Solved

Can't update Group Policy

Posted on 2011-03-17
9
1,405 Views
Last Modified: 2012-05-11
When I try to update group policy I get the following errors:

Updating Policy...

User policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\our-domain.com\SysVol\our-domain.com\Policies\{D70A87CD-A4E4-422B-9384-3F1
66B42BBDA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed. Windows attempted to read the file \\our-domain.com\SysVol\our-domain.com\Policies\{D70A87CD-A4E4-422B-9384-3F1
66B42BBDA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

Our setup: Windows SBS 2003 Domain Contoller, 2 X Windows 2008 X64 Global Catalogue servers.  I get the above errors when I try to update group policy on the server 2008 boxes.  Both can ping the domain (returns correct results) any ideas?
0
Comment
Question by:-Juddy-
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 43

Expert Comment

by:Taurus
ID: 35158203
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35158220
Is Windows 2008 Server a Domain Controller? Disable IPv6

http://www.windowsreference.com/networking/disable-ipv6-in-windows-server-20008-full-core-installation/

Reboot system
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 35158366
Why do I need to disable IPv6?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 43

Expert Comment

by:Taurus
ID: 35158481
Hi Juddy,

Did you get a chance to check article posted in ID:35158203Author:amitkulshrestha

It talks about same issue. if possible post the event details
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 35163950
I have and it appears that my problem is 'access is denied' despite the fact that I can browse to the item in question!  As for the instructions:

To test computer and user credentials:

   1. Log off and reboot the computer.  (Done, no change)
   2. Log on the computer with the domain credentials previously used. (Done, no change)
   3. If the error still persists after verifying the permissions on the resource, then follow Network troubleshooting procedures to diagnose the problem further (http://go.microsoft.com/fwlink/?LinkId=92706).

The link takes me to a page which appears to be of no use whatsoever!!

I am not using DFS and have no namespace set up, do I need to create a DFS name space?
0
 
LVL 3

Accepted Solution

by:
-Juddy- earned 0 total points
ID: 35165230
FIXED!!

Sorted it myself, it was down to NTFS permissions on the SYSVOL:

The problem was Share and NTFS permissions were not set properly for the SYSVOL Share:

Permissions for C:\

NTFS Permissions
Administrators = full control
Creator owner = none checked, but special permissions checked and greyed out
Everyone = none checked, but special permissions checked and greyed out
System = Full Control
Domain\Users = Read & Execute, List Folder contents, Read

Permissions for C:\Windows\Sysvol

Share
Do not share this folder

NTFS
Administrators = full control
Authenticated Users = Read & Execute, List Folder Contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read
System = Full Control

Permissions for C:\Windows\Sysvol\Sysvol

Share
Share this folder
Maximum Allowed
Administrators = full control
Authenticated Users = Full Control
Everyone = Read

NTFS
Administrators = Full Control, greyed out (inherited)
Authenticated Users = Read & Execute, List Folder contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read, (greyed out)
System = Full Control, greyed out (inherited)


 
After I have set the proper file permissions I ran the following from command prompt
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

<enter>

Gpupdate

<enter>
0
 
LVL 43

Expert Comment

by:Taurus
ID: 35165268
good
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 35165609
Forgot to say, thanks for your help anyway guys, it's appreciated!
0
 
LVL 3

Author Closing Comment

by:-Juddy-
ID: 35196604
Fixed myself.
0

Featured Post

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question