[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

GPs are reading as inaccessible

Posted on 2016-08-19
7
Medium Priority
?
66 Views
Last Modified: 2016-08-20
Environment is two 2012 DCs at 2008 R2 Forest and domain functional level.

All of my group policies are showing inaccessible.  Even new ones I create and scoped to OUs and users.  

The two DCs replicate fine.  Permissions on the sysvol have not changed.  I checked permissions and they are as they should be.  

The network has been static for some time now.  No new software, new hardware, nothing.

I'm checking even logs now but was hoping for some ideas on where to look.

Thanks

Cliff

PS: name of the policy is showing as GUID, not policy name.  I have found numerous posts around the net but none of those fixes worked.
0
Comment
Question by:crp0499
7 Comments
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 41763297
What, if any, errors do you receive when you perform a gpupdate /force from a workstation or server?
0
 

Author Comment

by:crp0499
ID: 41763302
It reports a successful update.

I am seeing in the log, two things.  One is that the network path is inaccessible

and I see network sharing is not turned on and when I turn it on, it goes right back off.
0
 
LVL 4

Expert Comment

by:david_tocker
ID: 41763542
Sounds like you have a Journal wrap error.
Check the File Replication Service log on your domain controller(s) and you may need to follow the steps below to restore replication for your group policy objects which are stored on the netlogon volume:

https://support.microsoft.com/en-nz/kb/290762
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
LVL 18

Accepted Solution

by:
Sushil Sonawane earned 2000 total points
ID: 41763560
Please check on GP user might be having read deny permission due to user not able to read GPO name correctly.

Also check on client system policy working fine or not.
0
 
LVL 1

Expert Comment

by:saumik belel
ID: 41763583
It's been how many days you have restarted your domain controllers.

Kindly check for error events in event-viewer- File replication services.  

Also run Dcdiag /test:dns & let us know the result.
0
 

Author Closing Comment

by:crp0499
ID: 41763608
That was it.  Somehow, the authenticated users group no longer had read permissions on the GPs.
0
 
LVL 1

Expert Comment

by:saumik belel
ID: 41763609
Check the Status of the SYSVOL and Netlogon Shares

1. On the Start menu, point to Administrative Tools, and then click Services.

2. Verify that the DFS Replication service and the Netlogon service have a status of Started. If a service is stopped, click Restart.

3. Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Domain Admins credentials, if required, and then click Continue.

4.To verify that the SYSVOL tree includes the sysvol and scripts shared folders, at the command prompt, type the following command, and then press ENTER:
net share

5. Check the list to be sure that it includes %systemroot%\SYSVOL\sysvol\ (the SYSVOL share) and %systemroot%\SYSVOL\sysvol\<Domain Name>\SCRIPTS (the NETLOGON share), where <Domain Name> is the domain of the new domain controller.

Note:
If neither %systemroot%\SYSVOL\sysvol\ nor %systemroot%\SYSVOL\sysvol\<Domain Name>\SCRIPTS are present, see Verify Active Directory Replication.

6. Verify that the proper permissions are set for SYSVOL replication. At the command prompt, type the following command, and then press ENTER:
dcdiag /test:netlogons
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Suggested Courses

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question