Solved

computer not receiving group policies

Posted on 2010-08-26
7
779 Views
Last Modified: 2013-12-04
I have a windows 2003 domain with workstations all running windows xp SP3. One of these workstations I recently took off of the domain. When I did so, I did NOT delete the computer accound from Active directory. Shortly afterward, I added it back to the domain with the same computer name. Ever since then, it has not been receiving computer group policy settings. When I do an RSOP, I get a red X on computer configuration with an error stating that group policy infrastructure failed to the error listed below: Access denied. I took the computer back off the domain, deleted the computer account from AD, and re-added it. The computer account appeared back in AD, but the problem still exists. I'm guessing permissions for this computer account got broke somewhere, but I don't know where to go to fix it. I'm hoping someone could lend me some insight. Thank you.
0
Comment
Question by:rsturtevant
  • 3
  • 3
7 Comments
 
LVL 8

Accepted Solution

by:
ZombieAutopsy earned 250 total points
Comment Utility
Can you add a static DNS entry, i seen tha being an issue once in a while. Also are there any other errors in the event log of the pc that is not pulling the GPO.
0
 

Author Comment

by:rsturtevant
Comment Utility
There was a DNS record already there for the machine. I deleted it and manually added a new one. I did a gpupdate with a force. That did not reboot the computer, which tells me it still wasn't getting the computer configuration. I manually rebooted, and got the same error in RSOP.

There are a couple of events in the event log. They are both Userenv errors. One is event 1058 and states the following:

Description:
Windows cannot access the file gpt.ini for GPO cn={76E4A539-C0E0-4A2A-90DB-B0D68489BB2A},cn=policies,cn=system,DC=domain,DC=domain,DC=org. The file must be present at the location <\\domain.domain.org\SysVol\domain.domain.org\Policies\{76E4A539-C0E0-4A2A-90DB-B0D68489BB2A}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The other is event 1030 and states the following:

Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I replaced the name of our actual domain in those descriptions.

0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
see if you have those 1030 and 1058 events on the other servers. This may be a domain problem, not a single workstation problem.

Diagnosing and fixing events 1030 and 1058:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_1073-Diagnosing-and-repairing-Events-1030-and-1058.html
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:rsturtevant
Comment Utility
This doesn't seem to be a server issue. It's only happeneing on this one workstation, and only since I removed it from the domain and re-added it. I don't see any abnormal events on the domain controller itself. Permissions on the Sysvol folder are correct.  I'm thinking that I should just try removing the workstation from the domain, re-naming it, and then adding it back to see what happens.
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 250 total points
Comment Utility
The article states that Group policies are saved on the domain controller, replicated to all other DCs on that domain, and then passed out to the clients using netbios....

Since this ONE client is not getting Group policy, it appears that ONE client is having netbios problems.

Windows firewall will prevent netbios to the client unless specifically told not to. You can make an exception to """"""FILE and PRINT sharing""""""" on the firewall for the client. File and print sharing are the SMB and NETBIOS ports used to file and print share. Those would be:

NETBIOS:
Port 137 WINS and Netbios TCP
Port 138 Netbios datagram port UDP
Port 139 Netbios datagram port UDP

SMB: (Server Message Block)
Port 137 WINS Netbios port
Port 445 Server message Block port UDP

Bottom line:
1) Go to the NIC card TCP/IP properties>>WINS tab and make sure Netbios over TCP/IP is activated.
2) Go to START>>RUN>> and type services.msc to make sure the ((browser service, Workstation service are both working)
3) Make sure your firewall is not blocking the ports listed above.


When all the stars and planets are aligned, then go to the command prompt and type:
GPUPDATE /force
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
If all the above fails. Try this:
1) NBTSTAT -RR  (this refreshes the netbios cache)
0
 

Author Closing Comment

by:rsturtevant
Comment Utility
I just took the computer off the domain and re-named it. That seemed to solve the issue. Thanks for everyone's time
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now