Link to home
Create AccountLog in
Avatar of TomerLeibovich
TomerLeibovich

asked on

Computer Policy cannot be applied

Hello everyone,

I have Domain Controllers running server 2008R2 and 2 domain members running 2012R2.
I am trying to apply group policy and keep getting the same error on both members:

Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more
of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

First thing I thought that it is SID, so I ran sysprep again, just to make sure, but it did not helped.
Also tried:
1. renaming servers
2. re-joining the domain

Thanks in advance for any help.
Avatar of Radhakrishnan
Radhakrishnan
Flag of India image

Hi,

How many Dc's you have in the network? make sure it's replicating to each other?. Check the "DFS Replication" or "File Replication" logs for any Jurnal_Wrap error?

Sound like replication issue here.
Avatar of TomerLeibovich
TomerLeibovich

ASKER

Hi,

No, there are no failed events on "DFS Replication" logs.
Hi,

If already not tried, could you check the below things?

Stop windows firewall service (start>>run>>services.msc) and check gpupdate /force

Did you changed your DNS address in the server's network card properties? if so, can you make the preferred DNS itself and alternate to another DNS server?

Also, worth to check the Integrity check onto the DC's (using ntdsutil for NTDS.DIT) and make sure that the ntds.dit is fine on all the DC's.
If it's not a DNS issue as suggested above:  Are you using the latest ADMX files for group policy?  If not, I recommend downloading and installing them, as it might be a mismatch between the ADMX version and the 2012 R2 servers:

https://www.microsoft.com/en-us/download/details.aspx?id=43413
Are the IP addresses of DNS correct?

Sudeep
IP addresses of the DNS are correct - they map to the domain controllers and I don't have a problem to ping and resolve any of the hosts.
I also tried the ADMX and it did not helped as well.

I'm attaching here the gpresult file, maybe one of you guys can found the issue there.
gpreport2.html
That report clearly shows that no group policies other than the local GPO are being applied.  Can you please provide a printout of the configuration of the group policy showing the Scope, Details, Settings and Delegation tabs?
Attached are the screenshots of the GPO
delegation.PNG
scope.PNG
details.PNG
settings.PNG
ASKER CERTIFIED SOLUTION
Avatar of Hypercat (Deb)
Hypercat (Deb)
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Thanks for the comment.
I've done it but there is no progress on this matter.
Getting the same error
Solved.
I've re-joined the domain (one more..)
Run setspn -R hostname
dis-join the domain
restart
re-joined domain.
Worked.

Thanks everyone
This solution with resetting SPN helped.