Link to home
Start Free TrialLog in
Avatar of Allen
AllenFlag for United States of America

asked on

Group Policy RSoP

I noticed today that one of my GPOs were not deploying successfully... it's a simple .msi.

When I did a gpresult, there were only a few of my GPOs that were being applied.  And under Component Status, I get this-
+++++
Group Policy Infrastructure failed due to the error listed below and failed to log resultant set of policy information.

The specified domain either does not exist or could not be contacted.
+++++

I've ran a dcdiag, repadmin, and there are not any errors.  I'm not finding any DNS or NTP issues.  I can ping the domain controllers with no problems, and the SYSVOL/NETLOGON shares are working properly.

I'm running out of ideas... can anyone point me in the right direction?

Client PCs - Windows 7.  Domain Controllers - Windows Server 2012 R2
Avatar of Guy Lidbetter
Guy Lidbetter
Flag of United Kingdom of Great Britain and Northern Ireland image

This is a great article on breaking down MSI deployment via a gpo, have  read through, maybe create a test GPO based on this and see if you have the same issues with the test GPO...

http://www.advancedinstaller.com/user-guide/tutorial-gpo.html

Regards

Guy
Avatar of Allen

ASKER

Thanks Guy-

Unfortunately the issue seems to be related to group policy itself, and not the software deployment.  I just happened to find the issue when attempting to deploy the software using the GPO.
If you look at the bottom of the article, there is a link to troubleshooting AD and GPO deployments.
http://www.advancedinstaller.com/user-guide/qa-log.html#automated-logging

Have you created another test GPO to ensure that its not a corrupt entry?
Avatar of Allen

ASKER

Yes, there are actually a few GPOs that aren't being deployed.
What DCDIAG switches did you run with and have you tried DNSLINT to ensure replication is ok?

Link to how to DNSLINT:
https://support.microsoft.com/en-gb/help/321046/how-to-use-dnslint-to-troubleshoot-active-directory-replication-issues

This could be a DNS issue.
Avatar of Allen

ASKER

repadmin /showrepl
dcdiag /e /v
dcdiag /test:DNS

I wasn't familiar with dnslint, but I've now ran tests with it as well.  I'm not seeing any errors.
Avatar of Allen

ASKER

Ok- I'm starting to wonder if I missed something in the previous outputs.  I got this on one of the clients-

C:\WINDOWS\system32>netdom query /verify dc
Verifying secure channel setup for domain members:
Machine                     Status/Domain       Domain Controller
=======                     =============       =================

\\HCC-DC            ERROR!  ( The specified domain either does not exist or could not be contacted. )

\\JCC-DC                    DOMAIN     \\HCC-DC.domain.local

Everything seems right, dns, sysvol/netlogon shares, etc.  I've been staring at this too long and am missing something.
Avatar of Allen

ASKER

Some added info-

I ran a net view against the domain controller, and nothing showed up.  I sent the ping to the server to verify that I had connectivity, and then mysteriously the net view worked.

C:\WINDOWS\system32>net view domain_controller
System error 53 has occurred.

The network path was not found.


C:\WINDOWS\system32>ping domain_controller

Pinging domain_controller.domain.local [172.16.1.69] with 32 bytes of data:
Reply from 172.16.1.69: bytes=32 time<1ms TTL=127
Reply from 172.16.1.69: bytes=32 time<1ms TTL=127
Reply from 172.16.1.69: bytes=32 time<1ms TTL=127
Reply from 172.16.1.69: bytes=32 time<1ms TTL=127

Ping statistics for 172.16.1.69:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\WINDOWS\system32>net view domain_controller
Shared resources at domain_controller



Share name  Type  Used as  Comment

-------------------------------------------------------------------------------
NETLOGON    Disk           Logon server share
SYSVOL      Disk           Logon server share
The command completed successfully.


C:\WINDOWS\system32>
ASKER CERTIFIED SOLUTION
Avatar of Allen
Allen
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Allen

ASKER

Found it was a network issue...