Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Random Group Policy Outage for Site to Zone Assignment

Posted on 2014-01-31
5
Medium Priority
?
679 Views
Last Modified: 2014-11-11
Looking into an issue where a fairly important policy that published trusted sites failed to load on a decent number of client machines (I believe mixture of Win7/XP).  End users were getting errors on internal apps that depended on those trusted sites being in place.  This seems to have happened for about 15-20 minutes but it caused a fairly large ripple.  I am trying to troubleshoot and haven't found much.  A colleague was working on another policy which he originally thought may have been a factor but the settings involved aren't applicable and they tested loopback processing in merge (not replace) mode.
On one DC I found two repeats of a 1085 Group Policy Error that fell into the time frame but  I can't find any info out there on this message: Windows failed to apply the ConfigMgr User State Management Extension. settings. ConfigMgr User State Management Extension
0
Comment
Question by:mcburn13
  • 4
5 Comments
 
LVL 4

Expert Comment

by:amclaughlin01
ID: 39825416
If servers were replicating AD and GPOs, it is possible that there might have been a disconnect during that replication.

Are there any computers still experiencing the problem?  If so, you could try running gpresult /r on one of them to verify they are running the correct policies.
0
 
LVL 1

Author Comment

by:mcburn13
ID: 39829645
didn't see any replication errors, and this only happened for about 15-20 minutes.  Going to attempt do enable GP diagnostic logging in case this happens again but if anyone knows of any known issues where a policy will just not apply for no good reason please post here...
0
 
LVL 1

Author Comment

by:mcburn13
ID: 39842579
Still haven't really found any good info on this; all forum/newsgroup/microsoft documentation points to possible misconfiguration issues with the GPO (or other policies), DNS or Replication

I think the best solution is to do some sort of auditing on your group policies either via 3rd party tool like ManageEngine, along with verbose logging.  Can also implement Microsoft Advanced Group Management which comes with Software Assurance.
0
 
LVL 1

Accepted Solution

by:
mcburn13 earned 0 total points
ID: 40426710
My best solution was to:
a) not use wildcards before a subdomain b) not use a slash or anything trailing the .suffix of the URL c) don't use port numbers

Another way to troubleshoot is to import the policy into a lab and remove the URLs one by one, running GPResults each time until it comes up clean- once it does you know the last one you removed was the culprit (tedious but works!)
0
 
LVL 1

Author Closing Comment

by:mcburn13
ID: 40434609
no other acceptable recommendation was given
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question