gerpaqit
asked on
Group Policy Wins 2008 Standard
I have a windows 2008 Server which is the sole domain controller on the network. There was formerly an old 2003 SBS server on site. I added the 2008 server and promoted it as a DC, transferred the roles and then demoted the SBS 2003 server.
All seemed fine until i went to create a group policy to enforce password complexity. The policies from the SBS server came across during the migration.I cleared the "Link Enabled" option for all the SBS policies and the only one i left at a domain level was "Default Domain Policy". When i run a gpupdate /force from any client i get the following error;
C:\Users\cchambers>gpupdat
Updating Policy...
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows attempted to read the file \\dcsb
sdomain.local\SysVol\dcsbs
EF822}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:
The processing of Group Policy failed. Windows attempted to read the file \\dcsb
sdomain.local\SysVol\dcsbs
EF822}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
If i clear the "Link Enabled" option for the "Default domain policy" and run the Gpupdate /force i don't get any errors. But if i create a brand new GPO and link that to the domain i still get an error message similar to the one above when i run Gpupdate /force. So at the moment i can no longer get any GPO to run. Has anyone any suggestions
All seemed fine until i went to create a group policy to enforce password complexity. The policies from the SBS server came across during the migration.I cleared the "Link Enabled" option for all the SBS policies and the only one i left at a domain level was "Default Domain Policy". When i run a gpupdate /force from any client i get the following error;
C:\Users\cchambers>gpupdat
Updating Policy...
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows attempted to read the file \\dcsb
sdomain.local\SysVol\dcsbs
EF822}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:
The processing of Group Policy failed. Windows attempted to read the file \\dcsb
sdomain.local\SysVol\dcsbs
EF822}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
If i clear the "Link Enabled" option for the "Default domain policy" and run the Gpupdate /force i don't get any errors. But if i create a brand new GPO and link that to the domain i still get an error message similar to the one above when i run Gpupdate /force. So at the moment i can no longer get any GPO to run. Has anyone any suggestions
ASKER
The SBS 2003 server has already been successfully demoted. The issue is with me being unable to create any GPO's. I assume the issue has been caused by the SBS policies that migrated when i promoted the 2008 server.
any other suggestions on how i can resolve this?
any other suggestions on how i can resolve this?
Run dcdiag post
ASKER
I have disabled all GPO's except password complexity and get this when i run a dcdiag
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\administrator.DCS
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Server08
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER08 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Advertising
......................... SERVER08 passed test Advertising
Starting test: FrsEvent
......................... SERVER08 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER08 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER08 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER08 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER08 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER08 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=dcsbs
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=dcsbs
......................... SERVER08 failed test NCSecDesc
Starting test: NetLogons
......................... SERVER08 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER08 passed test ObjectsReplicated
Starting test: Replications
......................... SERVER08 passed test Replications
Starting test: RidManager
......................... SERVER08 passed test RidManager
Starting test: Services
......................... SERVER08 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x00000458
Time Generated: 12/01/2010 17:06:21
Event String:
The Group Policy Client Side Extension Folder Redirection was unable
to apply one or more settings because the changes must be processed before syst
em startup or user logon. The system will wait for Group Policy processing to fi
nish completely before the next startup or logon for this user, and this may res
ult in slow startup and boot performance.
......................... SERVER08 passed test SystemLog
Starting test: VerifyReferences
......................... SERVER08 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : dcsbsdomain
Starting test: CheckSDRefDom
......................... dcsbsdomain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... dcsbsdomain passed test CrossRefValidation
Running enterprise tests on : dcsbsdomain.local
Starting test: LocatorCheck
......................... dcsbsdomain.local passed test LocatorCheck
Starting test: Intersite
......................... dcsbsdomain.local passed test Intersite
C:\Users\administrator.DCS
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\administrator.DCS
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Server08
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER08 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Advertising
......................... SERVER08 passed test Advertising
Starting test: FrsEvent
......................... SERVER08 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER08 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER08 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER08 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER08 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER08 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=dcsbs
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=dcsbs
......................... SERVER08 failed test NCSecDesc
Starting test: NetLogons
......................... SERVER08 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER08 passed test ObjectsReplicated
Starting test: Replications
......................... SERVER08 passed test Replications
Starting test: RidManager
......................... SERVER08 passed test RidManager
Starting test: Services
......................... SERVER08 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x00000458
Time Generated: 12/01/2010 17:06:21
Event String:
The Group Policy Client Side Extension Folder Redirection was unable
to apply one or more settings because the changes must be processed before syst
em startup or user logon. The system will wait for Group Policy processing to fi
nish completely before the next startup or logon for this user, and this may res
ult in slow startup and boot performance.
......................... SERVER08 passed test SystemLog
Starting test: VerifyReferences
......................... SERVER08 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : dcsbsdomain
Starting test: CheckSDRefDom
......................... dcsbsdomain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... dcsbsdomain passed test CrossRefValidation
Running enterprise tests on : dcsbsdomain.local
Starting test: LocatorCheck
......................... dcsbsdomain.local passed test LocatorCheck
Starting test: Intersite
......................... dcsbsdomain.local passed test Intersite
C:\Users\administrator.DCS
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Have not tried that. What is the procedure for that?
ASKER
Thanks Dariusg that looks like it may help just a little nervouse about trying it.
Have you ever tried it or know what are the chances of it messing things up further on the server?
Have you ever tried it or know what are the chances of it messing things up further on the server?
I have tried it resets all GPOs to default
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2881-Migrate-Small-Business-Server-2003-to-Exchange-2010-and-Windows-2008-R2.html
Run metadata cleanup check to see if you have any lingering objects from teh SBS server
http://www.petri.co.il/delete_failed_dcs_from_ad.htm