Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Random Group Policy Outage for Site to Zone Assignment

Posted on 2014-01-31
5
Medium Priority
?
665 Views
Last Modified: 2014-11-11
Looking into an issue where a fairly important policy that published trusted sites failed to load on a decent number of client machines (I believe mixture of Win7/XP).  End users were getting errors on internal apps that depended on those trusted sites being in place.  This seems to have happened for about 15-20 minutes but it caused a fairly large ripple.  I am trying to troubleshoot and haven't found much.  A colleague was working on another policy which he originally thought may have been a factor but the settings involved aren't applicable and they tested loopback processing in merge (not replace) mode.
On one DC I found two repeats of a 1085 Group Policy Error that fell into the time frame but  I can't find any info out there on this message: Windows failed to apply the ConfigMgr User State Management Extension. settings. ConfigMgr User State Management Extension
0
Comment
Question by:mcburn13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 4

Expert Comment

by:amclaughlin01
ID: 39825416
If servers were replicating AD and GPOs, it is possible that there might have been a disconnect during that replication.

Are there any computers still experiencing the problem?  If so, you could try running gpresult /r on one of them to verify they are running the correct policies.
0
 
LVL 1

Author Comment

by:mcburn13
ID: 39829645
didn't see any replication errors, and this only happened for about 15-20 minutes.  Going to attempt do enable GP diagnostic logging in case this happens again but if anyone knows of any known issues where a policy will just not apply for no good reason please post here...
0
 
LVL 1

Author Comment

by:mcburn13
ID: 39842579
Still haven't really found any good info on this; all forum/newsgroup/microsoft documentation points to possible misconfiguration issues with the GPO (or other policies), DNS or Replication

I think the best solution is to do some sort of auditing on your group policies either via 3rd party tool like ManageEngine, along with verbose logging.  Can also implement Microsoft Advanced Group Management which comes with Software Assurance.
0
 
LVL 1

Accepted Solution

by:
mcburn13 earned 0 total points
ID: 40426710
My best solution was to:
a) not use wildcards before a subdomain b) not use a slash or anything trailing the .suffix of the URL c) don't use port numbers

Another way to troubleshoot is to import the policy into a lab and remove the URLs one by one, running GPResults each time until it comes up clean- once it does you know the last one you removed was the culprit (tedious but works!)
0
 
LVL 1

Author Closing Comment

by:mcburn13
ID: 40434609
no other acceptable recommendation was given
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Here's a look at newsworthy articles and community happenings during the last month.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question