Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

GPO - Error "Due to the GP Core failure"

Posted on 2013-05-21
10
Medium Priority
?
2,071 Views
Last Modified: 2013-12-11
I have an issue it seems after I added a second DC in a different Location/ different subnet/IP

So now some of my users are not getting GPO's pushed to them

I have attached a screen shot and an output of dcdiag
Capture.PNG
aztc-dcdiag.txt
0
Comment
Question by:Travis Hahn
9 Comments
 

Author Comment

by:Travis Hahn
ID: 39185045
I have also attached GPRESULT
gpresult.txt
0
 

Author Comment

by:Travis Hahn
ID: 39187996
I have made some Changes and this is what I have now:

User policy could not be updated successfully. The following errors were encoun
ered:

The processing of Group Policy failed. Windows attempted to read the file \\azt
adeco.com\SysVol\aztradeco.com\Policies\{7DFE7774-7809-434B-B5EB-8752634B1A65}\
pt.ini from a domain controller and was not successful. Group Policy settings m
y not be applied until this event is resolved. This issue may be transient and
ould be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controlle
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were en
ountered:

The processing of Group Policy failed. Windows could not authenticate to the Ac
ive Directory service on a domain controller. (LDAP Bind function call failed).
Look in the details tab for error code and description.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html
rom the command line to access information about Group Policy results.
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 39188264
Your dcdiag output appears to only include the DNS tests.  Can you run a general dcdiag and post that output?  Also, what happens if you try to manually access \\aztradeco.com\sysvol from a machine that's unable to process Group Policy?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:Travis Hahn
ID: 39188513
I have included the two DC's dcdiag tests.  

AZTC-DC is Primary Running Server 2008 R2- 88.11 IP
AZTC-DC2 is Secondary Running Server 2012 66.11 IP

From a client I can reach \\aztradeco.com\sysvol


It also seems like the client (who is in the 88.11 network) is not getting the 66.11 secondary DNS - Ipconfig only showed the one.

I also just ran DFsrdiag pollad and my 2008 ran no errors, but the 2012 server returned an error:  Access is denied when connecting to WMI services on computer: AZTC-DC2
aztc-dc-dcdiag.txt
aztc-dc2-dcdiag.txt
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 39192361
This usually comes from a GROUP POLICY INCOMPATIBILITY:

I wrote an article about this and published it on EE:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/A_6393-Group-Policy-Compatibility.html

Please critique my article. I like constructive criticism.
0
 

Accepted Solution

by:
Travis Hahn earned 0 total points
ID: 39194426
I have solved the Issue.  It was related to a dfsr database corrupt - I had ro run a command to start the rebuild

wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="043E6D5E-EE88-11E1-93E8-806E6F6E6963" call ResumeReplication
0
 

Author Closing Comment

by:Travis Hahn
ID: 39203927
No other comments were given for resolution
0
 

Expert Comment

by:rmartes
ID: 39710958
Hello jtobak..

I have the same issue.. and would like to run the same command but do not find the path on my server.  How would I go running the command on my server.  I have a win2k8r2.
0
 

Author Comment

by:Travis Hahn
ID: 39711435
I believe I used Powershell
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question