Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

network policy/connectivity error

Posted on 2009-07-15
5
Medium Priority
?
1,654 Views
Last Modified: 2012-05-07
I'm having a little difficulty getting group policys/network drives to apply correctly after changing the subnet on my network. We went from a Class C 255.255.255.0 to Class B 255.255.0.0 network to support more computers...

I've updated the firewall, router, NIC card on the server, switches, ran ipconfig /release /renew on all the computers and still the errors. I verified both computers are on the same subnet 255.255.0.0.

I'm running server 2008 and haven't made any other changes since this happened. I'll paste code of the dcdiag below. The error I'm getting while trying to perform gpupdate /force is
User policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed because of lack of network connectivity to
 a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed because of lack of network connectivity to
 a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.

To diagnose the failure, review the event log or invoke gpmc.msc to access infor
mation about Group Policy results.

I'm pulling my hair out at this point because this doesn't make any sense. DNS is working fine across my network, I'm online and sending this message. :) DCDIAG looks fine... permissions on sysvol includes everyone read access...

BTW we have a sonicwall Tz210 we just installed monday as well...
C:\Users\Administrator>dcdiag
 
Directory Server Diagnosis
 
Performing initial setup:
   Trying to find home server...
   Home Server = Renaissance
   * Identified AD Forest.
   Done gathering initial info.
 
Doing initial required tests
 
   Testing server: Default-First-Site-Name\RENAISSANCE
      Starting test: Connectivity
         ......................... RENAISSANCE passed test Connectivity
 
Doing primary tests
 
   Testing server: Default-First-Site-Name\RENAISSANCE
      Starting test: Advertising
         ......................... RENAISSANCE passed test Advertising
      Starting test: FrsEvent
         ......................... RENAISSANCE passed test FrsEvent
      Starting test: DFSREvent
         ......................... RENAISSANCE passed test DFSREvent
      Starting test: SysVolCheck
         ......................... RENAISSANCE passed test SysVolCheck
      Starting test: KccEvent
         ......................... RENAISSANCE passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... RENAISSANCE passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... RENAISSANCE passed test MachineAccount
      Starting test: NCSecDesc
         ......................... RENAISSANCE passed test NCSecDesc
      Starting test: NetLogons
         ......................... RENAISSANCE passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... RENAISSANCE passed test ObjectsReplicated
      Starting test: Replications
         ......................... RENAISSANCE passed test Replications
      Starting test: RidManager
         ......................... RENAISSANCE passed test RidManager
      Starting test: Services
         ......................... RENAISSANCE passed test Services
      Starting test: SystemLog
         An Warning Event occurred.  EventID: 0x825A000C
            Time Generated: 07/15/2009   16:36:28
            Event String:
            Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
 reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
         ......................... RENAISSANCE passed test SystemLog
      Starting test: VerifyReferences
         ......................... RENAISSANCE passed test VerifyReferences
 
 
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
 
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
 
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
 
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
 
   Running partition tests on : RA
      Starting test: CheckSDRefDom
         ......................... RA passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... RA passed test CrossRefValidation
 
   Running enterprise tests on : RA.local
      Starting test: LocatorCheck
         ......................... RA.local passed test LocatorCheck
      Starting test: Intersite
         ......................... RA.local passed test Intersite
 
C:\Users\Administrator>

Open in new window

0
Comment
Question by:bootcampwithjess
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Gideon7
ID: 24865356
Run NLTEST.EXE /DCLIST:RENAISSANCE.  Verify that the names and IP addrs of all DCs are displayed, including the local one.   If not check for DNS configuration errors (both client-side and server-side).
0
 

Author Comment

by:bootcampwithjess
ID: 24865373
While running it from the domain controller I get:

C:\Users\Administrator>NLTEST.EXE /DCLIST:Ra
Get list of DCs in domain 'Ra' from '\\RENAISSANCE'.
    Renaissance.RA.local [PDC]  [DS] Site: Default-First-Site-Name
The command completed successfully

There are no IP addresses anywhere...
0
 
LVL 12

Accepted Solution

by:
Gideon7 earned 2000 total points
ID: 24865390
The error message "lack of connectivity to a domain controller" means exactly that - unable to reach a DC.  Is Renaissance.ra.local the only DC for the domain?  If not you need to investigate DNS for the remaining DC(s).
Otherwise verify connectivity to renaissance.ra.local.  Try ping renaissance.ra.local.  Does it respond with the correct IP address?  If so, try mounting a file share: NET USE X: \\renaissnace.ra.local\c$.   Basically work your way up the network stack until the connectivity problem is reached.
0
 

Author Comment

by:bootcampwithjess
ID: 24865419
duh bootcamp! I had 4.2.2.2 and 4.2.2.1 as the local DNS servers the DHCP scope was handing out. I changed them to 10.1.10.1 and wa-lah. Thank you for helping me though this!
0
 
LVL 12

Expert Comment

by:Gideon7
ID: 24865423
Don't knock yourself - happens all the time.   Glad you got it working!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question