Group Policy not loading on Server

We have 2 Terminal Server, both built identically.
They have both been working fine for a long time.

We have group policies in place to control the user access on the servers. (Start Menu redirection, Destop Icons restrictions, Proxy settings, etc..)

TServer1 runs the GPOs fine, but since 2 days ago TServer2 does not.

Both servers are in the same OU along with a secutiry group that is added to the user accounts so that they will be affected by the GPOs.

I have run GPUDATE /FORCE which does not help either.

What could be stopping TServer2 from running the group policies?

Barry KaySystems EngineerAsked:
Who is Participating?
 
Barry KayConnect With a Mentor Systems EngineerAuthor Commented:
Along with some of the suggestions above I also ran a registry cleaner of the Server with issues.
My GPO issues are now resolved.
Thanks for the help. :)
0
 
Krzysztof PytkoConnect With a Mentor Senior Active Directory EngineerCommented:
Please check Event Logs, maybe there is some error message?
Reboot that TS2 server in possible time
and run

gpresult /z in command-line on a TS2 to check if other GPOs are applied

Regards,
Krzysztof
0
 
Carl WebsterCommented:
I agree with iSiek, what do the event logs and gpresult say?

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Barry KaySystems EngineerAuthor Commented:
There are no errors on the event logs. I shows that the GPOs are implemeted succeffully.
I do see that it is trying to run the Group Policy from the wrong domain controller.

I know there is a replication error to that specific server that it is getting the GPOs from.
Have can I change which DC it gets the group policies from?
0
 
Carl WebsterCommented:
You need to worry about fixing the replication errors first.  There really should be no "wrong" domain controller for retrieving GPOs from.  If there are issues with that domain controller, dcpromo it down so the other computers on your network stop using it until you get time to resolve the replication issues.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
You can't. Clients use the closest DC to authenticate for their Site and it doesn't matter if it is working or not :)
Remove that faulty DC from a domain and add it once again. You can check my blog for that at
http://kpytko.wordpress.com/2011/08/29/decommissioning-the-old-domain-controller/

if you cannot do that, use force decommission
http://kpytko.wordpress.com/2011/08/30/decommissioning-broken-domain-controller/

do metadata cleanup
http://kpytko.wordpress.com/2011/08/29/metadata-cleanup-for-broken-domain-controller/

and promote server as DC again
http://kpytko.wordpress.com/2011/09/05/adding-additional-domain-controller/

Krzysztof
0
 
AcklesCommented:
Before going the Nuke way, I would suggest you have a look at GP Operational logs. It will tell you more clearly what happened.

If it's not showing you anything then we can blast the Nuke's ;)
0
 
Barry KaySystems EngineerAuthor Commented:
I was able to force the replication to the problem DC which seems to have resolved the replication issue as I am no longer getting messages in the event logs, but the still not all the group policies are loading on the TServer2  box.

Where can I find the GP Operational logs?
0
 
AcklesCommented:
To view the Group Policy operational log
1.Start the Event Viewer.

2.Click the arrow next to Applications and Services Logs.

3.Click the arrow next to Microsoft, and then Windows, and then Group Policy.

4.Click Operational.

A
0
 
AcklesConnect With a Mentor Commented:
Please try the following:
1) gpupdate /force, if still doesn't work
2) Restart the computer.

I would suggest, please enable these two policies at domain level, they will really help you:

Computer Configuration | Policies | Administrative Templates | System | Logon Always wait for the network at computer startup and logon policy

This policy will make sure that all GPO's are pushed before the logon happens.

Computer Configuration | Policies | Administrative Templates | System | Verbose vs Normal Status messages

This will show you exactly what is happening during logon, instead of showing spinning wheel.

Hope that helps.

A
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Try to rebuild SYSVOL accordind to this MS article at
http://support.microsoft.com/kb/315457

Krzysztof
0
 
Barry KaySystems EngineerAuthor Commented:
Along with some of the suggestions above I also ran a registry cleaner of the Server with issues.
My GPO issues are now resolved.
Thanks for the help. :)
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
You're welcome :)

Krzysztof
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.