Solved

Group Policy Errors

Posted on 2014-12-19
6
28 Views
Last Modified: 2015-06-29
I have errors in my event viewer for group policy that come up every 5 minutes and say:
The processing of Group Policy failed. Windows attempted to read the file \\domain.local\sysvol\domain.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

What I found is that that file path for {6AC1..... is not in that folder. There is a different folder there.  We migrated to this server a few years ago from a server running 2003. I am wondering if something didn't replicate properly.
If that is the case how do I resolve the issue. The old server is no longer available.
When I go into Group Policy Management there are additional GPOs listed for SBS but when I right click and edit it is unable to find the path specified.  

Also when I run gpupdate on the server I get:
C:\Users\username>gpupdate /force
Updating Policy...

User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\domain.local\sysvol\domain.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}
\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and
 could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.

Any help would be great. Let me know if additional info is needed.
Thanks
0
Comment
Question by:invisimax
6 Comments
 
LVL 4

Expert Comment

by:Zsolt Pribusz
Comment Utility
You seeing these errors on your Domain Controller?
{6AC1786C-016F-11D2-945F-00C04fB984F9} is the GUID of Default Domain Controller Policy
Microsoft default policies can be restored in case of failure. You can use DCGPOFIX to recreate policies. http://technet.microsoft.com/en-us/library/hh875588.aspx
0
 

Author Comment

by:invisimax
Comment Utility
Thanks for Responding.
I saw that page before, but it says as a last resort to do that so wasn't sure if that is my only option or not.
Yes it is on the DC, its the only server in this environment.
Would you recommend running that command? what are the possible outcomes for issues?
Thanks
0
 
LVL 4

Accepted Solution

by:
Zsolt Pribusz earned 500 total points
Comment Utility
Recommended action is to restore the GPO with Group Policy Management Console.

http://support2.microsoft.com/?kbid=833783
Microsoft recommends that you use the Group Policy Management Console (GPMC) to create regular backups of these GPOs. You can then use GPMC in conjunction with these backups to restore the exact security settings that are contained in these GPOs.

If you are in a disaster recovery scenario and you do not have any backed up versions of the Default Domain Policy or the Default Domain Controller Policy, you may consider using the Dcgpofix tool. If you use the Dcgpofix tool, Microsoft recommends that as soon as you run it, you review the security settings in these GPOs and manually adjust the security settings to suit your requirements.

I think you don't have a GPO backup, because if you had, then probably already tried to restore the GPO, or the restore didn't solved the issue. So the dcgpofix will be your key to create a standard, not customized GPO for DCs.
Your system will be usable again, and you need to modify the security settings to your needs.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
Comment Utility
I would follow this path -

1. on affected server run 'set logonserver' to see which dc it is contacting for GPOs
2. login to that dc and open gpmc.msc Group policy mgmt. console.
3. go to the target ou in gpmc for the affected server
4. if you select a policy and go to the details option in right pane, you can see unique id for each GPO
5. match that id with 6AC1786C-016F-11D2-945F-00C04fB984F9

this will let you know what policy is actually culprit then decide how to correct the issue.

there are multiple things you have to consider based on the policy that is failing but generally replication is the issue or missing access rights on the policy that is defined may cause or in extreme cases you may also consider network firewall as well so you will have to travel further to identify further.
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now