Work Folders - Specific Group Policy's that are needed to satisfy domain client security level

Hi All,
We have Work Folders successfully set up on our domain. A non domain joined client can connect and gain access to their work folder share without issue.
I am now in the process of setting up domain connected laptops that will be used by staff. These laptop will have restrictions on them and the users that logon will not have admin privileges.
The work folder server has the device policies of:
Encrypt Work Folders
Automatically lock screen, and require a password
We are using Windows 8.1 enterprise clients, with the latest patches. If I turn off the "Automatically lock screen...." policy, a domain user can successfully sync their work. If I turn it back on they get the below error:
"Make sure that your account is an administrator on the PC and that all administrator accounts on this PC have a password."
I have set the group polices that I believe might effect this message, but have yet to get a successful sync. Could someone give me the exact group policies I would need to set for client to meet the security requirements.
Minimum password length of 6
Autolock screen set to be 15 minutes or less
Maximum password retry of 10 or less

Hi,
Work Folders provides the two device policies that administrators can control. The policies are enforced on the Windows 8.1 clients before data sync is allowed.
The policy settings are not configurable, and they are enforced on the devices running with Windows 8.1 through the EAS Engine.
Please refer to the article below to troubleshoot the issue:
Work Folders for Windows 7
http://blogs.technet.com/b/filecab/archive/2014/04/24/work-folders-for-windows-7.aspx
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Similar Messages

Is it possible to group 2 objects that are located on 2 different pages in InDesign CS4 JS

Is it possible to group 2 objects that are located on 2 different pages. Would it be something like that:
        var myArray = new Array;
        //Add the items to the array.
        myArray.push(myLine1);
        myArray.push(myLine2);
        //Group the items.
        var myPages = app.activeDocument.pages;
        myGroup = myPage.groups.add(myArray);
Thank you very much for your help.
Yulia

You can group objects from distinct pages only if they belong to the same spread.
For instance, if you have a rectangle on page 2 and a rectangle on page 3 in a "facing pages" configuration, this should work:
var doc = app.activeDocument;
var r2 = doc.pages[1].rectangles[0]; // rectangle on page 2
var r3 = doc.pages[2].rectangles[0]; // rectangle on page 3
// it's better here to handle the parent spread:
var g = doc.spreads[1].groups.add([r2,r3]);
// but this may also work:
// var g = doc.pages[1].groups.add([r2,r3]);
// var g = doc.pages[2].groups.add([r2,r3]);
@+
Marc

Google drive does not work with specific group but works with all users group!!

Hi,
Why Google drive does not work with specific group but works with all users group?
My rule : Internal > external > all users = works fine
But
Internal > external > A group = not working !!

Hi,
if you require user authentication in Firewall policy rules, the clients must bei Webproxy clients (for HTTP / HTTPS) or TMG clients (for TCP/UDP):
http://technet.microsoft.com/en-us/library/bb794762.aspx
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3276?GPP=MarcGrote

On Windows 7, neither my quicktime or iTunes will start. This started after I installed the newest update. All the files that are needed are there. I recently updated Quicktime to see if that would work, but it didn't.

This started after I installed the newest update. All the files that are needed are there. I just updated Quicktime to see if that would work, but it didn't. I looked through some other discussions like this, and found out that all of my files are correct. Some people are saying that they needed to remove Filebot, but I can't find that on my computer. Help, please?

This started after I installed the newest update. All the files that are needed are there. I just updated Quicktime to see if that would work, but it didn't. I looked through some other discussions like this, and found out that all of my files are correct. Some people are saying that they needed to remove Filebot, but I can't find that on my computer. Help, please?

To disable group policy when the machine not connected to domain controller

hi all
i have alot of users joined to the domain and i enabled prevent user to to add/ remove sites on the trusted sites option through group policy, is there any script file that allow user to add and remove sites from the trusted sites when he/she out
of LAN without interaction by user, or script to disable all group policy settings that applied by the active directory administrator when there is no connectivity between domain machine and the active directory.
regards

Duplicate post...
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/617a7ddb-592e-481f-b360-23d871eb26be#617a7ddb-592e-481f-b360-23d871eb26be
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))

App World - Sorry, your device does not meet the system requirements that are needed

Hi, I’ve just got a blackberry which is my first. I am new to this. I'm trying to download the App World on my phone because I would like to get some applications on my phone. As I try to download the App World it says "Sorry, your device does not meet the system requirements that are needed to support Blackberry App World." I have tried to download this on my computer Via Cable and on my Blackberry Via the Browser. If this doesn’t work for my blackberry is there any way around this so I can download applications from somewhere else.
Network Provider: 02
Network Plan: Pay As You Go
Thanks.

Hi, thanks. Is this something my provider can activate free of charge or does this come at a monthly payment?
Can someone provide a bit of information about this please.
Thanks.

I receive the error "axError.gifSorry, your device does not meet the system requirements that are needed to support BlackBerry App World

Hi My name is Tibor Madarasi i purchased a Blackberry 8900 brand new i can't install app world i instaled the updates for this phone (v4.2.0.85)still can install app world i receive the error "axError.gif Sorry, your device does not meet the system requirements that are needed to support BlackBerry App World." I'm using O2 network in London UK Please advice me Regards
Message Edited by MichelleK on 06-15-2009 09:53 AM

ffbizz wrote:
I hate this bold 9700 series 2 no carrier and find it to be a pathetic product backed up by even more pathetic support so I have decided to use it as a torch. There is an app for this but it requires app world first. Are you trying to say that I MUST have a carrier and they will resolve this issue but otherwise RIM cannot do anything about their own product?
Hello and Welcome to the Forums!
We are so sorry that you are having so many difficulties. While many experience the same (a search here will reveal that fact), there are also many who have very positive experiences with their BB. Not every device is suitable for everyone -- which IMHO is why there are so many choices.
In addition, but for AppWorld, front line support for BB's is, by contract, not provided by RIM. The carriers and authorized resellers are responsible for front line formal support to end users. It is possible to bypass your carrier and seek assistance direct from RIM, but such involves fees since you are bypassing your support agreement with your carrier. The "Support and Services" tab toward the top of these forum pages provide information about that. But, if you do go through your carrier for support, they can escalate into RIM at no fee to you if they so choose to.
As to AppWorld Support (beyond what we volunteer to provide in these forums), that is available via this portal:
https://www.blackberry.com/CSOHelp/index.do?ft=generic
If you choose to submit to them in this manner, then please use, in the "Please select a component:" field, the AppWorld Billing/Payment selection. Any other selection will simply route you back anonymously to these public forums.
As to your question, RIM and the carriers both participate in AppWorld. My suspicion is that the carriers get a portion of the costs for the apps that are vended via AppWorld -- but that's just my suspicion. Hence, the use of AppWorld indeed requires a carrier (and, indeed, the proper data plan level from them).
But, AppWorld is merely a portal, vending apps that are (for the most part) developed by others. As such, it is not the only portal in the world for BB apps. There are a few, I think, apps that are exclusively vended via AppWorld...but I think that number is rather small. Consequently, if you desire an app that will allow your BB to function as you desire, you should seek out alternative vending portals. There are plenty.
Good luck!
Occam's Razor nearly always applies when troubleshooting technology issues!
If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
Join our BBM Channels
BSCF General Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code

Error "Sorry your device does not meet the system requirements that are needed to support Twitter for BlackBerry Smartphones"

I have a Curve 8300. With OS v4.5.0.81. And I am on a BB Social network plan through my cell providor "Fido".
I mainly use it for Facebook & Twitter and have no problems using either app. However I was prompted for an update for my twitter recently but wasn't near a wifi spot to update. Just decided to update today at home where I do have wifi. However when I go to do the update, it gives me the following error:
"Sorry your device does not meet the system requirements that are needed to support Twitter for BlackBerry Smartphones"
I have scoured for answers but haven't had much luck. I tried checking for OS updates. I apparently have the most current one that my phone will support. I uninstalled twitter and then tried to reinstall it via the twitter Icon on my phone. Got the same error. Tried reinstalling it through app world, it installed just fine. However it installed the version that I had previously had. So I went to twitter's settings and checked for updates. It prompted for one as I expected it would. And when I tried to get the update. It gave me that error again. I can use twitter as it is, but I don't see why my phone shouldn't be able to get all the updates for various apps. Is it a software compatability issue? Is it a hardware compatability issue? Is there anything I can do to get the update or do I just have a phone that won't take some app updates?

Hi and welcome to the forums!
The 8300 is not listed in the device upgrade table for Blackberry device OS v5.0. The newer versions of apps like Twitter and Facebook require device OS v5.0 to run correctly. Might be time to consider a new device!
Thanks,
Bifocals
BlackBerry Device Software 5.0 main support page
Click Accept as Solution for posts that have solved your issue(s)!
Be sure to click Like! for those who have helped you.
Install BlackBerry Protect it's a free application designed to help find your lost BlackBerry smartphone, and keep the information on it secure.

Your Device does not meet System requirements that are needed to support BB App World

Hello,
My last Torch died with a JVM. Just got it replaced today and I want to get my Downloaded apps back. After I have restored the device from BlackBerry Desktop, none of my downloaded apps are there. I have a brand new 9860 , running Bundle 7.1. I launch App World. It tells me to upgrade. When I follow the screen upgrades, I reach an error message : Notice: Sorry your device does not meet the system requirements that are needed to support BB App World. I have a brand new phone so first question...can I upgrade App World over Wi-FI. or do I have to get a Data Plan from my Telco first ? I have been running my old phone fine with no Data plan but enjoying BBM and Cell use. Not happy.
Do you have a band or artist you want to promote ? For new music and music news, visit www.soundnebula.com/blog
SoundNebula is the BlackBerry App for SoundCloud with BBM built in !
Solved!
Go to Solution.

Yep, hopefully soon.. I know the right people are aware of the "inaccurate" error message.
1. If any post helps you please click the below the post(s) that helped you.
2. Please resolve your thread by marking the post "Solution?" which solved it for you!
3. Install free BlackBerry Protect today for backups of contacts and data.
4. Guide to Unlocking your BlackBerry & Unlock Codes
Join our BBM Channels (Beta)
BlackBerry Support Forums Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code

Very specific group policy for IE 11

Got a very interesting GPO I need created. I need a GPO that forces all users on a certain machine to use InPrivate browsing at all times while they are using IE. Or even for a specific website.
I have an application that has a bug that is fixed by using private browsing, weirdly enough. To limit problems with users saying "But I did use private browsing" I would ideally like to force the use of it while they are on the machine. If I have
to apply it to a specific group, that will be fine too, but the end result needs to be private browsing they cannot turn off at all.
Any suggestions? Open to Powershell solutions, or creative options.

Hi Noah ,
The only group policy I have found related to the InPrivateBrowsing is this :
User Configuration, Administrative Templates, Windows Components, Internet Explorer, Privacy and Turn off InPrivate Browsing
But it is used to turn on /off the Inprivate Browsing feature and it can not be used to force the Inprivate Browsing .
I am afraid the only good option is to create a shortcut for the user if you want the user to open the Internet Explorer in private browsing mode every time .
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Printers working, but getting group policy error (error 513)

Ok great, I'll let you know how it goes.

Hi all,I've got a print server role running on a Server 2012 VM. It was working great until a few days ago until one of the printers went offline. I restarted the print spooler (no effect), then restarted the server (brought the printer back online). Since then, I've been receiving these errors for all three printers we have on this server:Error ID: 513Source: Microsoft-Windows-PrintServiceMessage: Group Policy was unable to add per computer connection \\___\\Copier Konica Minolta C360 PCL. Error code 0x7B. This can occur if the name of the printer connection is incorrect, or if the print spooler cannot contact the print server.The printer names did not change, and since the printers are working, it seems that the spooler is working. I also tried updating the drivers through print management (there is a new version of the driver...
This topic first appeared in the Spiceworks Community

Need to individually compress groups of clips that are partof same Seq

I'm doing a short video for the Amer Cancer Society which has both HD video and many SD jpegs.
There are 5 HD video clips, being placed within the jpegs.
I have completed the HD video editing but the 5 HD clips are on the same timeline, so are part of the same Segment (I probably should have made them each individual Segments). (These HD clips are actually edited groups of individual clips and I don't want to have to re-edit these.)
I want to compress and downscale these 5 HD clips individually to SD, and then place them within the SD jpegs in different locations on the timeline (The SD jpegs are a separate FCP Project).
I'm stuck trying to figure out how I can take these HD clips -which are part of the same Segment- and compress them individually. Once I am able do this then I want to import them into the SD jpeg Project for placement on that timeline.

In general, if am combining HD and SD media, I will do the entire project in HD.
All the effects and color correction will work better with more pixels.
If you have still images in SD resolution that are JPEGs, it's even
more important to get them out of that lossy codec first before you
do any processing or editing.
By doing everything in HD you end up with the best quality master.
Then you can export various SD or web deliverables as necessary.
Besides, it's quite possible that your client will change their mind
and ask for an HD deliverable, too!
If you really really really want to stay in SD on your timeline,
you can select a group of edited HD clips and choose
Sequence:Nest Items to change the resolution and group
them together so they look like one clip. If you want to
add effects to the nest, option-double-click to open
the nest in the Viewer.

Question on a specific Group Policy setting for SCCM Updates

Hello,
This may not exactly be the correct forum for this question but in looking around I didn't come up with an immediate answer and was hoping someone else had this issue.
I have a WSUS server and am moving over to SCCM for updates. I've actually had success in getting 2 sets of patches installed after some very frustrating days thanks to people here.
I've noticed that when I switch workstations to my AD folder that has the SCCM Updates GPO instead of our standard WSUS GPO that we get action center errors "Set up Windows Update", "Windows Update is not set up". When we click
the flag it tells us to "Choose an Update Option".
In my new GPO I do have Configure Automatic Updates Enabled for "Auto Download and notify for install" but we still get this warning. Is there a differnet setting that controls this action that anyone is aware of in their experience? I looked
through the other settings but didn't se anything obvious.
Thanks for any help!

Hi Dustin,
I'd read a number of different things trying to solve the problem. That article looked a little familiar but I re-read it carefully.
I do have "specify intranet Microsoft Update service location" set to Not Configured as someone had correctly pointed me to that as the reason I was not getting updates.
I did not have "Allow signed updates from an Intranet Micorsoft update server" enabled so that shoudl help some.
"Configure Automatic Updates" was enabled because I, incorectly, thoguth that's all that might be needed since Ihad to make sure I'd Not Configured the first setting.
I had "Turn on Recommended Updates" Enabled so I put it back to not configured.
I understand that turning things to Not Configured doesn't necessarily change any previous group policy settings so I may be getting some fallout from having a WSUS server on these systems before. I'd just like to aviod having to have everyone go into the
action center and manually click to configure updates.
I'll see if my one setting change has any effect.
UPDATE: I forced a gpupdate and the red flag in the action center has not disappeared.

How do I delete folders listed in Time Machine that are no longer good?

I AM TRYING TO DELETE FOLDERS ON MY TIME MACHINE THAT I NO LONGER NEED:
MY TIME MACHINE FOLDER SHOWS AT PRESENT:
DIGI FILES_PE
DIGI FILES-PE-ACDS
DIGI-ACDS
HARD DRIVE
IPHOTO-PHOTO-PREV-PE
PREV-ELEMENTS
WORKING
I WANT TO DELETE:
PREV-ELEMENTS
DIGI FILES_PE
DIGI FILES-PE-ACDS
When I checked the Help INstructions it tell me to Highlight the file and click the Actions menu (Gear icon) from the toolbar.
Select “Delete all backups of <this file>”.
BUT...when I do that the Gear icon only shows "Move to Trash" Not “Delete all backups of <this file>”.
So when I try to move the old folders to the trash it tells me that the operation cannot be done?

See Pondini's TM FAQs for starters.

Group Policy processing failure on 2008 when MIX Domain 2003 with DC 2008

Dear I try to add additional Windows 2008 Domain to My Domain controller 2003 and I ma Receiving Group policy error in DC 2008 With Event ID 1055
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1055</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-03-06T14:36:44.411955300Z" />
<EventRecordID>3859</EventRecordID>
<Correlation ActivityID="{28DAD258-26D0-4C1E-A4B7-F37DEE04C8F1}" />
<Execution ProcessID="952" ThreadID="3276" />
<Channel>System</Channel>
<Computer>PRIMARYDC.Qtit.com</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">1632</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1578</Data>
<Data Name="ErrorCode">5</Data>
<Data Name="ErrorDescription">Access is denied.</Data>
</EventData>
</Event>
I install See KB939820 for a hotfix applicable to Microsoft DC 2003 regrading to he KRBTGT account
Refer Url : http://support.microsoft.com/kb/939820
I run dcdiag /v on and repadmin /showrepl at DC 2008
the dcdiag /v result
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine PRIMARYDC, is a Directory Server.
Home Server = PRIMARYDC
* Connecting to directory service on server PRIMARYDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... PRIMARYDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Advertising
The DC PRIMARYDC is advertising itself as a DC and having a DS.
The DC PRIMARYDC is advertising as an LDAP server
The DC PRIMARYDC is advertising as having a writeable directory
The DC PRIMARYDC is advertising as a Key Distribution Center
The DC PRIMARYDC is advertising as a time server
The DS PRIMARYDC is advertising as a GC.
......................... PRIMARYDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:18:56
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:53:21
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
......................... PRIMARYDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... PRIMARYDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... PRIMARYDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... PRIMARYDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
......................... PRIMARYDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC PRIMARYDC on DC PRIMARYDC.
* SPN found :LDAP/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :LDAP/PRIMARYDC.Qtit.com
* SPN found :LDAP/PRIMARYDC
* SPN found :LDAP/PRIMARYDC.Qtit.com/QTIT
* SPN found :LDAP/e3d8c76c-1b59-4de6-9f7f-c438df9a2863._msdcs.Qtit.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e3d8c76c-1b59-4de6-9f7f-c438df9a2863/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com
* SPN found :HOST/PRIMARYDC
* SPN found :HOST/PRIMARYDC.Qtit.com/QTIT
* SPN found :GC/PRIMARYDC.Qtit.com/Qtit.com
......................... PRIMARYDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC PRIMARYDC.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
DC=DomainDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=Qtit,DC=com
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Qtit,DC=com
(Configuration,Version 3)
* Security Permissions Check for
DC=Qtit,DC=com
(Domain,Version 3)
......................... PRIMARYDC failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\PRIMARYDC\netlogon
Verified share \\PRIMARYDC\sysvol
......................... PRIMARYDC passed test NetLogons
Starting test: ObjectsReplicated
PRIMARYDC is in domain DC=Qtit,DC=com
Checking for CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com in domain DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com in domain CN=Configuration,DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
......................... PRIMARYDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... PRIMARYDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 14607 to 1073741823
* SecondAD.Qtit.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 14107 to 14606
* rIDPreviousAllocationPool is 14107 to 14606
* rIDNextRID: 14124
......................... PRIMARYDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... PRIMARYDC passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x0000A001
Time Generated: 03/06/2014 16:04:05
Event String:
The Security System could not establish a secured connection with the server ldap/PRIMARYDC.Qtit.com/[email protected]. No authentication protocol was available.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:06:35
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:11:36
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:16:38
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:21:39
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:26:41
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:46
Event String:
Driver TOSHIBA e-STUDIO16/20/25 PCL 6 required for printer TOSHIBA e-STUDIO16/20/25 PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:48
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:49
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:14
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:31:42
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
......................... PRIMARYDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com and backlink on
CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on
CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com are
correct.
......................... PRIMARYDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Qtit
Starting test: CheckSDRefDom
......................... Qtit passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Qtit passed test CrossRefValidation
Running enterprise tests on : Qtit.com
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
PDC Name: \\SecondAD.Qtit.com
Locator Flags: 0xe00001bd
Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
KDC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
......................... Qtit.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... Qtit.com passed test Intersite
repadmin /showrepl Result
******************************8
==== INBOUND NEIGHBORS ===================================
DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:04 was successful.
CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:39 was successful.
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
DC=DomainDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:27:31 was successful.
DC=ForestDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
I try to down the DC 2003 and access \\Qtit.com it success open the syslog on DC 2008
Any help or advice

Hi,
Were there other error codes logged in Event Viewer?
Regarding Event ID 1055, the following article can be referred to for troubleshooting.
Event ID 1055 — Group Policy Preprocessing (Security)
http://technet.microsoft.com/en-us/library/cc727272(v=ws.10).aspx
Based on the report you posted, this issue may be related to FRS replication service. As a result, we can use ntfrsutl tool to check whether the replication service is healthy.
Regarding this point, the following articles can be referred to for more information.
Troubleshooting File Replication Service
http://technet.microsoft.com/en-us/library/bb727056.aspx
Ntfrsutl
http://technet.microsoft.com/en-us/library/hh875636.aspx
In addition, we can also try doing a non-authoritative Sysvol restore on Windows Server 2008 DC to see whether the issue persists.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Hope it helps.
Best regards,
Frank Shen

Work Folders - Specific Group Policy's that are needed to satisfy domain client security level

Similar Messages

Maybe you are looking for