• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1475
  • Last Modified:

Can't update Group Policy

When I try to update group policy I get the following errors:

Updating Policy...

User policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\our-domain.com\SysVol\our-domain.com\Policies\{D70A87CD-A4E4-422B-9384-3F1
66B42BBDA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed. Windows attempted to read the file \\our-domain.com\SysVol\our-domain.com\Policies\{D70A87CD-A4E4-422B-9384-3F1
66B42BBDA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

Our setup: Windows SBS 2003 Domain Contoller, 2 X Windows 2008 X64 Global Catalogue servers.  I get the above errors when I try to update group policy on the server 2008 boxes.  Both can ping the domain (returns correct results) any ideas?
0
-Juddy-
Asked:
-Juddy-
  • 5
  • 3
1 Solution
 
Darius GhassemCommented:
Is Windows 2008 Server a Domain Controller? Disable IPv6

http://www.windowsreference.com/networking/disable-ipv6-in-windows-server-20008-full-core-installation/

Reboot system
0
 
-Juddy-Author Commented:
Why do I need to disable IPv6?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
AmitIT ArchitectCommented:
Hi Juddy,

Did you get a chance to check article posted in ID:35158203Author:amitkulshrestha

It talks about same issue. if possible post the event details
0
 
-Juddy-Author Commented:
I have and it appears that my problem is 'access is denied' despite the fact that I can browse to the item in question!  As for the instructions:

To test computer and user credentials:

   1. Log off and reboot the computer.  (Done, no change)
   2. Log on the computer with the domain credentials previously used. (Done, no change)
   3. If the error still persists after verifying the permissions on the resource, then follow Network troubleshooting procedures to diagnose the problem further (http://go.microsoft.com/fwlink/?LinkId=92706).

The link takes me to a page which appears to be of no use whatsoever!!

I am not using DFS and have no namespace set up, do I need to create a DFS name space?
0
 
-Juddy-Author Commented:
FIXED!!

Sorted it myself, it was down to NTFS permissions on the SYSVOL:

The problem was Share and NTFS permissions were not set properly for the SYSVOL Share:

Permissions for C:\

NTFS Permissions
Administrators = full control
Creator owner = none checked, but special permissions checked and greyed out
Everyone = none checked, but special permissions checked and greyed out
System = Full Control
Domain\Users = Read & Execute, List Folder contents, Read

Permissions for C:\Windows\Sysvol

Share
Do not share this folder

NTFS
Administrators = full control
Authenticated Users = Read & Execute, List Folder Contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read
System = Full Control

Permissions for C:\Windows\Sysvol\Sysvol

Share
Share this folder
Maximum Allowed
Administrators = full control
Authenticated Users = Full Control
Everyone = Read

NTFS
Administrators = Full Control, greyed out (inherited)
Authenticated Users = Read & Execute, List Folder contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read, (greyed out)
System = Full Control, greyed out (inherited)


 
After I have set the proper file permissions I ran the following from command prompt
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

<enter>

Gpupdate

<enter>
0
 
AmitIT ArchitectCommented:
good
0
 
-Juddy-Author Commented:
Forgot to say, thanks for your help anyway guys, it's appreciated!
0
 
-Juddy-Author Commented:
Fixed myself.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now