GPO not applying to one new PC

Posted on 2011-10-18
Last Modified: 2012-05-12
Hi Everyone,

Have a strange error, I have a new system that was wiped reloaded with Windows XP (shipped with Windows 7) but had to do it because of some legacy apps.

Anyway, it joined the domain fine, was able to login with domain admin and some GPO's have applied without issue. However, we have one GPO that installs all the require software for the client once it joins the domain like Office and such and it will not apply. This GPO is over 2 years old and I have never had an issue with it previous.

On the system if I run gpresult it says the GPO applied but the software is not installed - did the 3 reboot to try to fix but still nothing

If I run a query on one of the 3 DC's this is what I get for that system:

Group Policy Infrastructure failed due to the error listed below.

The specified domain either does not exist or could not be contacted.

Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 10/18/2011 10:24:02 PM and 10/18/2011 10:24:02 PM.
EFS recovery (N/A) 10/18/2011 6:52:03 PM
Registry (N/A) 10/18/2011 6:52:00 PM
Security (N/A) 10/18/2011 6:52:03 PM
Software Installation (N/A) 10/18/2011 10:06:03 PM
Software Installation did not complete policy processing because a system restart is required for the settings to be applied. Group Policy will attempt to apply the settings the next time the computer is restarted.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 10/18/2011 10:06:03 PM and 10/18/2011 10:06:03 PM.
I have tried to gpupdate /force on the DC and system and multiple reboots. I even wiped and reloaded XP again to try to fix.

One interesting items is that if I ping DOMAIN.LOCAL I get the IP address of one of the DC's if I reboot I sometimes get the same DC IP or one of the other ones. Assume this is a normal behaviour,

Any suggestions on what to try next would be great.

thanks in advance,

Question by:TheSonicGod
    LVL 38

    Accepted Solution

    Did you start with the sp3 disk? Did you get current with windows update?  I had this happen to me recently where I couldn't get past a windows update for ms msxml 6 because sp3 came with it owned by trusted installer and update could update it. This is a required update for SQL server and a few other ms apps. I found the manual download specifically for the included version with sp3 and once I got past that all was normal...

    Author Comment

    Thanks aarontomosky

    Yes install was done with SP3 disk and ALL 130+ updates have been installed and checked the logs - no errors

    Author Comment

    Also - just a note I see via a rerun of the query on the DC and 4 GPO have been applied including my software installer one but only the software one has the error posted above so it looks like some policies are applying just not the one that installs software - the other are various security and mappings - default domain policy is one of them for example

    Author Closing Comment

    solutions was not confirmed but did point me in the direction I needed to resolve the issue

    Author Comment

    Thanks aarontomosky

    I ended up manually loading the software on this system but another XP system I reloaded using HP recovery disks had only SP2 on it and it accepted the GPO without issue so it looks like your SP3 issue may have been the cause

    thanks for your help

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now