Allen
asked on
Group Policy RSoP
I noticed today that one of my GPOs were not deploying successfully... it's a simple .msi.
When I did a gpresult, there were only a few of my GPOs that were being applied. And under Component Status, I get this-
+++++
Group Policy Infrastructure failed due to the error listed below and failed to log resultant set of policy information.
The specified domain either does not exist or could not be contacted.
+++++
I've ran a dcdiag, repadmin, and there are not any errors. I'm not finding any DNS or NTP issues. I can ping the domain controllers with no problems, and the SYSVOL/NETLOGON shares are working properly.
I'm running out of ideas... can anyone point me in the right direction?
Client PCs - Windows 7. Domain Controllers - Windows Server 2012 R2
When I did a gpresult, there were only a few of my GPOs that were being applied. And under Component Status, I get this-
+++++
Group Policy Infrastructure failed due to the error listed below and failed to log resultant set of policy information.
The specified domain either does not exist or could not be contacted.
+++++
I've ran a dcdiag, repadmin, and there are not any errors. I'm not finding any DNS or NTP issues. I can ping the domain controllers with no problems, and the SYSVOL/NETLOGON shares are working properly.
I'm running out of ideas... can anyone point me in the right direction?
Client PCs - Windows 7. Domain Controllers - Windows Server 2012 R2
ASKER
Thanks Guy-
Unfortunately the issue seems to be related to group policy itself, and not the software deployment. I just happened to find the issue when attempting to deploy the software using the GPO.
Unfortunately the issue seems to be related to group policy itself, and not the software deployment. I just happened to find the issue when attempting to deploy the software using the GPO.
If you look at the bottom of the article, there is a link to troubleshooting AD and GPO deployments.
http://www.advancedinstaller.com/user-guide/qa-log.html#automated-logging
Have you created another test GPO to ensure that its not a corrupt entry?
http://www.advancedinstaller.com/user-guide/qa-log.html#automated-logging
Have you created another test GPO to ensure that its not a corrupt entry?
ASKER
Yes, there are actually a few GPOs that aren't being deployed.
What DCDIAG switches did you run with and have you tried DNSLINT to ensure replication is ok?
Link to how to DNSLINT:
https://support.microsoft.com/en-gb/help/321046/how-to-use-dnslint-to-troubleshoot-active-directory-replication-issues
This could be a DNS issue.
Link to how to DNSLINT:
https://support.microsoft.com/en-gb/help/321046/how-to-use-dnslint-to-troubleshoot-active-directory-replication-issues
This could be a DNS issue.
ASKER
repadmin /showrepl
dcdiag /e /v
dcdiag /test:DNS
I wasn't familiar with dnslint, but I've now ran tests with it as well. I'm not seeing any errors.
dcdiag /e /v
dcdiag /test:DNS
I wasn't familiar with dnslint, but I've now ran tests with it as well. I'm not seeing any errors.
ASKER
Ok- I'm starting to wonder if I missed something in the previous outputs. I got this on one of the clients-
C:\WINDOWS\system32>netdom query /verify dc
Verifying secure channel setup for domain members:
Machine Status/Domain Domain Controller
======= ============= =================
\\HCC-DC ERROR! ( The specified domain either does not exist or could not be contacted. )
\\JCC-DC DOMAIN \\HCC-DC.domain.local
Everything seems right, dns, sysvol/netlogon shares, etc. I've been staring at this too long and am missing something.
C:\WINDOWS\system32>netdom
Verifying secure channel setup for domain members:
Machine Status/Domain Domain Controller
======= ============= =================
\\HCC-DC ERROR! ( The specified domain either does not exist or could not be contacted. )
\\JCC-DC DOMAIN \\HCC-DC.domain.local
Everything seems right, dns, sysvol/netlogon shares, etc. I've been staring at this too long and am missing something.
ASKER
Some added info-
I ran a net view against the domain controller, and nothing showed up. I sent the ping to the server to verify that I had connectivity, and then mysteriously the net view worked.
C:\WINDOWS\system32>net view domain_controller
System error 53 has occurred.
The network path was not found.
C:\WINDOWS\system32>ping domain_controller
Pinging domain_controller.domain.l ocal [172.16.1.69] with 32 bytes of data:
Reply from 172.16.1.69: bytes=32 time<1ms TTL=127
Reply from 172.16.1.69: bytes=32 time<1ms TTL=127
Reply from 172.16.1.69: bytes=32 time<1ms TTL=127
Reply from 172.16.1.69: bytes=32 time<1ms TTL=127
Ping statistics for 172.16.1.69:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\WINDOWS\system32>net view domain_controller
Shared resources at domain_controller
Share name Type Used as Comment
-------------------------- ---------- ---------- ---------- ---------- ---------- ---
NETLOGON Disk Logon server share
SYSVOL Disk Logon server share
The command completed successfully.
C:\WINDOWS\system32>
I ran a net view against the domain controller, and nothing showed up. I sent the ping to the server to verify that I had connectivity, and then mysteriously the net view worked.
C:\WINDOWS\system32>net view domain_controller
System error 53 has occurred.
The network path was not found.
C:\WINDOWS\system32>ping domain_controller
Pinging domain_controller.domain.l
Reply from 172.16.1.69: bytes=32 time<1ms TTL=127
Reply from 172.16.1.69: bytes=32 time<1ms TTL=127
Reply from 172.16.1.69: bytes=32 time<1ms TTL=127
Reply from 172.16.1.69: bytes=32 time<1ms TTL=127
Ping statistics for 172.16.1.69:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\WINDOWS\system32>net view domain_controller
Shared resources at domain_controller
Share name Type Used as Comment
--------------------------
NETLOGON Disk Logon server share
SYSVOL Disk Logon server share
The command completed successfully.
C:\WINDOWS\system32>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Found it was a network issue...
http://www.advancedinstaller.com/user-guide/tutorial-gpo.html
Regards
Guy