Solved

Can't update Group Policy

Posted on 2011-03-17
9
1,376 Views
Last Modified: 2012-05-11
When I try to update group policy I get the following errors:

Updating Policy...

User policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\our-domain.com\SysVol\our-domain.com\Policies\{D70A87CD-A4E4-422B-9384-3F1
66B42BBDA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed. Windows attempted to read the file \\our-domain.com\SysVol\our-domain.com\Policies\{D70A87CD-A4E4-422B-9384-3F1
66B42BBDA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

Our setup: Windows SBS 2003 Domain Contoller, 2 X Windows 2008 X64 Global Catalogue servers.  I get the above errors when I try to update group policy on the server 2008 boxes.  Both can ping the domain (returns correct results) any ideas?
0
Comment
Question by:-Juddy-
  • 5
  • 3
9 Comments
 
LVL 41

Expert Comment

by:Amit
ID: 35158203
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35158220
Is Windows 2008 Server a Domain Controller? Disable IPv6

http://www.windowsreference.com/networking/disable-ipv6-in-windows-server-20008-full-core-installation/

Reboot system
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 35158366
Why do I need to disable IPv6?
0
 
LVL 41

Expert Comment

by:Amit
ID: 35158481
Hi Juddy,

Did you get a chance to check article posted in ID:35158203Author:amitkulshrestha

It talks about same issue. if possible post the event details
0
Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

 
LVL 3

Author Comment

by:-Juddy-
ID: 35163950
I have and it appears that my problem is 'access is denied' despite the fact that I can browse to the item in question!  As for the instructions:

To test computer and user credentials:

   1. Log off and reboot the computer.  (Done, no change)
   2. Log on the computer with the domain credentials previously used. (Done, no change)
   3. If the error still persists after verifying the permissions on the resource, then follow Network troubleshooting procedures to diagnose the problem further (http://go.microsoft.com/fwlink/?LinkId=92706).

The link takes me to a page which appears to be of no use whatsoever!!

I am not using DFS and have no namespace set up, do I need to create a DFS name space?
0
 
LVL 3

Accepted Solution

by:
-Juddy- earned 0 total points
ID: 35165230
FIXED!!

Sorted it myself, it was down to NTFS permissions on the SYSVOL:

The problem was Share and NTFS permissions were not set properly for the SYSVOL Share:

Permissions for C:\

NTFS Permissions
Administrators = full control
Creator owner = none checked, but special permissions checked and greyed out
Everyone = none checked, but special permissions checked and greyed out
System = Full Control
Domain\Users = Read & Execute, List Folder contents, Read

Permissions for C:\Windows\Sysvol

Share
Do not share this folder

NTFS
Administrators = full control
Authenticated Users = Read & Execute, List Folder Contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read
System = Full Control

Permissions for C:\Windows\Sysvol\Sysvol

Share
Share this folder
Maximum Allowed
Administrators = full control
Authenticated Users = Full Control
Everyone = Read

NTFS
Administrators = Full Control, greyed out (inherited)
Authenticated Users = Read & Execute, List Folder contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read, (greyed out)
System = Full Control, greyed out (inherited)


 
After I have set the proper file permissions I ran the following from command prompt
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

<enter>

Gpupdate

<enter>
0
 
LVL 41

Expert Comment

by:Amit
ID: 35165268
good
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 35165609
Forgot to say, thanks for your help anyway guys, it's appreciated!
0
 
LVL 3

Author Closing Comment

by:-Juddy-
ID: 35196604
Fixed myself.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now