bootcampwithjess
asked on
network policy/connectivity error
I'm having a little difficulty getting group policys/network drives to apply correctly after changing the subnet on my network. We went from a Class C 255.255.255.0 to Class B 255.255.0.0 network to support more computers...
I've updated the firewall, router, NIC card on the server, switches, ran ipconfig /release /renew on all the computers and still the errors. I verified both computers are on the same subnet 255.255.0.0.
I'm running server 2008 and haven't made any other changes since this happened. I'll paste code of the dcdiag below. The error I'm getting while trying to perform gpupdate /force is
User policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed because of lack of network connectivity to
a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.
Computer policy could not be updated successfully. The following errors were enc
ountered:
The processing of Group Policy failed because of lack of network connectivity to
a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.
To diagnose the failure, review the event log or invoke gpmc.msc to access infor
mation about Group Policy results.
I'm pulling my hair out at this point because this doesn't make any sense. DNS is working fine across my network, I'm online and sending this message. :) DCDIAG looks fine... permissions on sysvol includes everyone read access...
BTW we have a sonicwall Tz210 we just installed monday as well...
I've updated the firewall, router, NIC card on the server, switches, ran ipconfig /release /renew on all the computers and still the errors. I verified both computers are on the same subnet 255.255.0.0.
I'm running server 2008 and haven't made any other changes since this happened. I'll paste code of the dcdiag below. The error I'm getting while trying to perform gpupdate /force is
User policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed because of lack of network connectivity to
a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.
Computer policy could not be updated successfully. The following errors were enc
ountered:
The processing of Group Policy failed because of lack of network connectivity to
a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.
To diagnose the failure, review the event log or invoke gpmc.msc to access infor
mation about Group Policy results.
I'm pulling my hair out at this point because this doesn't make any sense. DNS is working fine across my network, I'm online and sending this message. :) DCDIAG looks fine... permissions on sysvol includes everyone read access...
BTW we have a sonicwall Tz210 we just installed monday as well...
C:\Users\Administrator>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Renaissance
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\RENAISSANCE
Starting test: Connectivity
......................... RENAISSANCE passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\RENAISSANCE
Starting test: Advertising
......................... RENAISSANCE passed test Advertising
Starting test: FrsEvent
......................... RENAISSANCE passed test FrsEvent
Starting test: DFSREvent
......................... RENAISSANCE passed test DFSREvent
Starting test: SysVolCheck
......................... RENAISSANCE passed test SysVolCheck
Starting test: KccEvent
......................... RENAISSANCE passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... RENAISSANCE passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... RENAISSANCE passed test MachineAccount
Starting test: NCSecDesc
......................... RENAISSANCE passed test NCSecDesc
Starting test: NetLogons
......................... RENAISSANCE passed test NetLogons
Starting test: ObjectsReplicated
......................... RENAISSANCE passed test ObjectsReplicated
Starting test: Replications
......................... RENAISSANCE passed test Replications
Starting test: RidManager
......................... RENAISSANCE passed test RidManager
Starting test: Services
......................... RENAISSANCE passed test Services
Starting test: SystemLog
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 07/15/2009 16:36:28
Event String:
Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
......................... RENAISSANCE passed test SystemLog
Starting test: VerifyReferences
......................... RENAISSANCE passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : RA
Starting test: CheckSDRefDom
......................... RA passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... RA passed test CrossRefValidation
Running enterprise tests on : RA.local
Starting test: LocatorCheck
......................... RA.local passed test LocatorCheck
Starting test: Intersite
......................... RA.local passed test Intersite
C:\Users\Administrator>
Run NLTEST.EXE /DCLIST:RENAISSANCE. Verify that the names and IP addrs of all DCs are displayed, including the local one. If not check for DNS configuration errors (both client-side and server-side).
ASKER
While running it from the domain controller I get:
C:\Users\Administrator>NLT EST.EXE /DCLIST:Ra
Get list of DCs in domain 'Ra' from '\\RENAISSANCE'.
Renaissance.RA.local [PDC] [DS] Site: Default-First-Site-Name
The command completed successfully
There are no IP addresses anywhere...
C:\Users\Administrator>NLT
Get list of DCs in domain 'Ra' from '\\RENAISSANCE'.
Renaissance.RA.local [PDC] [DS] Site: Default-First-Site-Name
The command completed successfully
There are no IP addresses anywhere...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
duh bootcamp! I had 4.2.2.2 and 4.2.2.1 as the local DNS servers the DHCP scope was handing out. I changed them to 10.1.10.1 and wa-lah. Thank you for helping me though this!
Don't knock yourself - happens all the time. Glad you got it working!