Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Terminal Server 2008 R2 - problem with group policies being applied to new TS users

Posted on 2013-11-21
4
Medium Priority
?
1,833 Views
Last Modified: 2013-11-30
I have this weird problem with my client's terminal server (running on Windows 2008 R2 Standard):

Whenever a new TS user logs in to it, it doesn't process any of the group policies for that user, and the main group policies they care about are the folder redirection policies. Whenever I do a "gpupdate/force" from the command prompt for that user, it says:

"The processing of Group Policy failed. Windows attempted to read the file \\JS.local\SysVol\JS.local\Policies\{999A1BB5-8445-4971-BD62-869194262288}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this even is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following error were encountered:"

etc. etc.

This happened with a user recently when they first logged on to the TS server, but I got it resolved by disjoining the TS server and rejoining it to the domain. The user logged on after that and all group policies applied just fine and he sees his redirected folders just fine.

Now we put another user in the RDP security group and have logged on to the TS server as that user, and the same issue is happening again. And what is weird is that once this happens, if I try to to "gpupdate/force" as the domain admin, it still gives me the same error - so it seems the error is not user specific.

I ran GPRESULT /H GPReport.html as suggested in the error, and the main issue probably comes from the verbiage that says:

"Group Policy Infrastructure failed due to the error listed below.
The system cannot find the path specified.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 11/19/2013 9:24:32 AM and 11/19/2013 9:24:33 AM."

This error only happens on the TS server with any user I try, including the domain admin. I can run "gpupdate/force" on all other machines and servers just fine with no errors.

Any help is much appreciated! I just can't be disjoining and rejoining the TS server to the domain for every new TS user that comes along.
0
Comment
Question by:jbridgman-qds
  • 3
4 Comments
 

Accepted Solution

by:
jbridgman-qds earned 0 total points
ID: 39666888
Well, tried removing the offending Group Policy referenced above. Ran "gpupdate/force" and gave the same error but with a different Group Policy. Removed THAT GP and now it seems to be working well.

Wonder what could be causing two of my newest GP's to give errors like that?
0
 
LVL 25

Assisted Solution

by:Coralon
Coralon earned 2000 total points
ID: 39670789
First thing I would do is create a new OU, block inheritance on it, and during the off hours, I'd move the server to that OU.  Then create a user and check your policy stuff.  In theory, nothing should happen, since there are no policies.
Next, create a small test policy with only 1 setting in both sections (Computer & User) (something easily visible).  Be sure you turn on Loopback processing [replace mode] and see if you still get an error.

If you do - then you may have an issue with the GP infrastructure, or the GP engine on the RDS box.  
If you do not get an error, then it's likely your GPO is corrupt, and just building a new one should solve it.

If it is the first problem (GP issue), then you can try either rebuilding the existing RDS box, or if you have a virtual environment, put together a quick virtual RDS box, and again, test the policy.   Again, if you have an error, then it's your DC's, if not, then you will definitely have to rebuild the main RDS box.

Ultimately, if you have a DC GP problem, that's going to take some very serious research to resolve.  I'd be looking at calling MS and spending the $249 (or whatever the current price is) to get it fixed.  

Coralon
0
 

Author Comment

by:jbridgman-qds
ID: 39675052
I appreciate the tip! I'll give that a try maybe this week and see how things turn out.
0
 

Author Closing Comment

by:jbridgman-qds
ID: 39686655
Removed offending GPO's and solved the issue (at least temporarily) before any comments were given as possible solutions.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question