Solved

Group Policy Wins 2008 Standard

Posted on 2010-11-30
9
567 Views
Last Modified: 2013-12-06
I have a windows 2008 Server which is the sole domain controller on the network. There was  formerly an old 2003 SBS server on site. I added the 2008 server and promoted it as a DC, transferred the roles and then demoted the SBS 2003 server.

All seemed fine until i went to create a group policy to enforce password complexity. The policies from the SBS server came across during the migration.I cleared the "Link Enabled" option for all the SBS policies and the only one  i left at a domain level was "Default Domain Policy". When i run a gpupdate /force from any client i get the following error;

C:\Users\cchambers>gpupdate /force
Updating Policy...

User policy could not be updated successfully. The following errors were encount
ered:

The processing of Group Policy failed. Windows attempted to read the file \\dcsb
sdomain.local\SysVol\dcsbsdomain.local\Policies\{B875C2CC-6E14-42CD-A825-78EEC05
EF822}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed. Windows attempted to read the file \\dcsb
sdomain.local\SysVol\dcsbsdomain.local\Policies\{B875C2CC-6E14-42CD-A825-78EEC05
EF822}\gpt.ini from a domain controller and was not successful. Group Policy set
tings may not be applied until this event is resolved. This issue may be transie
nt and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.

If i clear the "Link Enabled" option for the "Default domain policy" and run the Gpupdate /force i don't get any errors. But if i create a brand new GPO and link that to the domain i still get an error message similar to the one above when i run Gpupdate /force. So at the moment i can no longer get any GPO to run. Has anyone any suggestions

0
Comment
Question by:gerpaqit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34240963
0
 

Author Comment

by:gerpaqit
ID: 34242343
The SBS 2003 server has already been successfully demoted. The issue is with me being unable to create any GPO's. I assume the issue has been caused by the SBS policies that migrated when i promoted the 2008 server.
any other suggestions on how i can resolve this?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34243022
Run dcdiag post
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:gerpaqit
ID: 34250433
I have disabled all GPO's except password complexity and get this when i run a dcdiag

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
C:\Users\administrator.DCSBSDOMAIN>dcdiag
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = Server08
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site-Name\SERVER08
      Starting test: Connectivity
         ......................... SERVER08 passed test Connectivity
Doing primary tests
   Testing server: Default-First-Site-Name\SERVER08
      Starting test: Advertising
         ......................... SERVER08 passed test Advertising
      Starting test: FrsEvent
         ......................... SERVER08 passed test FrsEvent
      Starting test: DFSREvent
         ......................... SERVER08 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... SERVER08 passed test SysVolCheck
      Starting test: KccEvent
         ......................... SERVER08 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... SERVER08 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... SERVER08 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=dcsbsdomain,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=dcsbsdomain,DC=local
         ......................... SERVER08 failed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER08 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... SERVER08 passed test ObjectsReplicated
      Starting test: Replications
         ......................... SERVER08 passed test Replications
      Starting test: RidManager
         ......................... SERVER08 passed test RidManager
      Starting test: Services
         ......................... SERVER08 passed test Services
      Starting test: SystemLog
         A warning event occurred.  EventID: 0x00000458
            Time Generated: 12/01/2010   17:06:21
            Event String:
            The Group Policy Client Side Extension Folder Redirection was unable
 to apply one or more settings because the changes must be processed before syst
em startup or user logon. The system will wait for Group Policy processing to fi
nish completely before the next startup or logon for this user, and this may res
ult in slow startup and boot performance.
         ......................... SERVER08 passed test SystemLog
      Starting test: VerifyReferences
         ......................... SERVER08 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
   Running partition tests on : dcsbsdomain
      Starting test: CheckSDRefDom
         ......................... dcsbsdomain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... dcsbsdomain passed test CrossRefValidation
   Running enterprise tests on : dcsbsdomain.local
      Starting test: LocatorCheck
         ......................... dcsbsdomain.local passed test LocatorCheck
      Starting test: Intersite
         ......................... dcsbsdomain.local passed test Intersite
C:\Users\administrator.DCSBSDOMAIN>

0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 34252252
Have you tried resetting the GPOs to default?
0
 

Author Comment

by:gerpaqit
ID: 34255889
Have not tried that. What is the procedure for that?
0
 

Author Comment

by:gerpaqit
ID: 34258097
Thanks Dariusg that looks like it may help just a little nervouse about trying it.

Have you ever tried it or know what are the chances of it messing things up further on the server?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34258134
I have tried it resets all GPOs to default
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
A procedure for exporting installed hotfix details of remote computers using powershell
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question