Solved

network policy/connectivity error

Posted on 2009-07-15
5
1,598 Views
Last Modified: 2012-05-07
I'm having a little difficulty getting group policys/network drives to apply correctly after changing the subnet on my network. We went from a Class C 255.255.255.0 to Class B 255.255.0.0 network to support more computers...

I've updated the firewall, router, NIC card on the server, switches, ran ipconfig /release /renew on all the computers and still the errors. I verified both computers are on the same subnet 255.255.0.0.

I'm running server 2008 and haven't made any other changes since this happened. I'll paste code of the dcdiag below. The error I'm getting while trying to perform gpupdate /force is
User policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed because of lack of network connectivity to
 a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed because of lack of network connectivity to
 a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.

To diagnose the failure, review the event log or invoke gpmc.msc to access infor
mation about Group Policy results.

I'm pulling my hair out at this point because this doesn't make any sense. DNS is working fine across my network, I'm online and sending this message. :) DCDIAG looks fine... permissions on sysvol includes everyone read access...

BTW we have a sonicwall Tz210 we just installed monday as well...
C:\Users\Administrator>dcdiag
 
Directory Server Diagnosis
 
Performing initial setup:
   Trying to find home server...
   Home Server = Renaissance
   * Identified AD Forest.
   Done gathering initial info.
 
Doing initial required tests
 
   Testing server: Default-First-Site-Name\RENAISSANCE
      Starting test: Connectivity
         ......................... RENAISSANCE passed test Connectivity
 
Doing primary tests
 
   Testing server: Default-First-Site-Name\RENAISSANCE
      Starting test: Advertising
         ......................... RENAISSANCE passed test Advertising
      Starting test: FrsEvent
         ......................... RENAISSANCE passed test FrsEvent
      Starting test: DFSREvent
         ......................... RENAISSANCE passed test DFSREvent
      Starting test: SysVolCheck
         ......................... RENAISSANCE passed test SysVolCheck
      Starting test: KccEvent
         ......................... RENAISSANCE passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... RENAISSANCE passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... RENAISSANCE passed test MachineAccount
      Starting test: NCSecDesc
         ......................... RENAISSANCE passed test NCSecDesc
      Starting test: NetLogons
         ......................... RENAISSANCE passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... RENAISSANCE passed test ObjectsReplicated
      Starting test: Replications
         ......................... RENAISSANCE passed test Replications
      Starting test: RidManager
         ......................... RENAISSANCE passed test RidManager
      Starting test: Services
         ......................... RENAISSANCE passed test Services
      Starting test: SystemLog
         An Warning Event occurred.  EventID: 0x825A000C
            Time Generated: 07/15/2009   16:36:28
            Event String:
            Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
 reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
         ......................... RENAISSANCE passed test SystemLog
      Starting test: VerifyReferences
         ......................... RENAISSANCE passed test VerifyReferences
 
 
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
 
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
 
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
 
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
 
   Running partition tests on : RA
      Starting test: CheckSDRefDom
         ......................... RA passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... RA passed test CrossRefValidation
 
   Running enterprise tests on : RA.local
      Starting test: LocatorCheck
         ......................... RA.local passed test LocatorCheck
      Starting test: Intersite
         ......................... RA.local passed test Intersite
 
C:\Users\Administrator>

Open in new window

0
Comment
Question by:bootcampwithjess
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Gideon7
ID: 24865356
Run NLTEST.EXE /DCLIST:RENAISSANCE.  Verify that the names and IP addrs of all DCs are displayed, including the local one.   If not check for DNS configuration errors (both client-side and server-side).
0
 

Author Comment

by:bootcampwithjess
ID: 24865373
While running it from the domain controller I get:

C:\Users\Administrator>NLTEST.EXE /DCLIST:Ra
Get list of DCs in domain 'Ra' from '\\RENAISSANCE'.
    Renaissance.RA.local [PDC]  [DS] Site: Default-First-Site-Name
The command completed successfully

There are no IP addresses anywhere...
0
 
LVL 12

Accepted Solution

by:
Gideon7 earned 500 total points
ID: 24865390
The error message "lack of connectivity to a domain controller" means exactly that - unable to reach a DC.  Is Renaissance.ra.local the only DC for the domain?  If not you need to investigate DNS for the remaining DC(s).
Otherwise verify connectivity to renaissance.ra.local.  Try ping renaissance.ra.local.  Does it respond with the correct IP address?  If so, try mounting a file share: NET USE X: \\renaissnace.ra.local\c$.   Basically work your way up the network stack until the connectivity problem is reached.
0
 

Author Comment

by:bootcampwithjess
ID: 24865419
duh bootcamp! I had 4.2.2.2 and 4.2.2.1 as the local DNS servers the DHCP scope was handing out. I changed them to 10.1.10.1 and wa-lah. Thank you for helping me though this!
0
 
LVL 12

Expert Comment

by:Gideon7
ID: 24865423
Don't knock yourself - happens all the time.   Glad you got it working!
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question