Solved

network policy/connectivity error

Posted on 2009-07-15
5
1,531 Views
Last Modified: 2012-05-07
I'm having a little difficulty getting group policys/network drives to apply correctly after changing the subnet on my network. We went from a Class C 255.255.255.0 to Class B 255.255.0.0 network to support more computers...

I've updated the firewall, router, NIC card on the server, switches, ran ipconfig /release /renew on all the computers and still the errors. I verified both computers are on the same subnet 255.255.0.0.

I'm running server 2008 and haven't made any other changes since this happened. I'll paste code of the dcdiag below. The error I'm getting while trying to perform gpupdate /force is
User policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed because of lack of network connectivity to
 a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed because of lack of network connectivity to
 a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.

To diagnose the failure, review the event log or invoke gpmc.msc to access infor
mation about Group Policy results.

I'm pulling my hair out at this point because this doesn't make any sense. DNS is working fine across my network, I'm online and sending this message. :) DCDIAG looks fine... permissions on sysvol includes everyone read access...

BTW we have a sonicwall Tz210 we just installed monday as well...
C:\Users\Administrator>dcdiag

 

Directory Server Diagnosis

 

Performing initial setup:

   Trying to find home server...

   Home Server = Renaissance

   * Identified AD Forest.

   Done gathering initial info.

 

Doing initial required tests

 

   Testing server: Default-First-Site-Name\RENAISSANCE

      Starting test: Connectivity

         ......................... RENAISSANCE passed test Connectivity

 

Doing primary tests

 

   Testing server: Default-First-Site-Name\RENAISSANCE

      Starting test: Advertising

         ......................... RENAISSANCE passed test Advertising

      Starting test: FrsEvent

         ......................... RENAISSANCE passed test FrsEvent

      Starting test: DFSREvent

         ......................... RENAISSANCE passed test DFSREvent

      Starting test: SysVolCheck

         ......................... RENAISSANCE passed test SysVolCheck

      Starting test: KccEvent

         ......................... RENAISSANCE passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... RENAISSANCE passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... RENAISSANCE passed test MachineAccount

      Starting test: NCSecDesc

         ......................... RENAISSANCE passed test NCSecDesc

      Starting test: NetLogons

         ......................... RENAISSANCE passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... RENAISSANCE passed test ObjectsReplicated

      Starting test: Replications

         ......................... RENAISSANCE passed test Replications

      Starting test: RidManager

         ......................... RENAISSANCE passed test RidManager

      Starting test: Services

         ......................... RENAISSANCE passed test Services

      Starting test: SystemLog

         An Warning Event occurred.  EventID: 0x825A000C

            Time Generated: 07/15/2009   16:36:28

            Event String:

            Time Provider NtpClient: This machine is configured to use the domai

n hierarchy to determine its time source, but it is the AD PDC emulator for the

domain at the root of the forest, so there is no machine above it in the domain

hierarchy to use as a time source. It is recommended that you either configure a

 reliable time service in the root domain, or manually configure the AD PDC to s

ynchronize with an external time source. Otherwise, this machine will function a

s the authoritative time source in the domain hierarchy. If an external time sou

rce is not configured or used for this computer, you may choose to disable the N

tpClient.

         ......................... RENAISSANCE passed test SystemLog

      Starting test: VerifyReferences

         ......................... RENAISSANCE passed test VerifyReferences

 

 

   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

 

   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

 

   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

 

   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

 

   Running partition tests on : RA

      Starting test: CheckSDRefDom

         ......................... RA passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... RA passed test CrossRefValidation

 

   Running enterprise tests on : RA.local

      Starting test: LocatorCheck

         ......................... RA.local passed test LocatorCheck

      Starting test: Intersite

         ......................... RA.local passed test Intersite

 

C:\Users\Administrator>

Open in new window

0
Comment
Question by:bootcampwithjess
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Gideon7
ID: 24865356
Run NLTEST.EXE /DCLIST:RENAISSANCE.  Verify that the names and IP addrs of all DCs are displayed, including the local one.   If not check for DNS configuration errors (both client-side and server-side).
0
 

Author Comment

by:bootcampwithjess
ID: 24865373
While running it from the domain controller I get:

C:\Users\Administrator>NLTEST.EXE /DCLIST:Ra
Get list of DCs in domain 'Ra' from '\\RENAISSANCE'.
    Renaissance.RA.local [PDC]  [DS] Site: Default-First-Site-Name
The command completed successfully

There are no IP addresses anywhere...
0
 
LVL 12

Accepted Solution

by:
Gideon7 earned 500 total points
ID: 24865390
The error message "lack of connectivity to a domain controller" means exactly that - unable to reach a DC.  Is Renaissance.ra.local the only DC for the domain?  If not you need to investigate DNS for the remaining DC(s).
Otherwise verify connectivity to renaissance.ra.local.  Try ping renaissance.ra.local.  Does it respond with the correct IP address?  If so, try mounting a file share: NET USE X: \\renaissnace.ra.local\c$.   Basically work your way up the network stack until the connectivity problem is reached.
0
 

Author Comment

by:bootcampwithjess
ID: 24865419
duh bootcamp! I had 4.2.2.2 and 4.2.2.1 as the local DNS servers the DHCP scope was handing out. I changed them to 10.1.10.1 and wa-lah. Thank you for helping me though this!
0
 
LVL 12

Expert Comment

by:Gideon7
ID: 24865423
Don't knock yourself - happens all the time.   Glad you got it working!
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Synchronize a new Active Directory domain with an existing Office 365 tenant
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now