troubleshooting Question

server in dmz is not applying GPO

Avatar of Irwin W.
Irwin W.Flag for Canada asked on
Active Directory
3 Comments1 Solution2029 ViewsLast Modified:
I have a small citrix farm in my org. The farm has been placed into our DMZ. Right or wrong, this decision was made by our regional firewall admin and is not up for discussion.

Holes have been poked in the firewall to allow specific communications to servers on the corp LAN for f&p, dns and most AD communications. Everything appears to be working fine till you logon as a user and the GPO applied does not apply.

In my troubleshooting, running rsop.msc from the Windows server in the dmz fails and cannot read the GPO from the DC.

Running the group policy results wizard through my dsa.mmc fails and returns the message "rpc server is unavailable".

These two things tell me that the firewall is not allowing some kind of communication to pass.

My firewall admin says all ports are opened.

In further troubleshooting, I noticed that sometimes when I run rsop.msc from the server in the dmz, it does not use our local dc but tries to read from a dc on a whole different subnet in our wan network. The firewall appears to be dropping this communication and only allowing the local DC to communicate with the dmz.  
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 3 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros