :(null)
         * Missing SPN :(null)
         ......................... SERVER failed test MachineAccount
      Starting test: Services
         Could not open Remote ipc to [SERVER]:failed with 5: Access is denied
.
         ......................... SERVER failed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER passed test ObjectsReplicated
      Starting test: frssysvol
         [SERVER ] An net use or LsaPolicy operation failed with error 5, Acces
s is denied..
         ......................... SERVER failed test frssysvol
      Starting test: frsevent
         ......................... SERVER failed test frsevent
      Starting test: kccevent
         Failed to enumerate event log records, error Access is denied.
         ......................... SERVER failed test kccevent
      Starting test: systemlog
         Failed to enumerate event log records, error Access is denied.
         ......................... SERVER failed test systemlog

DCDiag show these errors.
I add the server to domain. (not as ADC yet) then I start having problem.  so I tried to add new server as ADC. the new server added OK to the domain but I still having the same problem.