Solved

Server 2008 + IE11 Group Policy

Posted on 2016-09-12
22
19 Views
Last Modified: 2016-10-03
I have a 2008 server and using group policy I am unable to apply the internet explorer 11 settings using control panel and internet settings policy.

I am using the RASAT tools with windows 10 but the error is below.

When I run GPRESULT it says " internet settings settings could not be applied" ERROR: could not find the file specified.

Anyone any ideas?

IE11 with with windows 7 is my environment

Ta
A
0
Comment
Question by:iTekCS
  • 12
  • 10
22 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 41795471
with windows 10 RSAT machine you cannot find IE maintenance options, they are removed from win8 and above machines

You need to use either win7 / 2008 R2 with RSAT and with IE version up to 9
If you install IE version 10 on win7 /2008 R2, you will lose thse IE maintenance options, this is by design because IE 10 did not support IE maintenance options and win8 and above also do not support that options

If you have machines with win8 \ 8.1 \ win 10 or machines having IE 10 and 11, then use RAST machine with IE 10 / 11 and from there use GP prerefences for IE to have these settings
https://support.microsoft.com/en-us/kb/2898604
note - IE 10 GP preferences will applicable for IE 11 as well

Mahesh.
0
 

Author Comment

by:iTekCS
ID: 41795475
As I said above I am using control panel and preferences and then selecting internet settings. But when the policy is applied I get a cannot find specified file error:

I have checked I can get to the policy from the PC \\SERVERNAME\SYSVOL\UID\

Any suggestions?
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 41795487
are you getting error on all win7 machines?

Please check, issue might be happening with single machine

Also are you uing any file for puhing IE settings, like PAC or anyother

Try with win 8.1 RSSAT machine
0
 

Author Comment

by:iTekCS
ID: 41795491
Same error on all windows 7 machines with IE11

Failed to apply internet settings settings

If I try and use registry keys I get the error in the event log

Failed to apply registry settings  

When I do GPRESULT the error shows cannot find the specified file
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 41795496
can you post screen shot of what you are trying to set
0
 

Author Comment

by:iTekCS
ID: 41795501
ERROR.jpg
above are the settings
0
 

Author Comment

by:iTekCS
ID: 41795521
Client-Error.png
adove is the error from GPRESULT when i run it on a client PC
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 41795541
I don't see any wrong in GPO settings..

can you check if same GPO folder guid and its contents does exists on all domain controllers

I mean if there are any journal wrap errors or other AD sysvol replication errors

You r running with FRS sysvol, right? to confirm, check if File replication service is running on DCs...
If above is true, please check on all DCs for event ID 13568 if exists or any other replication errors, you might download frsdiag tool from MS and test further...
check frs syvol..https://blogs.technet.microsoft.com/askds/2008/05/22/verifying-file-replication-during-the-windows-server-2008-dfsr-sysvol-migration-down-and-dirty-style/
0
 

Author Comment

by:iTekCS
ID: 41795562
ahhhh that may be my issue, i have errors when i run that utility.

i have attached them for you
NtFrs_0003.log
NtFrs_0005.log
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 41795567
the log files are too big to analyze

can you check frs propogation test if successful as mentioned in ealier coment blog?

also check if event id 13568 exists on any DC..its journal wrap error and that server will stop FRS replication back and forth....

also you can create new GPO on one DC and make sure that it is replicating to all DCs,

if not we can further troubleshoot and resolve
0
 

Author Comment

by:iTekCS
ID: 41795568
Cant see any errors in event log but looks like the FRSdiag found the issue

Checking for errors in debug logs ...
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <StuOpenDestinationFile:        17644:  1162: S0: 14:59:19> ++ ERROR - FrsOpenSourceFile2W(Preferences ->   WStatus: ERROR_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1591: S0: 15:02:11> ++ CreateFile failed on file \??\C:\Windows\SYSVOL\domain\Policies\{92E42022-F248-43DC-B1C0-A2E479F18B5D}\User\Preferences\InternetSettings;  WStatus: ERROR_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <StuOpenDestinationFile:        17644:  1162: S0: 15:02:11> ++ ERROR - FrsOpenSourceFile2W(InternetSettings ->   WStatus: ERROR_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1580: S0: 14:59:10> NtCreateFile failed :  NTStatus: STATUS_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1580: S0: 14:59:19> NtCreateFile failed :  NTStatus: STATUS_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1580: S0: 15:02:11> NtCreateFile failed :  NTStatus: STATUS_SHARING_VIOLATION
      ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain:                     16152:   883: S0: 11:35:08> ++ ERROR - EXCEPTION (000006bf) :  WStatus: RPC_S_CALL_FAILED_DNE
      ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain:                     16152:   884: S0: 11:35:08> :SR: Cmd 0103bbd0, CxtG 9c08ba46, WS RPC_S_CALL_FAILED_DNE, To   WINGS02.wingsschool.co.uk Len:  (368) [SndFail - rpc exception]
      ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain:                     16152:   904: S0: 11:35:08> :SR: Cmd 0103bbd0, CxtG 9c08ba46, WS RPC_S_CALL_FAILED_DNE, To   WINGS02.wingsschool.co.uk Len:  (368) [SndFail - Send Penalty]
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 35

Expert Comment

by:Mahesh
ID: 41795588
how many DCs you have?

is netlogon and sysvol is shared on all DCs?

also are you able to create new GPO with some setting and is it getting replicated to all DCs?

can you find any event ID 13568 under frs events on any DCs?

the last comment shows some network connectvity problems..are you able to replicate between PDC and all other DCs without any issues?
can you check network connectivity and ad site replication between PDC and all other DCs one to one...?
0
 

Author Comment

by:iTekCS
ID: 41795607
ALL NETLOGON and SYSVOL shares are OK
We have 2 domain Controllers

We can create new GPO's and replication is working.

I can add other group policies just not Internet or Registry Settings

FRSDiag v1.7 on 13/09/2016 09:46:46
.\wings04 on 2016-09-13 at 09.46.46
------------------------------------------------------------

Checking for errors/warnings in FRS Event Log .... passed
Checking for errors in Directory Service Event Log ....       
NTDS General      11/09/2016 19:28:51      Error      2087      Active Directory Domain Services could not resolve the following DNS host name of the  source domain controller to an IP address. This error prevents additions,  deletions and changes in Active Directory Domain Services from replicating between one or  more domain controllers in the forest. Security groups, group policy, users  and computers and their passwords will be inconsistent between domain  controllers until this error is resolved, potentially affecting logon  authentication and access to network resources.        Source domain controller:     WINGS02    Failing DNS host name:     8edd2e1a-31b1-4541-89e0-7968f61e549e._msdcs.wingsschool.co.uk        NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour  period, even if more than 10 failures occur.  To log all individual failure  events, set the following diagnostics registry value to 1:        Registry Path:    HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client        User Action:         1) If the source domain controller is no longer functioning or its operating  system has been reinstalled with a different computer name or NTDSDSA object  GUID, remove the source domain controller's metadata with ntdsutil.exe, using  the steps outlined in MSKB article 216498.         2) Confirm that the source domain controller is running Active Directory Domain Services and  is accessible on the network by typing "net view \\<source DC name>" or  "ping <source DC name>".         3) Verify that the source domain controller is using a valid DNS server for  DNS services, and that the source domain controller's host record and CNAME  record are correctly registered, using the DNS Enhanced version  of DCDIAG.EXE available on http://www.microsoft.com/dns          dcdiag /test:dns         4) Verify that this destination domain controller is using a valid DNS  server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE  command on the console of the destination domain controller, as follows:          dcdiag /test:dns         5) For further analysis of DNS error failures see KB 824449:       http://support.microsoft.com/?kbid=824449        Additional Data    Error value:     11004 The requested name is valid, but no data of the requested type was found.    
      WARNING: Found Directory Service Errors in the past 15 days! FRS Depends on AD so Check AD Replication!

 ......... failed 1
Checking for minimum FRS version requirement ... passed
Checking for errors/warnings in ntfrsutl ds ... passed
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size... passed
Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)... passed
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <StuOpenDestinationFile:        17644:  1162: S0: 14:59:19> ++ ERROR - FrsOpenSourceFile2W(Preferences ->   WStatus: ERROR_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1591: S0: 15:02:11> ++ CreateFile failed on file \??\C:\Windows\SYSVOL\domain\Policies\{92E42022-F248-43DC-B1C0-A2E479F18B5D}\User\Preferences\InternetSettings;  WStatus: ERROR_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <StuOpenDestinationFile:        17644:  1162: S0: 15:02:11> ++ ERROR - FrsOpenSourceFile2W(InternetSettings ->   WStatus: ERROR_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1580: S0: 14:59:10> NtCreateFile failed :  NTStatus: STATUS_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1580: S0: 14:59:19> NtCreateFile failed :  NTStatus: STATUS_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1580: S0: 15:02:11> NtCreateFile failed :  NTStatus: STATUS_SHARING_VIOLATION
      ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain:                     16152:   883: S0: 11:35:08> ++ ERROR - EXCEPTION (000006bf) :  WStatus: RPC_S_CALL_FAILED_DNE
      ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain:                     16152:   884: S0: 11:35:08> :SR: Cmd 0103bbd0, CxtG 9c08ba46, WS RPC_S_CALL_FAILED_DNE, To   WINGS02.wingsschool.co.uk Len:  (368) [SndFail - rpc exception]
      ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain:                     16152:   904: S0: 11:35:08> :SR: Cmd 0103bbd0, CxtG 9c08ba46, WS RPC_S_CALL_FAILED_DNE, To   WINGS02.wingsschool.co.uk Len:  (368) [SndFail - Send Penalty]

      Found 6 ERROR_SHARING_VIOLATION error(s)! Latest ones (up to 3) listed above
      Found 3 STATUS_SHARING_VIOLATION error(s)! Latest ones (up to 3) listed above
      Found 3 RPC_S_CALL_FAILED_DNE error(s)! Latest ones (up to 3) listed above

 ......... failed with 12 error entries
Checking NtFrs Service (and dependent services) state...passed
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...passed


Final Result = failed with 13 error(s)
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 41795627
OK I don't think there is any issue with AD

can you restart frs service on both dcs one by one and ensure that event id 13516 is generated after that under frs event logs

In that case FRS sysvol is fine, ensure that you will exclude * from installed AVntivirus within sysvol folder and ntfrs.exe on each DC followed by restrting frs service, because I guess AV is blocking your IE GPO files from copying or something like that
you may temporarily diable an protection from server and see if it resolve your issue.

Mahesh.
0
 

Author Comment

by:iTekCS
ID: 41795733
ALL AV has already been disabled and i have restarted the services as suggested and no event errors at all.

may have to log a call with MS
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 41795737
event id 13516 i generated or not...after restarting service

If ye, please log case with MS, if not we can troubleshoot further
0
 

Author Comment

by:iTekCS
ID: 41795739
no event log with that error at all
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 41795743
it is not error at all

It is event which should generate after you restart ntfrs (file replication service) which states that FRS is running fine..

if that event is not generating, it means you have issue with sysvol, check file replication service events in eventviewer....

let me know which event are generated
I am intrested in either 13516 or 13568 ?
0
 

Author Comment

by:iTekCS
ID: 41795745
when i restart FRS the event ID 13516 is logged Ads below

The File Replication Service is no longer preventing the computer WINGS02 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
 
Type "net share" to check for the SYSVOL share.

(SAME ON BOTH SERVERS)
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 41795763
now i don't see any errors, you should log the case @Microsoft
0
 

Accepted Solution

by:
iTekCS earned 0 total points
ID: 41820385
Corrupt OU in active directory was the solution
0
 

Author Closing Comment

by:iTekCS
ID: 41826012
Corrupt OU in active directory
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now