Solved

Group Policy Wins 2008 Standard

Posted on 2010-11-30
9
554 Views
Last Modified: 2013-12-06
I have a windows 2008 Server which is the sole domain controller on the network. There was  formerly an old 2003 SBS server on site. I added the 2008 server and promoted it as a DC, transferred the roles and then demoted the SBS 2003 server.

All seemed fine until i went to create a group policy to enforce password complexity. The policies from the SBS server came across during the migration.I cleared the "Link Enabled" option for all the SBS policies and the only one  i left at a domain level was "Default Domain Policy". When i run a gpupdate /force from any client i get the following error;

C:\Users\cchambers>gpupdate /force
Updating Policy...

User policy could not be updated successfully. The following errors were encount
ered:

The processing of Group Policy failed. Windows attempted to read the file \\dcsb
sdomain.local\SysVol\dcsbsdomain.local\Policies\{B875C2CC-6E14-42CD-A825-78EEC05
EF822}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed. Windows attempted to read the file \\dcsb
sdomain.local\SysVol\dcsbsdomain.local\Policies\{B875C2CC-6E14-42CD-A825-78EEC05
EF822}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.

If i clear the "Link Enabled" option for the "Default domain policy" and run the Gpupdate /force i don't get any errors. But if i create a brand new GPO and link that to the domain i still get an error message similar to the one above when i run Gpupdate /force. So at the moment i can no longer get any GPO to run. Has anyone any suggestions

0
Comment
Question by:gerpaqit
  • 5
  • 4
9 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34240963
0
 

Author Comment

by:gerpaqit
ID: 34242343
The SBS 2003 server has already been successfully demoted. The issue is with me being unable to create any GPO's. I assume the issue has been caused by the SBS policies that migrated when i promoted the 2008 server.
any other suggestions on how i can resolve this?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34243022
Run dcdiag post
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:gerpaqit
ID: 34250433
I have disabled all GPO's except password complexity and get this when i run a dcdiag

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
C:\Users\administrator.DCSBSDOMAIN>dcdiag
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = Server08
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site-Name\SERVER08
      Starting test: Connectivity
         ......................... SERVER08 passed test Connectivity
Doing primary tests
   Testing server: Default-First-Site-Name\SERVER08
      Starting test: Advertising
         ......................... SERVER08 passed test Advertising
      Starting test: FrsEvent
         ......................... SERVER08 passed test FrsEvent
      Starting test: DFSREvent
         ......................... SERVER08 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... SERVER08 passed test SysVolCheck
      Starting test: KccEvent
         ......................... SERVER08 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... SERVER08 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... SERVER08 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=dcsbsdomain,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=dcsbsdomain,DC=local
         ......................... SERVER08 failed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER08 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... SERVER08 passed test ObjectsReplicated
      Starting test: Replications
         ......................... SERVER08 passed test Replications
      Starting test: RidManager
         ......................... SERVER08 passed test RidManager
      Starting test: Services
         ......................... SERVER08 passed test Services
      Starting test: SystemLog
         A warning event occurred.  EventID: 0x00000458
            Time Generated: 12/01/2010   17:06:21
            Event String:
            The Group Policy Client Side Extension Folder Redirection was unable
 to apply one or more settings because the changes must be processed before syst
em startup or user logon. The system will wait for Group Policy processing to fi
nish completely before the next startup or logon for this user, and this may res
ult in slow startup and boot performance.
         ......................... SERVER08 passed test SystemLog
      Starting test: VerifyReferences
         ......................... SERVER08 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
   Running partition tests on : dcsbsdomain
      Starting test: CheckSDRefDom
         ......................... dcsbsdomain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... dcsbsdomain passed test CrossRefValidation
   Running enterprise tests on : dcsbsdomain.local
      Starting test: LocatorCheck
         ......................... dcsbsdomain.local passed test LocatorCheck
      Starting test: Intersite
         ......................... dcsbsdomain.local passed test Intersite
C:\Users\administrator.DCSBSDOMAIN>

0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 34252252
Have you tried resetting the GPOs to default?
0
 

Author Comment

by:gerpaqit
ID: 34255889
Have not tried that. What is the procedure for that?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34257188
0
 

Author Comment

by:gerpaqit
ID: 34258097
Thanks Dariusg that looks like it may help just a little nervouse about trying it.

Have you ever tried it or know what are the chances of it messing things up further on the server?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34258134
I have tried it resets all GPOs to default
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
adding more drive space to the server 5 53
Big Problem with Redirected Folder 8 46
Server 2012 R2 TLS 1.2? 2 45
SBS2008 and windows updates 2 15
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question