GPO - Error "Due to the GP Core failure"

I have an issue it seems after I added a second DC in a different Location/ different subnet/IP

So now some of my users are not getting GPO's pushed to them

I have attached a screen shot and an output of dcdiag
Travis HahnAsked:
Who is Participating?
Travis HahnConnect With a Mentor Author Commented:
I have solved the Issue.  It was related to a dfsr database corrupt - I had ro run a command to start the rebuild

wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="043E6D5E-EE88-11E1-93E8-806E6F6E6963" call ResumeReplication
Travis HahnAuthor Commented:
I have also attached GPRESULT
Travis HahnAuthor Commented:
I have made some Changes and this is what I have now:

User policy could not be updated successfully. The following errors were encoun

The processing of Group Policy failed. Windows attempted to read the file \\azt\SysVol\\Policies\{7DFE7774-7809-434B-B5EB-8752634B1A65}\
pt.ini from a domain controller and was not successful. Group Policy settings m
y not be applied until this event is resolved. This issue may be transient and
ould be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controlle
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were en

The processing of Group Policy failed. Windows could not authenticate to the Ac
ive Directory service on a domain controller. (LDAP Bind function call failed).
Look in the details tab for error code and description.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html
rom the command line to access information about Group Policy results.
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Your dcdiag output appears to only include the DNS tests.  Can you run a general dcdiag and post that output?  Also, what happens if you try to manually access \\\sysvol from a machine that's unable to process Group Policy?
Travis HahnAuthor Commented:
I have included the two DC's dcdiag tests.  

AZTC-DC is Primary Running Server 2008 R2- 88.11 IP
AZTC-DC2 is Secondary Running Server 2012 66.11 IP

From a client I can reach \\\sysvol

It also seems like the client (who is in the 88.11 network) is not getting the 66.11 secondary DNS - Ipconfig only showed the one.

I also just ran DFsrdiag pollad and my 2008 ran no errors, but the 2012 server returned an error:  Access is denied when connecting to WMI services on computer: AZTC-DC2
This usually comes from a GROUP POLICY INCOMPATIBILITY:

I wrote an article about this and published it on EE:

Please critique my article. I like constructive criticism.
Travis HahnAuthor Commented:
No other comments were given for resolution
Hello jtobak..

I have the same issue.. and would like to run the same command but do not find the path on my server.  How would I go running the command on my server.  I have a win2k8r2.
Travis HahnAuthor Commented:
I believe I used Powershell
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.