Cannot push out group policy to Windows 10 clients

HI Experts,

I am having difficulty pushing out refreshed Group policies from Windows Server 2016 to Windows 10 clients.

They are all failing with "The remote procedure call was cancelled."

I have had some success turning off the firewall on one machine and then it successfully pushed it out, but obviously I don't want to turn off windows firewall.

I tried adding an inbound and outbound rule on the firewall on port 135 for TCP but this doesn't work.

Can anyone please help advising what firewall ports need to be open on the client PC for the group policy to get pushed out successfully.

Many thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Technical Consultant
Commented:
I'm assuming you have read this?


</P>
Distinguished Expert 2018

Commented:
Your description is vague.

GPOs are never pushed, but clients pull them, so what is failing, where do you see this error message?
The firewall would not need any adjustment by default.

Author

Commented:
HI - I did read the article, but it proposes making the firewall change in Group policy editor, but that makes no sense, as Group policy cannot get successfully pushed to clients...

I turned the firewall off on one device and it then got the gpupdate.

Everyone seems to need to have their firewalls modified to allow through communication from the domain controller??!

McKnife - I don't think clients are pulling them either. Can't push them, and clients aren't able to pull them
Distinguished Expert 2018

Commented:
Again: where do you see this error message?

Author

Commented:
I see this error on the client:
gperror.JPG

Author

Commented:
I opened the following services on the client and the above error went away when I ran gpupdate and also I successfully pushed out policy update from the DC,,,
gperror2.JPG
Distinguished Expert 2018

Commented:
I will ask for a last time :-)
"They are all failing with "The remote procedure call was cancelled." <-where are you seeing this error? Your screenshots don't show it.

Author

Commented:
Hi - so sorry, thought I clarified this, the remote procedure call was cancelled comes from with Group policy editor, on the domain controller.

On the DC, in GP Editor, I navigate to the laptops group, and then please see attached screenshots
gperror3.JPG
gperror4.JPG
gperror5.JPG
Distinguished Expert 2018

Commented:
Ok, so the remote gpupdate is used, which still is no push, but which would normally initiate a pull. And that requires some open ports, right, understood finally.

About ports needed for pulling: by default, nothing needs to be changed. Firewalls at the DC nor at the clients - no changes needed from defaults.

So for "pushing" as you call it, ports need to be opened to the DC or to your administrative workstation but NOT to other computers or even all PCs.

And for pulling, as said, nothing needs to be done. If you needed to change firewall rules for that, then please retry that on a new clean domain member. You'll see nothing is needed.

Author

Commented:
I see your point McKnife, but what we are finding is that computers are not able to get the updates unless we open those settings on the firewall. Once we do that, we can update GP from the DC and the systems with the firewall open for those services report back that they received it successfully.
Distinguished Expert 2018

Commented:
You have found what needs to be done for a remote gpupdate.
You have not found out, why normal pull does not work by default.
You may find that out after doing the test with a fresh machine.

Author

Commented:
thanks. the suggested firewall changes in Peter’s post worked, but only when applied locally on the client, they could not be pushed out via group policy.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial