Group policy update error on client PC
Hi Team,
when i run gpupdate /force on a new computer joined to the domain,i am getting the below error on all the users PC,what could be the issue.
when i run gpupdate /force on a new computer joined to the domain,i am getting the below error on all the users PC,what could be the issue.
Browse to that path and check if it exists. If it doesn't you have a DFS replication issue
I have to side with Shaun Vermaak. DFS replication.
Login to all domain controllers listed under Sites and Services, make sure all networks are right, including subnets
On each DC, run DCDIAG /F
But, everything has Gotchas you see. Particularly where you are now and AD/LDAP
I would logon to a DC run CMD prompt as Admin then type netdom .. I know, don't like it either.
But necessary.
The query, if not mistaken is netdom query fsmo
from elevated cmd prompt
do you see all FSMO roles, you tell me?
There are only a few, unless we are dealing with multiple child domains, trusts, and so forth
all of them the same, when it comes down to dirt and grass
Easy answer, you have a Group Policy that did not replicate and is identified by the folder name or GUID above and INI
Why?
Take a good look at Sites and Services. All the Domain Controllers. Is every Subnet Defined. Yes?
What about DNS, the PTR or Reverse lookup zone? Is it define as well or are we hosting DNS on something else other than AD Integrated?
One Forest, One Domain. One Forest, Two Domains. DNS replicated and Forest or Domain level. Depends - lets go with Forest level.
PTR's don't create themselves. PowerShell yes. GUI, No.
Basics first.
If you can confirm that all zones, all subnets exist in Site and Services, and all reverse lookup zones exist as well and using AD Integraded DNS (PTR). The rest is easy my friend.
That covers the majority of FRS replication issues. DNS. PTR. A Records.
Otherwise, we shift to Replmon and and repadmin.
Then we get to did you upgrade the domain or fresh install, what changed. A lot more suspects. Not of which we cannot track down.
Login to all domain controllers listed under Sites and Services, make sure all networks are right, including subnets
On each DC, run DCDIAG /F
But, everything has Gotchas you see. Particularly where you are now and AD/LDAP
I would logon to a DC run CMD prompt as Admin then type netdom .. I know, don't like it either.
But necessary.
The query, if not mistaken is netdom query fsmo
from elevated cmd prompt
do you see all FSMO roles, you tell me?
There are only a few, unless we are dealing with multiple child domains, trusts, and so forth
all of them the same, when it comes down to dirt and grass
Easy answer, you have a Group Policy that did not replicate and is identified by the folder name or GUID above and INI
Why?
Take a good look at Sites and Services. All the Domain Controllers. Is every Subnet Defined. Yes?
What about DNS, the PTR or Reverse lookup zone? Is it define as well or are we hosting DNS on something else other than AD Integrated?
One Forest, One Domain. One Forest, Two Domains. DNS replicated and Forest or Domain level. Depends - lets go with Forest level.
PTR's don't create themselves. PowerShell yes. GUI, No.
Basics first.
If you can confirm that all zones, all subnets exist in Site and Services, and all reverse lookup zones exist as well and using AD Integraded DNS (PTR). The rest is easy my friend.
That covers the majority of FRS replication issues. DNS. PTR. A Records.
Otherwise, we shift to Replmon and and repadmin.
Then we get to did you upgrade the domain or fresh install, what changed. A lot more suspects. Not of which we cannot track down.
ASKER
Hi everyone,
i found that GPO belongs to the default domian group policy,which had lot of GPOs set,i can this folder is empty now and when i compard it with a backup i can see there is mismatch in the content of this folder.
i am not suprised why there is mismatch because i am aware when i was troubleshooting another issue found out this GPO was corrupted so may be it some of the cotent delete?
is it possible i can restore just the default GPO from old backup or should i have to create all the GPO is defualt domian group policy again.
i found that GPO belongs to the default domian group policy,which had lot of GPOs set,i can this folder is empty now and when i compard it with a backup i can see there is mismatch in the content of this folder.
i am not suprised why there is mismatch because i am aware when i was troubleshooting another issue found out this GPO was corrupted so may be it some of the cotent delete?
is it possible i can restore just the default GPO from old backup or should i have to create all the GPO is defualt domian group policy again.
No. How many DC's. Is FRS running on all DC's. Did you run any of the commands.
Run DCDIAG /V on each DC. I think you are referring to the SYSVOL. Group Policies don't just not replicate. You could have a much bigger issue indicated by the event logs such as System. Instead of fixing the problem, determine the root cause then fix the problem. Is that a deal?
Run DCDIAG /V on each DC. I think you are referring to the SYSVOL. Group Policies don't just not replicate. You could have a much bigger issue indicated by the event logs such as System. Instead of fixing the problem, determine the root cause then fix the problem. Is that a deal?
ASKER
i am rusiing frs,the replica\tion issue is resolved the Dcs are very well replicating i have fixed the issue,but during troubleedhooting somehow this folder cotent got deleted iw ant to retore it now.
minimum do this
try and connect to \\domain\sysvol
then every DC \\DC1\sysvol, \\dc2\sysvol so on
Did shortname work?
Try dc.fqdn\sysvol
did that work
Basics.
try and connect to \\domain\sysvol
then every DC \\DC1\sysvol, \\dc2\sysvol so on
Did shortname work?
Try dc.fqdn\sysvol
did that work
Basics.
run dcdiag /v and paste the output
What if you need to run Metadata cleanse? Did you demote a DC? What is the root cause?
Please start, with checking the FRS service on each DC. Then run DCDIAG /V
Please
Please
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Everyone ,
i got it resolved the default domian policy was missing some file including the gpt.ini,got it restored and restored the default domian policy to reolve the issue,once again thanks everyone for your solutions provided.
i got it resolved the default domian policy was missing some file including the gpt.ini,got it restored and restored the default domian policy to reolve the issue,once again thanks everyone for your solutions provided.
@Sysguys: Please close question
Also how many DC you have in domain? Check if you can find NTFRS event 13658 on any server.