?
Solved

Group Policy Wins 2008 Standard

Posted on 2010-11-30
9
Medium Priority
?
570 Views
Last Modified: 2013-12-06
I have a windows 2008 Server which is the sole domain controller on the network. There was  formerly an old 2003 SBS server on site. I added the 2008 server and promoted it as a DC, transferred the roles and then demoted the SBS 2003 server.

All seemed fine until i went to create a group policy to enforce password complexity. The policies from the SBS server came across during the migration.I cleared the "Link Enabled" option for all the SBS policies and the only one  i left at a domain level was "Default Domain Policy". When i run a gpupdate /force from any client i get the following error;

C:\Users\cchambers>gpupdate /force
Updating Policy...

User policy could not be updated successfully. The following errors were encount
ered:

The processing of Group Policy failed. Windows attempted to read the file \\dcsb
sdomain.local\SysVol\dcsbsdomain.local\Policies\{B875C2CC-6E14-42CD-A825-78EEC05
EF822}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed. Windows attempted to read the file \\dcsb
sdomain.local\SysVol\dcsbsdomain.local\Policies\{B875C2CC-6E14-42CD-A825-78EEC05
EF822}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.

If i clear the "Link Enabled" option for the "Default domain policy" and run the Gpupdate /force i don't get any errors. But if i create a brand new GPO and link that to the domain i still get an error message similar to the one above when i run Gpupdate /force. So at the moment i can no longer get any GPO to run. Has anyone any suggestions

0
Comment
Question by:gerpaqit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34240963
0
 

Author Comment

by:gerpaqit
ID: 34242343
The SBS 2003 server has already been successfully demoted. The issue is with me being unable to create any GPO's. I assume the issue has been caused by the SBS policies that migrated when i promoted the 2008 server.
any other suggestions on how i can resolve this?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34243022
Run dcdiag post
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Author Comment

by:gerpaqit
ID: 34250433
I have disabled all GPO's except password complexity and get this when i run a dcdiag

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
C:\Users\administrator.DCSBSDOMAIN>dcdiag
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = Server08
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site-Name\SERVER08
      Starting test: Connectivity
         ......................... SERVER08 passed test Connectivity
Doing primary tests
   Testing server: Default-First-Site-Name\SERVER08
      Starting test: Advertising
         ......................... SERVER08 passed test Advertising
      Starting test: FrsEvent
         ......................... SERVER08 passed test FrsEvent
      Starting test: DFSREvent
         ......................... SERVER08 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... SERVER08 passed test SysVolCheck
      Starting test: KccEvent
         ......................... SERVER08 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... SERVER08 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... SERVER08 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=dcsbsdomain,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=dcsbsdomain,DC=local
         ......................... SERVER08 failed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER08 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... SERVER08 passed test ObjectsReplicated
      Starting test: Replications
         ......................... SERVER08 passed test Replications
      Starting test: RidManager
         ......................... SERVER08 passed test RidManager
      Starting test: Services
         ......................... SERVER08 passed test Services
      Starting test: SystemLog
         A warning event occurred.  EventID: 0x00000458
            Time Generated: 12/01/2010   17:06:21
            Event String:
            The Group Policy Client Side Extension Folder Redirection was unable
 to apply one or more settings because the changes must be processed before syst
em startup or user logon. The system will wait for Group Policy processing to fi
nish completely before the next startup or logon for this user, and this may res
ult in slow startup and boot performance.
         ......................... SERVER08 passed test SystemLog
      Starting test: VerifyReferences
         ......................... SERVER08 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
   Running partition tests on : dcsbsdomain
      Starting test: CheckSDRefDom
         ......................... dcsbsdomain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... dcsbsdomain passed test CrossRefValidation
   Running enterprise tests on : dcsbsdomain.local
      Starting test: LocatorCheck
         ......................... dcsbsdomain.local passed test LocatorCheck
      Starting test: Intersite
         ......................... dcsbsdomain.local passed test Intersite
C:\Users\administrator.DCSBSDOMAIN>

0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 2000 total points
ID: 34252252
Have you tried resetting the GPOs to default?
0
 

Author Comment

by:gerpaqit
ID: 34255889
Have not tried that. What is the procedure for that?
0
 

Author Comment

by:gerpaqit
ID: 34258097
Thanks Dariusg that looks like it may help just a little nervouse about trying it.

Have you ever tried it or know what are the chances of it messing things up further on the server?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34258134
I have tried it resets all GPOs to default
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question