Solved

GPO not applied

Posted on 2014-12-10
4
47 Views
Last Modified: 2016-06-16
Hello All,

Previously I had a problem with my GPOs created on one DC and for some reason it was missing in the other DC. Upon checking and troubleshooting it, I eventually was able to resolve by performing the DFSR authoritative restore. The problem I am facing now is that the password policy GPO linked to Domain would not apply at all. I used the GPCresult /r and of course the GPO in question was not listed as applied. I also applied the GPCupdate.exe but still the GPO in question is not applied. Any ideas or suggestions on how I should proceed on trying to resolve this issue?? Any help or recommendation is greatly appreciated. I am new to GPO concept so you would have to spell it out a little bit for me to understand. Thanks!

Lotusmail1
0
Comment
Question by:lotusmail1
4 Comments
 
LVL 26

Accepted Solution

by:
Dan McFadden earned 250 total points
ID: 40493681
Have you verified that replication is fully functional?  As a start, I would run the following:

1. dcdiag /e /v
2. repadmin /replsummary

Are there errors?

Also, if you know what the file name of the GPO is, does it exist on all DCs?  Are the contents of the following location, the same on all DCs?:  C:\Windows\SYSVOL\sysvol\dpa.com\Policies

Here's a decent link on troubleshooting GPO:  http://www.tech-faq.com/troubleshooting-group-policy.html

Dan
0
 

Author Comment

by:lotusmail1
ID: 40493885
Thanks for your advise. It helped a lot.

Lotusmail1
0
 
LVL 32

Assisted Solution

by:Rodney Barnhardt
Rodney Barnhardt earned 250 total points
ID: 40494265
If you are still having a problem, I would check the FRS logs on each DC to see if you are experiencing any event ID's 13508 or 13568. These indicate JRNL_WRAP_Errors. I had a problem with GPO's randomly not processing correctly a few weeks ago. If you do, here is how to correct it.

Perform the following on one domain controller at a time. Start with the DC that has the JRNL_WRAP_ERROR in the event viewer.
 
Stop the FRS service
 
Click on Start, Run, and type REGEDIT
 
Expand HKEY_LOCAL_MACHINE
Go to the following location:
"System|CurrentControlSet|Services\NtFrs\Parameters\Backup/Restore\Process at Startup"
Double click on the value name "BurFlags"
Change the value to "d2"
 
Restart the FRS service
 
The SYSVOL should be recreated and the data will gradually repopulate. Refresh the event viewer until event ID 13516 appears indicting the rebuild is complete.

Once completed, the system will reset the registry key back. However, as stated above, you have to ensure there are no other replication problems prior to doing this.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
A procedure for exporting installed hotfix details of remote computers using powershell
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now