?
Solved

network policy/connectivity error

Posted on 2009-07-15
5
Medium Priority
?
1,618 Views
Last Modified: 2012-05-07
I'm having a little difficulty getting group policys/network drives to apply correctly after changing the subnet on my network. We went from a Class C 255.255.255.0 to Class B 255.255.0.0 network to support more computers...

I've updated the firewall, router, NIC card on the server, switches, ran ipconfig /release /renew on all the computers and still the errors. I verified both computers are on the same subnet 255.255.0.0.

I'm running server 2008 and haven't made any other changes since this happened. I'll paste code of the dcdiag below. The error I'm getting while trying to perform gpupdate /force is
User policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed because of lack of network connectivity to
 a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed because of lack of network connectivity to
 a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.

To diagnose the failure, review the event log or invoke gpmc.msc to access infor
mation about Group Policy results.

I'm pulling my hair out at this point because this doesn't make any sense. DNS is working fine across my network, I'm online and sending this message. :) DCDIAG looks fine... permissions on sysvol includes everyone read access...

BTW we have a sonicwall Tz210 we just installed monday as well...
C:\Users\Administrator>dcdiag
 
Directory Server Diagnosis
 
Performing initial setup:
   Trying to find home server...
   Home Server = Renaissance
   * Identified AD Forest.
   Done gathering initial info.
 
Doing initial required tests
 
   Testing server: Default-First-Site-Name\RENAISSANCE
      Starting test: Connectivity
         ......................... RENAISSANCE passed test Connectivity
 
Doing primary tests
 
   Testing server: Default-First-Site-Name\RENAISSANCE
      Starting test: Advertising
         ......................... RENAISSANCE passed test Advertising
      Starting test: FrsEvent
         ......................... RENAISSANCE passed test FrsEvent
      Starting test: DFSREvent
         ......................... RENAISSANCE passed test DFSREvent
      Starting test: SysVolCheck
         ......................... RENAISSANCE passed test SysVolCheck
      Starting test: KccEvent
         ......................... RENAISSANCE passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... RENAISSANCE passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... RENAISSANCE passed test MachineAccount
      Starting test: NCSecDesc
         ......................... RENAISSANCE passed test NCSecDesc
      Starting test: NetLogons
         ......................... RENAISSANCE passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... RENAISSANCE passed test ObjectsReplicated
      Starting test: Replications
         ......................... RENAISSANCE passed test Replications
      Starting test: RidManager
         ......................... RENAISSANCE passed test RidManager
      Starting test: Services
         ......................... RENAISSANCE passed test Services
      Starting test: SystemLog
         An Warning Event occurred.  EventID: 0x825A000C
            Time Generated: 07/15/2009   16:36:28
            Event String:
            Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
 reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
         ......................... RENAISSANCE passed test SystemLog
      Starting test: VerifyReferences
         ......................... RENAISSANCE passed test VerifyReferences
 
 
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
 
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
 
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
 
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
 
   Running partition tests on : RA
      Starting test: CheckSDRefDom
         ......................... RA passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... RA passed test CrossRefValidation
 
   Running enterprise tests on : RA.local
      Starting test: LocatorCheck
         ......................... RA.local passed test LocatorCheck
      Starting test: Intersite
         ......................... RA.local passed test Intersite
 
C:\Users\Administrator>

Open in new window

0
Comment
Question by:bootcampwithjess
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Gideon7
ID: 24865356
Run NLTEST.EXE /DCLIST:RENAISSANCE.  Verify that the names and IP addrs of all DCs are displayed, including the local one.   If not check for DNS configuration errors (both client-side and server-side).
0
 

Author Comment

by:bootcampwithjess
ID: 24865373
While running it from the domain controller I get:

C:\Users\Administrator>NLTEST.EXE /DCLIST:Ra
Get list of DCs in domain 'Ra' from '\\RENAISSANCE'.
    Renaissance.RA.local [PDC]  [DS] Site: Default-First-Site-Name
The command completed successfully

There are no IP addresses anywhere...
0
 
LVL 12

Accepted Solution

by:
Gideon7 earned 2000 total points
ID: 24865390
The error message "lack of connectivity to a domain controller" means exactly that - unable to reach a DC.  Is Renaissance.ra.local the only DC for the domain?  If not you need to investigate DNS for the remaining DC(s).
Otherwise verify connectivity to renaissance.ra.local.  Try ping renaissance.ra.local.  Does it respond with the correct IP address?  If so, try mounting a file share: NET USE X: \\renaissnace.ra.local\c$.   Basically work your way up the network stack until the connectivity problem is reached.
0
 

Author Comment

by:bootcampwithjess
ID: 24865419
duh bootcamp! I had 4.2.2.2 and 4.2.2.1 as the local DNS servers the DHCP scope was handing out. I changed them to 10.1.10.1 and wa-lah. Thank you for helping me though this!
0
 
LVL 12

Expert Comment

by:Gideon7
ID: 24865423
Don't knock yourself - happens all the time.   Glad you got it working!
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Here's a look at newsworthy articles and community happenings during the last month.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question