Solved

Can't update Group Policy

Posted on 2011-03-17
9
1,382 Views
Last Modified: 2012-05-11
When I try to update group policy I get the following errors:

Updating Policy...

User policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\our-domain.com\SysVol\our-domain.com\Policies\{D70A87CD-A4E4-422B-9384-3F1
66B42BBDA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed. Windows attempted to read the file \\our-domain.com\SysVol\our-domain.com\Policies\{D70A87CD-A4E4-422B-9384-3F1
66B42BBDA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

Our setup: Windows SBS 2003 Domain Contoller, 2 X Windows 2008 X64 Global Catalogue servers.  I get the above errors when I try to update group policy on the server 2008 boxes.  Both can ping the domain (returns correct results) any ideas?
0
Comment
Question by:-Juddy-
  • 5
  • 3
9 Comments
 
LVL 41

Expert Comment

by:Amit
ID: 35158203
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35158220
Is Windows 2008 Server a Domain Controller? Disable IPv6

http://www.windowsreference.com/networking/disable-ipv6-in-windows-server-20008-full-core-installation/

Reboot system
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 35158366
Why do I need to disable IPv6?
0
 
LVL 41

Expert Comment

by:Amit
ID: 35158481
Hi Juddy,

Did you get a chance to check article posted in ID:35158203Author:amitkulshrestha

It talks about same issue. if possible post the event details
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 3

Author Comment

by:-Juddy-
ID: 35163950
I have and it appears that my problem is 'access is denied' despite the fact that I can browse to the item in question!  As for the instructions:

To test computer and user credentials:

   1. Log off and reboot the computer.  (Done, no change)
   2. Log on the computer with the domain credentials previously used. (Done, no change)
   3. If the error still persists after verifying the permissions on the resource, then follow Network troubleshooting procedures to diagnose the problem further (http://go.microsoft.com/fwlink/?LinkId=92706).

The link takes me to a page which appears to be of no use whatsoever!!

I am not using DFS and have no namespace set up, do I need to create a DFS name space?
0
 
LVL 3

Accepted Solution

by:
-Juddy- earned 0 total points
ID: 35165230
FIXED!!

Sorted it myself, it was down to NTFS permissions on the SYSVOL:

The problem was Share and NTFS permissions were not set properly for the SYSVOL Share:

Permissions for C:\

NTFS Permissions
Administrators = full control
Creator owner = none checked, but special permissions checked and greyed out
Everyone = none checked, but special permissions checked and greyed out
System = Full Control
Domain\Users = Read & Execute, List Folder contents, Read

Permissions for C:\Windows\Sysvol

Share
Do not share this folder

NTFS
Administrators = full control
Authenticated Users = Read & Execute, List Folder Contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read
System = Full Control

Permissions for C:\Windows\Sysvol\Sysvol

Share
Share this folder
Maximum Allowed
Administrators = full control
Authenticated Users = Full Control
Everyone = Read

NTFS
Administrators = Full Control, greyed out (inherited)
Authenticated Users = Read & Execute, List Folder contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read, (greyed out)
System = Full Control, greyed out (inherited)


 
After I have set the proper file permissions I ran the following from command prompt
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

<enter>

Gpupdate

<enter>
0
 
LVL 41

Expert Comment

by:Amit
ID: 35165268
good
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 35165609
Forgot to say, thanks for your help anyway guys, it's appreciated!
0
 
LVL 3

Author Closing Comment

by:-Juddy-
ID: 35196604
Fixed myself.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now