Solved

Can't update Group Policy

Posted on 2011-03-17
9
1,387 Views
Last Modified: 2012-05-11
When I try to update group policy I get the following errors:

Updating Policy...

User policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\our-domain.com\SysVol\our-domain.com\Policies\{D70A87CD-A4E4-422B-9384-3F1
66B42BBDA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed. Windows attempted to read the file \\our-domain.com\SysVol\our-domain.com\Policies\{D70A87CD-A4E4-422B-9384-3F1
66B42BBDA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

Our setup: Windows SBS 2003 Domain Contoller, 2 X Windows 2008 X64 Global Catalogue servers.  I get the above errors when I try to update group policy on the server 2008 boxes.  Both can ping the domain (returns correct results) any ideas?
0
Comment
Question by:-Juddy-
  • 5
  • 3
9 Comments
 
LVL 42

Expert Comment

by:Amit
ID: 35158203
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35158220
Is Windows 2008 Server a Domain Controller? Disable IPv6

http://www.windowsreference.com/networking/disable-ipv6-in-windows-server-20008-full-core-installation/

Reboot system
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 35158366
Why do I need to disable IPv6?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 42

Expert Comment

by:Amit
ID: 35158481
Hi Juddy,

Did you get a chance to check article posted in ID:35158203Author:amitkulshrestha

It talks about same issue. if possible post the event details
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 35163950
I have and it appears that my problem is 'access is denied' despite the fact that I can browse to the item in question!  As for the instructions:

To test computer and user credentials:

   1. Log off and reboot the computer.  (Done, no change)
   2. Log on the computer with the domain credentials previously used. (Done, no change)
   3. If the error still persists after verifying the permissions on the resource, then follow Network troubleshooting procedures to diagnose the problem further (http://go.microsoft.com/fwlink/?LinkId=92706).

The link takes me to a page which appears to be of no use whatsoever!!

I am not using DFS and have no namespace set up, do I need to create a DFS name space?
0
 
LVL 3

Accepted Solution

by:
-Juddy- earned 0 total points
ID: 35165230
FIXED!!

Sorted it myself, it was down to NTFS permissions on the SYSVOL:

The problem was Share and NTFS permissions were not set properly for the SYSVOL Share:

Permissions for C:\

NTFS Permissions
Administrators = full control
Creator owner = none checked, but special permissions checked and greyed out
Everyone = none checked, but special permissions checked and greyed out
System = Full Control
Domain\Users = Read & Execute, List Folder contents, Read

Permissions for C:\Windows\Sysvol

Share
Do not share this folder

NTFS
Administrators = full control
Authenticated Users = Read & Execute, List Folder Contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read
System = Full Control

Permissions for C:\Windows\Sysvol\Sysvol

Share
Share this folder
Maximum Allowed
Administrators = full control
Authenticated Users = Full Control
Everyone = Read

NTFS
Administrators = Full Control, greyed out (inherited)
Authenticated Users = Read & Execute, List Folder contents, Read
Creator Owner = none checked, but special permissions checked and greyed out
Server Operators = Read & Execute, List Folder contents, Read, (greyed out)
System = Full Control, greyed out (inherited)


 
After I have set the proper file permissions I ran the following from command prompt
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

<enter>

Gpupdate

<enter>
0
 
LVL 42

Expert Comment

by:Amit
ID: 35165268
good
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 35165609
Forgot to say, thanks for your help anyway guys, it's appreciated!
0
 
LVL 3

Author Closing Comment

by:-Juddy-
ID: 35196604
Fixed myself.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now