Link to home
Create AccountLog in
Avatar of -Juddy-
-Juddy-Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Group Policy not updating on a handfull of systems.

We have a Windows Server 2003 which is our Domain Controller (soon to be retired) and two Windows 2008 Global Catalogue Servers (One will become the new DC) and I have a strange problem with Group Policy not working on one on the GC servers and one client (could be more).

When I try to update group policy on the GC Server (Windows 2008 SP2 X64) I get the following error:

User policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\our-domain.com\SysV
ol\our-domain.com\Policies\{8AED0A6B-F288-4454-87B9-C2703B36B583}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated
to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\our-domain.com\SysV
ol\our-domain.com\Policies\{8AED0A6B-F288-4454-87B9-C2703B36B583}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated
to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

The object in question ({8AED0A6B-F288-4454-87B9-C2703B36B583}) does not appear in the Sysvol of the problematic GC server, but does on the DC and subsequent GC Server.  I have also tried to update Group Policy on half a dozen or so other workstations (mixture of Windows 7 and XP) and they all update, so why wont this one Windows 7 X64 client and Windows 2008 X64 Global Catalogue Server update?

I have tried:

Checking DNS status on both, they appear to be resolving the correct info
Turning off Windows Firewall, makes no difference
Turning off AV software, no difference
Rebooting

Any ideas guys?


Avatar of Draxonic
Draxonic
Flag of Australia image

I saw this once on one of the networks I managed and it was:

b) File Replication Service Latency (a file created on another domain controller has not replicated
to the current domain controller).

The DC wasn't replicating properly, so it literally didn't have a copy of the GPO.

You should try running
repadmin /showreps
...on the DCs for the site(s) being affected and see if there are replication errors.

You can also run
dcdiag
dnsdiag
...to try and diagnose DC and DNS issues.
Avatar of -Juddy-

ASKER

My results:

GCSERVER=       The Global Catalogue Server with the issue
Our-Domain=       Our domain name

repadmin /showreps
Default-First-Site-Name\GC Server Name
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 3390e65e-4cb6-45d5-a8cf-b75d33243119
DSA invocationID: 894f9174-4a98-46c6-ab79-8dfba4d56351

==== INBOUND NEIGHBORS ======================================

DC=domain-name,DC=com
    Default-First-Site-Name\GCSERVER via RPC
        DSA object GUID: 7219a531-40bc-445f-9c5d-16623f8c20d8
        Last attempt @ 2011-03-29 10:56:23 was successful.
    Default-First-Site-Name\DOMAIN-CONTROLLER via RPC
        DSA object GUID: f124c682-ea5d-4191-919f-57239b6166d4
        Last attempt @ 2011-03-29 10:56:57 was successful.

CN=Configuration,DC=our-domain,DC=com
    Default-First-Site-Name\GCSERVER via RPC
        DSA object GUID: 7219a531-40bc-445f-9c5d-16623f8c20d8
        Last attempt @ 2011-03-29 10:50:07 was successful.
    Default-First-Site-Name\DOMAIN-CONTROLLER via RPC
        DSA object GUID: f124c682-ea5d-4191-919f-57239b6166d4
        Last attempt @ 2011-03-29 10:50:07 was successful.

CN=Schema,CN=Configuration,DC=our-domain,DC=com
    Default-First-Site-Name\GCSERVER via RPC
        DSA object GUID: 7219a531-40bc-445f-9c5d-16623f8c20d8
        Last attempt @ 2011-03-29 10:50:07 was successful.
    Default-First-Site-Name\DOMAIN-CONTROLLER via RPC
        DSA object GUID: f124c682-ea5d-4191-919f-57239b6166d4
        Last attempt @ 2011-03-29 10:50:07 was successful.
DCDIAG
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = GCSERVER
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\GCSERVER
      Starting test: Connectivity
         ......................... GCSERVER passed test Connectivity
Doing primary tests
   Testing server: Default-First-Site-Name\GCSERVER
      Starting test: Advertising
         ......................... GCSERVER passed test Advertising
      Starting test: FrsEvent
         ......................... GCSERVER passed test FrsEvent
      Starting test: DFSREvent
         ......................... GCSERVER passed test DFSREvent
      Starting test: SysVolCheck
         ......................... GCSERVER passed test SysVolCheck
      Starting test: KccEvent
         ......................... GCSERVER passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... GCSERVER passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... GCSERVER passed test MachineAccount
      Starting test: NCSecDesc
         ......................... GCSERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... GCSERVER passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... GCSERVER passed test ObjectsReplicated
      Starting test: Replications
         ......................... GCSERVER passed test Replications
      Starting test: RidManager
         ......................... GCSERVER passed test RidManager
      Starting test: Services
         ......................... GCSERVER passed test Services
      Starting test: SystemLog
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:01:17
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:06:20
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:11:23
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:12:16
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:12:16
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:17:19
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:19:34
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:19:34
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:24:37
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:29:40
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:34:43
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:39:46
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:44:48
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:49:51
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:51:13
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:51:13
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         An Error Event occurred.  EventID: 0x00000422
            Time Generated: 03/29/2011   10:56:18
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error 0x3afc)
         ......................... GCSERVER failed test SystemLog
      Starting test: VerifyReferences
         ......................... GCSERVER passed test VerifyReferences


   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : our-domain
      Starting test: CheckSDRefDom
         ......................... our-domain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... our-domain passed test CrossRefValidation

   Running enterprise tests on : our-domain.com
      Starting test: LocatorCheck
         ......................... our-domain.com passed test LocatorCheck
      Starting test: Intersite
         ......................... our-domain.com passed test Intersite
DNSDIAG returns = 'dnsdiag' is not recognized as an internal or external command,
operable program or batch file.



SOLUTION
Avatar of Muzafar Momin
Muzafar Momin
Flag of India image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of -Juddy-

ASKER

This worked for me, thanks guys.