Group Policy - User Policy not updating for certain DCs
Hello again, all.
I have noticed the GP Event ID 1058 on several machines on our domain.
When executing gpupdate I receive the following:
**************************
C:\Users\i.mejias>gpupdate
Updating Policy...
User policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows attempted to read the file \\prime.local\SysVol\prime
successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results.
**************************
However, the Computer Policy updates just fine.
I also noticed that it is happening when these machines are trying to read the policy template from certain DCs. For example:
**************************
C:\>nltest /dsgetdc:prime.local
DC: \\EXSERVER.prime.local
Address: \\192.168.123.230
Dom Guid: d535512a-2942-4417-94f7-92
Dom Name: prime.local
Forest Name: prime.local
Dc Site Name: Lewisville
Our Site Name: Lewisville
Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE
**************************
It seems to me that this is an issue of these machines not able to read the gpt.ini from these specific servers.
Thanks in advance!
I have noticed the GP Event ID 1058 on several machines on our domain.
When executing gpupdate I receive the following:
**************************
C:\Users\i.mejias>gpupdate
Updating Policy...
User policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows attempted to read the file \\prime.local\SysVol\prime
successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results.
**************************
However, the Computer Policy updates just fine.
I also noticed that it is happening when these machines are trying to read the policy template from certain DCs. For example:
**************************
C:\>nltest /dsgetdc:prime.local
DC: \\EXSERVER.prime.local
Address: \\192.168.123.230
Dom Guid: d535512a-2942-4417-94f7-92
Dom Name: prime.local
Forest Name: prime.local
Dc Site Name: Lewisville
Our Site Name: Lewisville
Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE
**************************
It seems to me that this is an issue of these machines not able to read the gpt.ini from these specific servers.
Thanks in advance!
ASKER
Error Code 3.
**************************
SupportInfo1 4
SupportInfo2 840
ProcessingMode 0
ProcessingTimeInMillisecon
ErrorCode 3
ErrorDescription The system cannot find the path specified.
DCName exserver.prime.local
GPOCNName cn={038673CC-FC77-446E-833
FilePath \\prime.local\SysVol\prime
**************************
However, the above result is from one server throwing the error BUT, from my machine (a regular laptop) I don't see it and it is connecting to the same DC (EXSERVER):
C:\>nltest /dsgetdc:prime.local
DC: \\EXSERVER.prime.local
Address: \\192.168.123.230
Dom Guid: d535512a-2942-4417-94f7-92
Dom Name: prime.local
Forest Name: prime.local
Dc Site Name: Lewisville
Our Site Name: Lewisville
Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE
The command completed successfully
**************************
What I am having trouble with is, understanding why gpupdate would work from my laptop and other users that are connecting to EXSERVER; and not this machine.
**************************
SupportInfo1 4
SupportInfo2 840
ProcessingMode 0
ProcessingTimeInMillisecon
ErrorCode 3
ErrorDescription The system cannot find the path specified.
DCName exserver.prime.local
GPOCNName cn={038673CC-FC77-446E-833
FilePath \\prime.local\SysVol\prime
**************************
However, the above result is from one server throwing the error BUT, from my machine (a regular laptop) I don't see it and it is connecting to the same DC (EXSERVER):
C:\>nltest /dsgetdc:prime.local
DC: \\EXSERVER.prime.local
Address: \\192.168.123.230
Dom Guid: d535512a-2942-4417-94f7-92
Dom Name: prime.local
Forest Name: prime.local
Dc Site Name: Lewisville
Our Site Name: Lewisville
Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE
The command completed successfully
**************************
What I am having trouble with is, understanding why gpupdate would work from my laptop and other users that are connecting to EXSERVER; and not this machine.
ASKER
UPDATE:
After rebooting EXSERVER, this resolved part of the issue. Now, on DC DEVILS (PRC), I keep seeing Event ID 1058 non-stop.
*****************
The processing of Group Policy failed. Windows attempted to read the file \\prime.local\SysVol\prime
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
******************
+ System
- Provider
[ Name] Microsoft-Windows-GroupPol
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4
EventID 1058
Version 0
Level 2
Task 0
Opcode 1
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2013-01-21T17:08:21.869283
EventRecordID 37479
- Correlation
[ ActivityID] {634F57CA-2717-4797-8CB1-3
- Execution
[ ProcessID] 900
[ ThreadID] 1336
Channel System
Computer devils.prime.local
- Security
[ UserID] S-1-5-18
- EventData
SupportInfo1 4
SupportInfo2 816
ProcessingMode 0
ProcessingTimeInMillisecon
ErrorCode 3
ErrorDescription The system cannot find the path specified.
DCName exserver.prime.local
GPOCNName cn={B8016FE8-A031-4BD2-A91
FilePath \\prime.local\SysVol\prime
After rebooting EXSERVER, this resolved part of the issue. Now, on DC DEVILS (PRC), I keep seeing Event ID 1058 non-stop.
*****************
The processing of Group Policy failed. Windows attempted to read the file \\prime.local\SysVol\prime
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
******************
+ System
- Provider
[ Name] Microsoft-Windows-GroupPol
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4
EventID 1058
Version 0
Level 2
Task 0
Opcode 1
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2013-01-21T17:08:21.869283
EventRecordID 37479
- Correlation
[ ActivityID] {634F57CA-2717-4797-8CB1-3
- Execution
[ ProcessID] 900
[ ThreadID] 1336
Channel System
Computer devils.prime.local
- Security
[ UserID] S-1-5-18
- EventData
SupportInfo1 4
SupportInfo2 816
ProcessingMode 0
ProcessingTimeInMillisecon
ErrorCode 3
ErrorDescription The system cannot find the path specified.
DCName exserver.prime.local
GPOCNName cn={B8016FE8-A031-4BD2-A91
FilePath \\prime.local\SysVol\prime
ASKER
Alright, just realized that the C:\Windows\SYSVOL\domain\P
How many subnets/VLANS are the DC's spread over ?
Are you running IPv6 in any subnets ?
Are all of the DCs in the domain 2k8 ?
Are you running IPv6 in any subnets ?
Are all of the DCs in the domain 2k8 ?
ASKER
Thanks -
6 subnets
No IPv6 anywhere
There are 2 or 3 2k3 R2 DCs left
6 subnets
No IPv6 anywhere
There are 2 or 3 2k3 R2 DCs left
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Each subnet represents a different satellite office, so they are remote locations; end they are connecting through a dedicated VPN tunnel.
Thanks. I have run the replmon tool and several 1722 errors and also can see that in 4 DCs several policies have an X next to them.
Thanks. I have run the replmon tool and several 1722 errors and also can see that in 4 DCs several policies have an X next to them.
http://technet.microsoft.com/en-us/library/cc727259(v=ws.10).aspx