Group Policy failing to update

This domain consists of the following:

1- SBS 2003 SP2 DC
2- Multiple Windows 7 Clients
3- Multiple Windows Vista Clients

The group policy on the domain had been long-hosed by a previous administrator.  I decided that today was the day to resurrect it.

I've made great progress, but I need the Expert's help to get it across the finish line.

I started by utilizing a Microsoft utility to recreate the Default Domain Policy (it had been deleted).  Then I went through and configured the policy as appropriate for our environment.  That policy is now linked and enforced, and is the sole policy affecting the domain.

The policy is applying to my Windows 7 (and Windows Server 2003, Windows Server 2008) machines just fine - with no errors or hesitation.

The User policy applied to Vista just fine.  The Computer policy WILL NOT apply to the Windows Vista machines for anything.

The error reads "Computer policy could not be updated successfully.  The following errors were encountered:  The processing of Group Policy failed.  Windows attempted to read the file \\CCC.local\sysvol\CCC.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful."  The Error is 1058, Code 5 -- which I've read is related to file permissions.

I have read many solutions already, but none have resolved the issue.  What I have tried:  (1) Name resolution to the DC,  (2)  dcdiag,  (3)  permissions on the SYSVOL folder (I can browse to and open the view from a non-admin user account).

What else should I try?  Is there anything significant about the fact that it is working fine on Windows 7 (and 2003, 2008) boxes, but not Vista?

Many thanks!

Robert Patterson
MCSE, MCITP, MCTS, A+, Server+

Patt5735Asked:
Who is Participating?
 
Patt5735Connect With a Mentor Author Commented:
The issue with Group Policy has been resolved by fixing an issue with duplicate SPN entries causing authentication problems.
0
 
Patmac951Commented:
I am sure you have already tried this......but for testing purposes have you tried to login to one of the Vista computers with a domain admin account and push the policy?

Also because this is a domain I am assuming all the Vista computers are successfully attached to the domain with Vista Business Edition?
0
 
Patt5735Author Commented:
I have tried pushing the policy with a domain admin account, although the eventual solution will obviously have to work apart from administrative privileges.  With a user account I can browse to the SYSVOL folder.

The Vista machines are running Vista Business Edition and are all joined to the domain.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Patmac951Commented:
So to clarify your last post does that mean it does work as a domain admin account on the vista computers? or does not?
0
 
serchlopCommented:
Like Patmac say, maybe have you tryed it, but could help.

Have you tryed to get this computer out of the domain, and then add again.

Have you verify gpresult /SCOPE computer /Z to check if GPO is applied to computer account or should be.

I guess you can browse to \\CCC.local\sysvol\CCC.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}, but you can use psexec tool to verify if local system has right in a network share. You can download from sysinternals web site. www.sysinternals.com

Something like

psexec /s cmd /c type \\CCC.local\sysvol\CCC.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini

you should get something like

[General]
Version=30
cmd exited on SERCHLOP-WIN7 with error code 0.

0
 
Patt5735Author Commented:
So to clarify your last post does that mean it does work as a domain admin account on the vista computers? or does not?

It doesn't work regardless of admin or non-admin.

Have you tryed to get this computer out of the domain, and then add again.

I haven't, but I'm willing to try that.  I'm dealing with a dozen or so machines, so that's not a preferred fix.

Have you verify gpresult /SCOPE computer /Z to check if GPO is applied to computer account or should be.

When I run this on the Vista machine I get a completely different result than I do on my 7 machine.  On the 7 machine, I get the full list of policies.  On the Vista machine, it reports little of nothing -- under Applied Group Policy Objects it says "N/A" and all of the resultant set of policies entries also have "N/A".

Is that because it can't access the GPO, or is there some configuration error in the GPO (related to Vista) that I have missed?
0
 
Patt5735Author Commented:
PSExec returned "Access is denied" Error Code 1.  Now I'm really confused.  At least the behavior is consistent.  But how do we explain the fact that I can browse to it in Explorer -- but both GPO and PsExec are denied access?
0
 
Patt5735Author Commented:
The issue has been resolved.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.