Solved

GPO - Error "Due to the GP Core failure"

Posted on 2013-05-21
10
1,387 Views
Last Modified: 2013-12-11
I have an issue it seems after I added a second DC in a different Location/ different subnet/IP

So now some of my users are not getting GPO's pushed to them

I have attached a screen shot and an output of dcdiag
Capture.PNG
aztc-dcdiag.txt
0
Comment
Question by:Travis Hahn
10 Comments
 

Author Comment

by:Travis Hahn
ID: 39185045
I have also attached GPRESULT
gpresult.txt
0
 

Author Comment

by:Travis Hahn
ID: 39187996
I have made some Changes and this is what I have now:

User policy could not be updated successfully. The following errors were encoun
ered:

The processing of Group Policy failed. Windows attempted to read the file \\azt
adeco.com\SysVol\aztradeco.com\Policies\{7DFE7774-7809-434B-B5EB-8752634B1A65}\
pt.ini from a domain controller and was not successful. Group Policy settings m
y not be applied until this event is resolved. This issue may be transient and
ould be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controlle
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were en
ountered:

The processing of Group Policy failed. Windows could not authenticate to the Ac
ive Directory service on a domain controller. (LDAP Bind function call failed).
Look in the details tab for error code and description.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html
rom the command line to access information about Group Policy results.
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 39188264
Your dcdiag output appears to only include the DNS tests.  Can you run a general dcdiag and post that output?  Also, what happens if you try to manually access \\aztradeco.com\sysvol from a machine that's unable to process Group Policy?
0
 

Author Comment

by:Travis Hahn
ID: 39188513
I have included the two DC's dcdiag tests.  

AZTC-DC is Primary Running Server 2008 R2- 88.11 IP
AZTC-DC2 is Secondary Running Server 2012 66.11 IP

From a client I can reach \\aztradeco.com\sysvol


It also seems like the client (who is in the 88.11 network) is not getting the 66.11 secondary DNS - Ipconfig only showed the one.

I also just ran DFsrdiag pollad and my 2008 ran no errors, but the 2012 server returned an error:  Access is denied when connecting to WMI services on computer: AZTC-DC2
aztc-dc-dcdiag.txt
aztc-dc2-dcdiag.txt
0
Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 
LVL 38

Expert Comment

by:ChiefIT
ID: 39192361
This usually comes from a GROUP POLICY INCOMPATIBILITY:

I wrote an article about this and published it on EE:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/A_6393-Group-Policy-Compatibility.html

Please critique my article. I like constructive criticism.
0
 

Accepted Solution

by:
Travis Hahn earned 0 total points
ID: 39194426
I have solved the Issue.  It was related to a dfsr database corrupt - I had ro run a command to start the rebuild

wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="043E6D5E-EE88-11E1-93E8-806E6F6E6963" call ResumeReplication
0
 

Author Closing Comment

by:Travis Hahn
ID: 39203927
No other comments were given for resolution
0
 

Expert Comment

by:rmartes
ID: 39710958
Hello jtobak..

I have the same issue.. and would like to run the same command but do not find the path on my server.  How would I go running the command on my server.  I have a win2k8r2.
0
 

Author Comment

by:Travis Hahn
ID: 39711435
I believe I used Powershell
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now