Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Group Policy not loading on Server

Posted on 2011-09-26
13
Medium Priority
?
221 Views
Last Modified: 2012-05-12
We have 2 Terminal Server, both built identically.
They have both been working fine for a long time.

We have group policies in place to control the user access on the servers. (Start Menu redirection, Destop Icons restrictions, Proxy settings, etc..)

TServer1 runs the GPOs fine, but since 2 days ago TServer2 does not.

Both servers are in the same OU along with a secutiry group that is added to the user accounts so that they will be affected by the GPOs.

I have run GPUDATE /FORCE which does not help either.

What could be stopping TServer2 from running the group policies?

0
Comment
Question by:bax2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
  • +1
13 Comments
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 1000 total points
ID: 36598777
Please check Event Logs, maybe there is some error message?
Reboot that TS2 server in possible time
and run

gpresult /z in command-line on a TS2 to check if other GPOs are applied

Regards,
Krzysztof
0
 
LVL 37

Expert Comment

by:Carl Webster
ID: 36598823
I agree with iSiek, what do the event logs and gpresult say?

0
 

Author Comment

by:bax2000
ID: 36598930
There are no errors on the event logs. I shows that the GPOs are implemeted succeffully.
I do see that it is trying to run the Group Policy from the wrong domain controller.

I know there is a replication error to that specific server that it is getting the GPOs from.
Have can I change which DC it gets the group policies from?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 37

Expert Comment

by:Carl Webster
ID: 36598946
You need to worry about fixing the replication errors first.  There really should be no "wrong" domain controller for retrieving GPOs from.  If there are issues with that domain controller, dcpromo it down so the other computers on your network stop using it until you get time to resolve the replication issues.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36599009
You can't. Clients use the closest DC to authenticate for their Site and it doesn't matter if it is working or not :)
Remove that faulty DC from a domain and add it once again. You can check my blog for that at
http://kpytko.wordpress.com/2011/08/29/decommissioning-the-old-domain-controller/

if you cannot do that, use force decommission
http://kpytko.wordpress.com/2011/08/30/decommissioning-broken-domain-controller/

do metadata cleanup
http://kpytko.wordpress.com/2011/08/29/metadata-cleanup-for-broken-domain-controller/

and promote server as DC again
http://kpytko.wordpress.com/2011/09/05/adding-additional-domain-controller/

Krzysztof
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36599722
Before going the Nuke way, I would suggest you have a look at GP Operational logs. It will tell you more clearly what happened.

If it's not showing you anything then we can blast the Nuke's ;)
0
 

Author Comment

by:bax2000
ID: 36708480
I was able to force the replication to the problem DC which seems to have resolved the replication issue as I am no longer getting messages in the event logs, but the still not all the group policies are loading on the TServer2  box.

Where can I find the GP Operational logs?
0
 
LVL 11

Expert Comment

by:Ackles
ID: 36708491
To view the Group Policy operational log
1.Start the Event Viewer.

2.Click the arrow next to Applications and Services Logs.

3.Click the arrow next to Microsoft, and then Windows, and then Group Policy.

4.Click Operational.

A
0
 
LVL 11

Assisted Solution

by:Ackles
Ackles earned 1000 total points
ID: 36708509
Please try the following:
1) gpupdate /force, if still doesn't work
2) Restart the computer.

I would suggest, please enable these two policies at domain level, they will really help you:

Computer Configuration | Policies | Administrative Templates | System | Logon Always wait for the network at computer startup and logon policy

This policy will make sure that all GPO's are pushed before the logon happens.

Computer Configuration | Policies | Administrative Templates | System | Verbose vs Normal Status messages

This will show you exactly what is happening during logon, instead of showing spinning wheel.

Hope that helps.

A
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36708517
Try to rebuild SYSVOL accordind to this MS article at
http://support.microsoft.com/kb/315457

Krzysztof
0
 

Accepted Solution

by:
bax2000 earned 0 total points
ID: 36716380
Along with some of the suggestions above I also ran a registry cleaner of the Server with issues.
My GPO issues are now resolved.
Thanks for the help. :)
0
 

Author Closing Comment

by:bax2000
ID: 36902141
Along with some of the suggestions above I also ran a registry cleaner of the Server with issues.
My GPO issues are now resolved.
Thanks for the help. :)
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36716462
You're welcome :)

Krzysztof
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question