If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.
Remote Group Policy Update error code 8007071a - remote procedure procedure call was cancelled
Using AD 2012 - do a Group Policy Update from the Group Policy MMC to all servers in the Domain and I get the eror :-
Computer Name , 8007071a , Error The Romote procedure call was cancelled.
Not sure if it stops the polcy being pushed out to the server. I have looked at the link to check what ports are needed open from the the DC's. All seemed covered as in the list in the link below
http://technet.microsoft.com/en-gb/library/dd772723%28v=ws.10%29.aspx
Appreciate if soemone have enlighten me how to resolve this and what is NOT beign replicated
Computer Name , 8007071a , Error The Romote procedure call was cancelled.
Not sure if it stops the polcy being pushed out to the server. I have looked at the link to check what ports are needed open from the the DC's. All seemed covered as in the list in the link below
http://technet.microsoft.com/en-gb/library/dd772723%28v=ws.10%29.aspx
Appreciate if soemone have enlighten me how to resolve this and what is NOT beign replicated
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
LVL 1
What happens if you go to the receiving servers and issue a gpupdate /force then a gpresult /v
The gpupdate /force complets and the gpresult /v seems to report no errors, see output below, :-
C:\Users\supps>gpresult /v
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
c 2013 Microsoft Corporation. All rights reserved.
Created on 12/18/2014 at 4:04:54 PM
RSOP data for EUW01\supps on EUW01-DC-001 : Logging Mode
--------------------------
OS Configuration: Primary Domain Controller
OS Version: 6.3.9600
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\supps
Connected over a slow link?: No
USER SETTINGS
--------------
CN=Paul Smith,OU=Infrastructure,OU
,DC=intamac,DC=com
Last time Group Policy was applied: 12/18/2014 at 2:36:25 PM
Group Policy was applied from: euw01-dc-001.euw01.intamac
Group Policy slow link threshold: 500 kbps
Domain Name: EUW01
Domain Type: Windows 2008 or later
Applied Group Policy Objects
--------------------------
N/A
The following GPOs were not applied because they were filtered out
--------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
--------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
BUILTIN\Administrators
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Infastructure
Domain Admins
Enterprise Admins
Authentication authority asserted identity
Denied RODC Password Replication Group
High Mandatory Level
The user has the following security privileges
--------------------------
Resultant Set Of Policies for User
--------------------------
Software Installations
----------------------
N/A
Logon Scripts
-------------
N/A
Logoff Scripts
--------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
N/A
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
--------------------------
N/A
Internet Explorer Connection
--------------------------
N/A
Internet Explorer URLs
----------------------
N/A
Internet Explorer Security
--------------------------
N/A
Internet Explorer Programs
--------------------------
N/A
C:\Users\supps>gpresult /v
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
c 2013 Microsoft Corporation. All rights reserved.
Created on 12/18/2014 at 4:04:54 PM
RSOP data for EUW01\supps on EUW01-DC-001 : Logging Mode
--------------------------
OS Configuration: Primary Domain Controller
OS Version: 6.3.9600
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\supps
Connected over a slow link?: No
USER SETTINGS
--------------
CN=Paul Smith,OU=Infrastructure,OU
,DC=intamac,DC=com
Last time Group Policy was applied: 12/18/2014 at 2:36:25 PM
Group Policy was applied from: euw01-dc-001.euw01.intamac
Group Policy slow link threshold: 500 kbps
Domain Name: EUW01
Domain Type: Windows 2008 or later
Applied Group Policy Objects
--------------------------
N/A
The following GPOs were not applied because they were filtered out
--------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
--------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
BUILTIN\Administrators
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Infastructure
Domain Admins
Enterprise Admins
Authentication authority asserted identity
Denied RODC Password Replication Group
High Mandatory Level
The user has the following security privileges
--------------------------
Resultant Set Of Policies for User
--------------------------
Software Installations
----------------------
N/A
Logon Scripts
-------------
N/A
Logoff Scripts
--------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
N/A
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
--------------------------
N/A
Internet Explorer Connection
--------------------------
N/A
Internet Explorer URLs
----------------------
N/A
Internet Explorer Security
--------------------------
N/A
Internet Explorer Programs
--------------------------
N/A
I have to wonder if you still have a firewall issue if the update runs when run locally on the other servers.
I had one server network card that thought it was not in the domain for some reason so the firewalls ports were still blocked.
If you run this from a command prompt on the receiving servers you will fully turn off the firewalls. Then try the remote update and see if you get the same errors.
NetSh Advfirewall set allprofiles state off
Speaking of have you tried the remote update since you did the GPupdate /force?
Lastly It also could be WMI related see the link below it talks about the process for updates. You might try to rebuild WMI on the servers.
http://technet.microsoft.com/en-us/library/jj134201.aspx
I had one server network card that thought it was not in the domain for some reason so the firewalls ports were still blocked.
If you run this from a command prompt on the receiving servers you will fully turn off the firewalls. Then try the remote update and see if you get the same errors.
NetSh Advfirewall set allprofiles state off
Speaking of have you tried the remote update since you did the GPupdate /force?
Lastly It also could be WMI related see the link below it talks about the process for updates. You might try to rebuild WMI on the servers.
http://technet.microsoft.com/en-us/library/jj134201.aspx
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Firewall command prompts can be found here:
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/Admin/QuicklyTurnONOFFWindowsFirewallUsingCommandLine.html
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/Admin/QuicklyTurnONOFFWindowsFirewallUsingCommandLine.html
Yes, we are running within the AWS cloud environment. It is slightly differnet in that you setup security groups on member servers to allow tarffic into it. TO make it wasier, I allowed the DC's to be able to communicate over any ports ONLY to the member server. Although I added all the ports as per the URL I provided from Microsoft this obviously needed another port not documented. within the policy, all firewalling is turned off.
Well can you post that port in case someone else has this issue, it will help them in the future! Nice fix!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.