Solved

Random Group Policy Outage for Site to Zone Assignment

Posted on 2014-01-31
5
613 Views
Last Modified: 2014-11-11
Looking into an issue where a fairly important policy that published trusted sites failed to load on a decent number of client machines (I believe mixture of Win7/XP).  End users were getting errors on internal apps that depended on those trusted sites being in place.  This seems to have happened for about 15-20 minutes but it caused a fairly large ripple.  I am trying to troubleshoot and haven't found much.  A colleague was working on another policy which he originally thought may have been a factor but the settings involved aren't applicable and they tested loopback processing in merge (not replace) mode.
On one DC I found two repeats of a 1085 Group Policy Error that fell into the time frame but  I can't find any info out there on this message: Windows failed to apply the ConfigMgr User State Management Extension. settings. ConfigMgr User State Management Extension
0
Comment
Question by:mcburn13
  • 4
5 Comments
 
LVL 4

Expert Comment

by:amclaughlin01
ID: 39825416
If servers were replicating AD and GPOs, it is possible that there might have been a disconnect during that replication.

Are there any computers still experiencing the problem?  If so, you could try running gpresult /r on one of them to verify they are running the correct policies.
0
 
LVL 1

Author Comment

by:mcburn13
ID: 39829645
didn't see any replication errors, and this only happened for about 15-20 minutes.  Going to attempt do enable GP diagnostic logging in case this happens again but if anyone knows of any known issues where a policy will just not apply for no good reason please post here...
0
 
LVL 1

Author Comment

by:mcburn13
ID: 39842579
Still haven't really found any good info on this; all forum/newsgroup/microsoft documentation points to possible misconfiguration issues with the GPO (or other policies), DNS or Replication

I think the best solution is to do some sort of auditing on your group policies either via 3rd party tool like ManageEngine, along with verbose logging.  Can also implement Microsoft Advanced Group Management which comes with Software Assurance.
0
 
LVL 1

Accepted Solution

by:
mcburn13 earned 0 total points
ID: 40426710
My best solution was to:
a) not use wildcards before a subdomain b) not use a slash or anything trailing the .suffix of the URL c) don't use port numbers

Another way to troubleshoot is to import the policy into a lab and remove the URLs one by one, running GPResults each time until it comes up clean- once it does you know the last one you removed was the culprit (tedious but works!)
0
 
LVL 1

Author Closing Comment

by:mcburn13
ID: 40434609
no other acceptable recommendation was given
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question