Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 43
  • Last Modified:

Group Policy Errors

I have errors in my event viewer for group policy that come up every 5 minutes and say:
The processing of Group Policy failed. Windows attempted to read the file \\domain.local\sysvol\domain.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

What I found is that that file path for {6AC1..... is not in that folder. There is a different folder there.  We migrated to this server a few years ago from a server running 2003. I am wondering if something didn't replicate properly.
If that is the case how do I resolve the issue. The old server is no longer available.
When I go into Group Policy Management there are additional GPOs listed for SBS but when I right click and edit it is unable to find the path specified.  

Also when I run gpupdate on the server I get:
C:\Users\username>gpupdate /force
Updating Policy...

User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\domain.local\sysvol\domain.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}
\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and
 could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.

Any help would be great. Let me know if additional info is needed.
Thanks
0
invisimax
Asked:
invisimax
1 Solution
 
Zsolt PribuszCommented:
You seeing these errors on your Domain Controller?
{6AC1786C-016F-11D2-945F-00C04fB984F9} is the GUID of Default Domain Controller Policy
Microsoft default policies can be restored in case of failure. You can use DCGPOFIX to recreate policies. http://technet.microsoft.com/en-us/library/hh875588.aspx
0
 
invisimaxAuthor Commented:
Thanks for Responding.
I saw that page before, but it says as a last resort to do that so wasn't sure if that is my only option or not.
Yes it is on the DC, its the only server in this environment.
Would you recommend running that command? what are the possible outcomes for issues?
Thanks
0
 
Zsolt PribuszCommented:
Recommended action is to restore the GPO with Group Policy Management Console.

http://support2.microsoft.com/?kbid=833783
Microsoft recommends that you use the Group Policy Management Console (GPMC) to create regular backups of these GPOs. You can then use GPMC in conjunction with these backups to restore the exact security settings that are contained in these GPOs.

If you are in a disaster recovery scenario and you do not have any backed up versions of the Default Domain Policy or the Default Domain Controller Policy, you may consider using the Dcgpofix tool. If you use the Dcgpofix tool, Microsoft recommends that as soon as you run it, you review the security settings in these GPOs and manually adjust the security settings to suit your requirements.

I think you don't have a GPO backup, because if you had, then probably already tried to restore the GPO, or the restore didn't solved the issue. So the dcgpofix will be your key to create a standard, not customized GPO for DCs.
Your system will be usable again, and you need to modify the security settings to your needs.
0
 
Pramod UbheCommented:
I would follow this path -

1. on affected server run 'set logonserver' to see which dc it is contacting for GPOs
2. login to that dc and open gpmc.msc Group policy mgmt. console.
3. go to the target ou in gpmc for the affected server
4. if you select a policy and go to the details option in right pane, you can see unique id for each GPO
5. match that id with 6AC1786C-016F-11D2-945F-00C04fB984F9

this will let you know what policy is actually culprit then decide how to correct the issue.

there are multiple things you have to consider based on the policy that is failing but generally replication is the issue or missing access rights on the policy that is defined may cause or in extreme cases you may also consider network firewall as well so you will have to travel further to identify further.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now