Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

GPO - Error "Due to the GP Core failure"

Posted on 2013-05-21
10
Medium Priority
?
1,988 Views
Last Modified: 2013-12-11
I have an issue it seems after I added a second DC in a different Location/ different subnet/IP

So now some of my users are not getting GPO's pushed to them

I have attached a screen shot and an output of dcdiag
Capture.PNG
aztc-dcdiag.txt
0
Comment
Question by:Travis Hahn
10 Comments
 

Author Comment

by:Travis Hahn
ID: 39185045
I have also attached GPRESULT
gpresult.txt
0
 

Author Comment

by:Travis Hahn
ID: 39187996
I have made some Changes and this is what I have now:

User policy could not be updated successfully. The following errors were encoun
ered:

The processing of Group Policy failed. Windows attempted to read the file \\azt
adeco.com\SysVol\aztradeco.com\Policies\{7DFE7774-7809-434B-B5EB-8752634B1A65}\
pt.ini from a domain controller and was not successful. Group Policy settings m
y not be applied until this event is resolved. This issue may be transient and
ould be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controlle
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were en
ountered:

The processing of Group Policy failed. Windows could not authenticate to the Ac
ive Directory service on a domain controller. (LDAP Bind function call failed).
Look in the details tab for error code and description.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html
rom the command line to access information about Group Policy results.
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 39188264
Your dcdiag output appears to only include the DNS tests.  Can you run a general dcdiag and post that output?  Also, what happens if you try to manually access \\aztradeco.com\sysvol from a machine that's unable to process Group Policy?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:Travis Hahn
ID: 39188513
I have included the two DC's dcdiag tests.  

AZTC-DC is Primary Running Server 2008 R2- 88.11 IP
AZTC-DC2 is Secondary Running Server 2012 66.11 IP

From a client I can reach \\aztradeco.com\sysvol


It also seems like the client (who is in the 88.11 network) is not getting the 66.11 secondary DNS - Ipconfig only showed the one.

I also just ran DFsrdiag pollad and my 2008 ran no errors, but the 2012 server returned an error:  Access is denied when connecting to WMI services on computer: AZTC-DC2
aztc-dc-dcdiag.txt
aztc-dc2-dcdiag.txt
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 39192361
This usually comes from a GROUP POLICY INCOMPATIBILITY:

I wrote an article about this and published it on EE:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/A_6393-Group-Policy-Compatibility.html

Please critique my article. I like constructive criticism.
0
 

Accepted Solution

by:
Travis Hahn earned 0 total points
ID: 39194426
I have solved the Issue.  It was related to a dfsr database corrupt - I had ro run a command to start the rebuild

wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="043E6D5E-EE88-11E1-93E8-806E6F6E6963" call ResumeReplication
0
 

Author Closing Comment

by:Travis Hahn
ID: 39203927
No other comments were given for resolution
0
 

Expert Comment

by:rmartes
ID: 39710958
Hello jtobak..

I have the same issue.. and would like to run the same command but do not find the path on my server.  How would I go running the command on my server.  I have a win2k8r2.
0
 

Author Comment

by:Travis Hahn
ID: 39711435
I believe I used Powershell
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question