Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 30
  • Last Modified:

Server 2008 + IE11 Group Policy

I have a 2008 server and using group policy I am unable to apply the internet explorer 11 settings using control panel and internet settings policy.

I am using the RASAT tools with windows 10 but the error is below.

When I run GPRESULT it says " internet settings settings could not be applied" ERROR: could not find the file specified.

Anyone any ideas?

IE11 with with windows 7 is my environment

Ta
A
0
iTekCS
Asked:
iTekCS
  • 12
  • 10
1 Solution
 
MaheshArchitectCommented:
with windows 10 RSAT machine you cannot find IE maintenance options, they are removed from win8 and above machines

You need to use either win7 / 2008 R2 with RSAT and with IE version up to 9
If you install IE version 10 on win7 /2008 R2, you will lose thse IE maintenance options, this is by design because IE 10 did not support IE maintenance options and win8 and above also do not support that options

If you have machines with win8 \ 8.1 \ win 10 or machines having IE 10 and 11, then use RAST machine with IE 10 / 11 and from there use GP prerefences for IE to have these settings
https://support.microsoft.com/en-us/kb/2898604
note - IE 10 GP preferences will applicable for IE 11 as well

Mahesh.
0
 
iTekCSAuthor Commented:
As I said above I am using control panel and preferences and then selecting internet settings. But when the policy is applied I get a cannot find specified file error:

I have checked I can get to the policy from the PC \\SERVERNAME\SYSVOL\UID\

Any suggestions?
0
 
MaheshArchitectCommented:
are you getting error on all win7 machines?

Please check, issue might be happening with single machine

Also are you uing any file for puhing IE settings, like PAC or anyother

Try with win 8.1 RSSAT machine
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
iTekCSAuthor Commented:
Same error on all windows 7 machines with IE11

Failed to apply internet settings settings

If I try and use registry keys I get the error in the event log

Failed to apply registry settings  

When I do GPRESULT the error shows cannot find the specified file
0
 
MaheshArchitectCommented:
can you post screen shot of what you are trying to set
0
 
iTekCSAuthor Commented:
ERROR.jpg
above are the settings
0
 
iTekCSAuthor Commented:
Client-Error.png
adove is the error from GPRESULT when i run it on a client PC
0
 
MaheshArchitectCommented:
I don't see any wrong in GPO settings..

can you check if same GPO folder guid and its contents does exists on all domain controllers

I mean if there are any journal wrap errors or other AD sysvol replication errors

You r running with FRS sysvol, right? to confirm, check if File replication service is running on DCs...
If above is true, please check on all DCs for event ID 13568 if exists or any other replication errors, you might download frsdiag tool from MS and test further...
check frs syvol..https://blogs.technet.microsoft.com/askds/2008/05/22/verifying-file-replication-during-the-windows-server-2008-dfsr-sysvol-migration-down-and-dirty-style/
0
 
iTekCSAuthor Commented:
ahhhh that may be my issue, i have errors when i run that utility.

i have attached them for you
NtFrs_0003.log
NtFrs_0005.log
0
 
MaheshArchitectCommented:
the log files are too big to analyze

can you check frs propogation test if successful as mentioned in ealier coment blog?

also check if event id 13568 exists on any DC..its journal wrap error and that server will stop FRS replication back and forth....

also you can create new GPO on one DC and make sure that it is replicating to all DCs,

if not we can further troubleshoot and resolve
0
 
iTekCSAuthor Commented:
Cant see any errors in event log but looks like the FRSdiag found the issue

Checking for errors in debug logs ...
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <StuOpenDestinationFile:        17644:  1162: S0: 14:59:19> ++ ERROR - FrsOpenSourceFile2W(Preferences ->   WStatus: ERROR_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1591: S0: 15:02:11> ++ CreateFile failed on file \??\C:\Windows\SYSVOL\domain\Policies\{92E42022-F248-43DC-B1C0-A2E479F18B5D}\User\Preferences\InternetSettings;  WStatus: ERROR_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <StuOpenDestinationFile:        17644:  1162: S0: 15:02:11> ++ ERROR - FrsOpenSourceFile2W(InternetSettings ->   WStatus: ERROR_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1580: S0: 14:59:10> NtCreateFile failed :  NTStatus: STATUS_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1580: S0: 14:59:19> NtCreateFile failed :  NTStatus: STATUS_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1580: S0: 15:02:11> NtCreateFile failed :  NTStatus: STATUS_SHARING_VIOLATION
      ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain:                     16152:   883: S0: 11:35:08> ++ ERROR - EXCEPTION (000006bf) :  WStatus: RPC_S_CALL_FAILED_DNE
      ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain:                     16152:   884: S0: 11:35:08> :SR: Cmd 0103bbd0, CxtG 9c08ba46, WS RPC_S_CALL_FAILED_DNE, To   WINGS02.wingsschool.co.uk Len:  (368) [SndFail - rpc exception]
      ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain:                     16152:   904: S0: 11:35:08> :SR: Cmd 0103bbd0, CxtG 9c08ba46, WS RPC_S_CALL_FAILED_DNE, To   WINGS02.wingsschool.co.uk Len:  (368) [SndFail - Send Penalty]
0
 
MaheshArchitectCommented:
how many DCs you have?

is netlogon and sysvol is shared on all DCs?

also are you able to create new GPO with some setting and is it getting replicated to all DCs?

can you find any event ID 13568 under frs events on any DCs?

the last comment shows some network connectvity problems..are you able to replicate between PDC and all other DCs without any issues?
can you check network connectivity and ad site replication between PDC and all other DCs one to one...?
0
 
iTekCSAuthor Commented:
ALL NETLOGON and SYSVOL shares are OK
We have 2 domain Controllers

We can create new GPO's and replication is working.

I can add other group policies just not Internet or Registry Settings

FRSDiag v1.7 on 13/09/2016 09:46:46
.\wings04 on 2016-09-13 at 09.46.46
------------------------------------------------------------

Checking for errors/warnings in FRS Event Log .... passed
Checking for errors in Directory Service Event Log ....       
NTDS General      11/09/2016 19:28:51      Error      2087      Active Directory Domain Services could not resolve the following DNS host name of the  source domain controller to an IP address. This error prevents additions,  deletions and changes in Active Directory Domain Services from replicating between one or  more domain controllers in the forest. Security groups, group policy, users  and computers and their passwords will be inconsistent between domain  controllers until this error is resolved, potentially affecting logon  authentication and access to network resources.        Source domain controller:     WINGS02    Failing DNS host name:     8edd2e1a-31b1-4541-89e0-7968f61e549e._msdcs.wingsschool.co.uk        NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour  period, even if more than 10 failures occur.  To log all individual failure  events, set the following diagnostics registry value to 1:        Registry Path:    HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client        User Action:         1) If the source domain controller is no longer functioning or its operating  system has been reinstalled with a different computer name or NTDSDSA object  GUID, remove the source domain controller's metadata with ntdsutil.exe, using  the steps outlined in MSKB article 216498.         2) Confirm that the source domain controller is running Active Directory Domain Services and  is accessible on the network by typing "net view \\<source DC name>" or  "ping <source DC name>".         3) Verify that the source domain controller is using a valid DNS server for  DNS services, and that the source domain controller's host record and CNAME  record are correctly registered, using the DNS Enhanced version  of DCDIAG.EXE available on http://www.microsoft.com/dns          dcdiag /test:dns         4) Verify that this destination domain controller is using a valid DNS  server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE  command on the console of the destination domain controller, as follows:          dcdiag /test:dns         5) For further analysis of DNS error failures see KB 824449:       http://support.microsoft.com/?kbid=824449        Additional Data    Error value:     11004 The requested name is valid, but no data of the requested type was found.    
      WARNING: Found Directory Service Errors in the past 15 days! FRS Depends on AD so Check AD Replication!

 ......... failed 1
Checking for minimum FRS version requirement ... passed
Checking for errors/warnings in ntfrsutl ds ... passed
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size... passed
Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)... passed
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <StuOpenDestinationFile:        17644:  1162: S0: 14:59:19> ++ ERROR - FrsOpenSourceFile2W(Preferences ->   WStatus: ERROR_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1591: S0: 15:02:11> ++ CreateFile failed on file \??\C:\Windows\SYSVOL\domain\Policies\{92E42022-F248-43DC-B1C0-A2E479F18B5D}\User\Preferences\InternetSettings;  WStatus: ERROR_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <StuOpenDestinationFile:        17644:  1162: S0: 15:02:11> ++ ERROR - FrsOpenSourceFile2W(InternetSettings ->   WStatus: ERROR_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1580: S0: 14:59:10> NtCreateFile failed :  NTStatus: STATUS_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1580: S0: 14:59:19> NtCreateFile failed :  NTStatus: STATUS_SHARING_VIOLATION
      ERROR on NtFrs_0005.log : "ERROR_SHARING_VIOLATION(For more information see KB.822300, KB.815473, and KB.823230)" : <FrsOpenSourceFile2W:           17644:  1580: S0: 15:02:11> NtCreateFile failed :  NTStatus: STATUS_SHARING_VIOLATION
      ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain:                     16152:   883: S0: 11:35:08> ++ ERROR - EXCEPTION (000006bf) :  WStatus: RPC_S_CALL_FAILED_DNE
      ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain:                     16152:   884: S0: 11:35:08> :SR: Cmd 0103bbd0, CxtG 9c08ba46, WS RPC_S_CALL_FAILED_DNE, To   WINGS02.wingsschool.co.uk Len:  (368) [SndFail - rpc exception]
      ERROR on NtFrs_0003.log : "RPC_S_CALL_FAILED_DNE(Indicates RPC Session was established to target, but there was a failure to send RPC call package. Check for Networking problems!)" : <SndCsMain:                     16152:   904: S0: 11:35:08> :SR: Cmd 0103bbd0, CxtG 9c08ba46, WS RPC_S_CALL_FAILED_DNE, To   WINGS02.wingsschool.co.uk Len:  (368) [SndFail - Send Penalty]

      Found 6 ERROR_SHARING_VIOLATION error(s)! Latest ones (up to 3) listed above
      Found 3 STATUS_SHARING_VIOLATION error(s)! Latest ones (up to 3) listed above
      Found 3 RPC_S_CALL_FAILED_DNE error(s)! Latest ones (up to 3) listed above

 ......... failed with 12 error entries
Checking NtFrs Service (and dependent services) state...passed
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...passed


Final Result = failed with 13 error(s)
0
 
MaheshArchitectCommented:
OK I don't think there is any issue with AD

can you restart frs service on both dcs one by one and ensure that event id 13516 is generated after that under frs event logs

In that case FRS sysvol is fine, ensure that you will exclude * from installed AVntivirus within sysvol folder and ntfrs.exe on each DC followed by restrting frs service, because I guess AV is blocking your IE GPO files from copying or something like that
you may temporarily diable an protection from server and see if it resolve your issue.

Mahesh.
0
 
iTekCSAuthor Commented:
ALL AV has already been disabled and i have restarted the services as suggested and no event errors at all.

may have to log a call with MS
0
 
MaheshArchitectCommented:
event id 13516 i generated or not...after restarting service

If ye, please log case with MS, if not we can troubleshoot further
0
 
iTekCSAuthor Commented:
no event log with that error at all
0
 
MaheshArchitectCommented:
it is not error at all

It is event which should generate after you restart ntfrs (file replication service) which states that FRS is running fine..

if that event is not generating, it means you have issue with sysvol, check file replication service events in eventviewer....

let me know which event are generated
I am intrested in either 13516 or 13568 ?
0
 
iTekCSAuthor Commented:
when i restart FRS the event ID 13516 is logged Ads below

The File Replication Service is no longer preventing the computer WINGS02 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
 
Type "net share" to check for the SYSVOL share.

(SAME ON BOTH SERVERS)
0
 
MaheshArchitectCommented:
now i don't see any errors, you should log the case @Microsoft
0
 
iTekCSAuthor Commented:
Corrupt OU in active directory was the solution
0
 
iTekCSAuthor Commented:
Corrupt OU in active directory
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 12
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now