Solved

Group Policy Errors

Posted on 2014-12-19
6
33 Views
Last Modified: 2015-06-29
I have errors in my event viewer for group policy that come up every 5 minutes and say:
The processing of Group Policy failed. Windows attempted to read the file \\domain.local\sysvol\domain.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

What I found is that that file path for {6AC1..... is not in that folder. There is a different folder there.  We migrated to this server a few years ago from a server running 2003. I am wondering if something didn't replicate properly.
If that is the case how do I resolve the issue. The old server is no longer available.
When I go into Group Policy Management there are additional GPOs listed for SBS but when I right click and edit it is unable to find the path specified.  

Also when I run gpupdate on the server I get:
C:\Users\username>gpupdate /force
Updating Policy...

User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\domain.local\sysvol\domain.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}
\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and
 could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.

Any help would be great. Let me know if additional info is needed.
Thanks
0
Comment
Question by:invisimax
6 Comments
 
LVL 4

Expert Comment

by:Zsolt Pribusz
ID: 40509847
You seeing these errors on your Domain Controller?
{6AC1786C-016F-11D2-945F-00C04fB984F9} is the GUID of Default Domain Controller Policy
Microsoft default policies can be restored in case of failure. You can use DCGPOFIX to recreate policies. http://technet.microsoft.com/en-us/library/hh875588.aspx
0
 

Author Comment

by:invisimax
ID: 40510030
Thanks for Responding.
I saw that page before, but it says as a last resort to do that so wasn't sure if that is my only option or not.
Yes it is on the DC, its the only server in this environment.
Would you recommend running that command? what are the possible outcomes for issues?
Thanks
0
 
LVL 4

Accepted Solution

by:
Zsolt Pribusz earned 500 total points
ID: 40510149
Recommended action is to restore the GPO with Group Policy Management Console.

http://support2.microsoft.com/?kbid=833783
Microsoft recommends that you use the Group Policy Management Console (GPMC) to create regular backups of these GPOs. You can then use GPMC in conjunction with these backups to restore the exact security settings that are contained in these GPOs.

If you are in a disaster recovery scenario and you do not have any backed up versions of the Default Domain Policy or the Default Domain Controller Policy, you may consider using the Dcgpofix tool. If you use the Dcgpofix tool, Microsoft recommends that as soon as you run it, you review the security settings in these GPOs and manually adjust the security settings to suit your requirements.

I think you don't have a GPO backup, because if you had, then probably already tried to restore the GPO, or the restore didn't solved the issue. So the dcgpofix will be your key to create a standard, not customized GPO for DCs.
Your system will be usable again, and you need to modify the security settings to your needs.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40511450
I would follow this path -

1. on affected server run 'set logonserver' to see which dc it is contacting for GPOs
2. login to that dc and open gpmc.msc Group policy mgmt. console.
3. go to the target ou in gpmc for the affected server
4. if you select a policy and go to the details option in right pane, you can see unique id for each GPO
5. match that id with 6AC1786C-016F-11D2-945F-00C04fB984F9

this will let you know what policy is actually culprit then decide how to correct the issue.

there are multiple things you have to consider based on the policy that is failing but generally replication is the issue or missing access rights on the policy that is defined may cause or in extreme cases you may also consider network firewall as well so you will have to travel further to identify further.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40856634
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now