11.5.2.602 Group Policy Installation issues
Consider the following scenario:
BigCorp wants to deploy a limited amount of software to their MS Windows desktop service, such that they can provide a rich browsing experience at login after a machine is joined to the domain. To facilitate this, they deploy browser plug-ins such as Flash and Shockwave using group policy software installation (GPSI).
This is a sensible decision, as there are vendor provided MSIs available to use and it ensures that the software is easily managed (upgrades, removal etc)
When attempting to deploy Shockwave v11.5.2.602 an incorrect repair of the MSI is triggered on first use of the software for each user.
On a standalone, otherwise clean, Windows XP SP3 machine with IE7:
1. Install the software as a user with the correct rights (AdminUser), using the MSI direct from Adobe.
2. Logout AdminUser and Login StandardUser
3. Visit http://www.adobe.com/shockwave/welcome/ - At this point the MSI runs a repair and logs the following to the application event log:
Event Type: Warning
Event Source: MsiInstaller
Event Category: None
Event ID: 1004
Date: 02/12/2009
Time: 09:30:48
User: IT-2220-VM4\Standard
Computer: IT-2220-VM4
Description:
Detection of product '{7D0F2155-D7D3-42CE-903F-684ADD77FF89}', feature 'Adobe_Shockwave_Player_', component '{E89F323D-7BDB-46E1-A0FD-6227821F94EA}' failed. The resource 'C:\Documents and Settings\AdminUser\Application Data\Adobe\' does not exist.
Event Type: Warning
Event Source: MsiInstaller
Event Category: None
Event ID: 1001
Date: 02/12/2009
Time: 09:30:48
User: IT-2220-VM4\Standard
Computer: IT-2220-VM4
Description:
Detection of product '{7D0F2155-D7D3-42CE-903F-684ADD77FF89}', feature 'Adobe_Shockwave_Player_' failed during request for component '{3D3697FC-DB90-46D8-9ED4-5D54B4901F62}'
*** Please note the path in EventID 1004 above (C:\Documents and Settings\AdminUser\Application Data\Adobe\) has been generated whilst logged in as StandardUser NOT AdminUser. ***
This condition will always be true, since there is no read permission on another users profile for a standard user account. Granting this right is not desirable in a roaming profile environment. This repair will be triggered for each and every user of the machine.
Though this repair appears to be non-destructive and doesn't appear to inhibit successful removal, it is undesirable behaviour.
Furthermore, and as other have mentioned, loading a shockwave item in a browser (IE7 in our case) also results in the following entry in the system event log:
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10000
Date: 02/12/2009
Time: 09:30:49
User: IT-2220-VM4\Standard
Computer: IT-2220-VM4
Description:
Unable to start a DCOM Server: {1F3CB77D-D339-49E0-B8E4-FECD6D6F8CB8}. The error:
"The filename, directory name, or volume label syntax is incorrect. "
Happened while starting this command:
C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" -Embedding
We are keen to move to the latest version of Shockwave, for the obvious reasons, but these issues are going to make it difficult to get through our change management processes; as the package doesn't meet the requirements we have laid out for our user experiences.
Can someone at Adobe comment on the reason for this undesirable behaviour and how it came about? Can we expect later versions of Shockwave to exhibit the same behaviour?
Hi,
I have posted an MST file which fixes this and other issues to the following thread here:
http://forums.adobe.com/message/2697135#2697135
Please post any feedback to that thread!
Kind regards,
Chris Hill
Similar Messages
-
ActiveX msi Flash Player 10.0.42.34 group policy deploy issue
I have been deploying the flash player to our workstations since version 9. We have a 2003 AD domain and XP SP3 workstations.
I know that it is recommended to use the flash uninstall program to remove flash when installing a new version but I haven’t taken the time to work on that type of scripting for any install. Any attempts to uninstall the previous versions of flash via group policy when deploying have never worked. I had the same experience with java 1.5 jres…they would never uninstall via policy.
I have had success so far with deploying the latest version to the workstations with a new policy while leaving the old policy applied until a few weeks have past when all the workstations have been updated.
I am in the process of deploying Flash Player 10.0.42.34 to replace Flash Player 10.0.32.18
My test deploy to my virtual XP test workstation worked with no problems. The flash test paged detected the newer version and the correct version was in add/remove programs.
I then did a test deploy to a production workstation and the software installed without errors (the group policy install went extremely fast so I knew something was wrong). No errors were reported in the workstation application log. However when you visited the flash test page no version of flash was detected. I also checked in add/remove programs and the program icon was the windows installer icon instead of the normal red flash box….this has been associated with other installation issues in the past.
I have tried this on 3 other production machines and experienced the same results. My virtual XP test workstation has only had version 10.0.32.18 on it so I am guessing that having had the older versions of 10 on the production workstations is causing the problem somehow.
I have had issues in the past, but nothing like this. Looks like I may have been owned by adobe on this one.
Any insight would be appreciated.
ThanksSure , here is the url :
http://www.forevermark.com/ja-jp/The-World-of-Forevermark-/Precious-Collection/
On some machines , the Japanese text in the centre section appears very large. ..( see attached snapshot)
We initially encountered this on the version prior to the 10.0.42.34 version.
However even after the upgrading to 10.0.42.34 , the problem still persists .
Thanks -
Flash Player group policy installation
Hi All,
Consider the following scenario:
BigCorp deploys thier Flash player the Group Policy Software Installation (GPSI).
BigCorp rolls out the latest version of Flash player to thier site. Although BigCorp has followed all thier testing plans, and not noticed errors - users begin to report issues with a line of business app which uses Flash.
Admins at BigCorp disable the policy which installed the latest version of Flash payer, and re-enable the previous version. Affected users reboot thier machines and they hang indefinatley at the GPSI instllation stage.
This behaviour appears to be by design, but the behaviour of the installer is not sane at this point.
I believe that this issue is caused by the feature noted at http://kb2.adobe.com/cps/402/kb402435.html - since removing HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer\SafeVersions prevents this from happening. (Specific versions are listed, and appear to work as one might expect; i.e. remove the DWORD value at HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayer\SafeVersions\10 and earlier versions can be installed)
The reason for the indefinate wait during installation of a downlevel version appears to be that the installer is displaying a dialog box that has been suppressed by GPSI since it is, I imagine, waiting for a response from the user that it will never recieve. At this point the only way to allow the machine to complete a reboot is to either a)disonnect the network b) force the policy to fall out of scope.
Evidence for this can be obtained from the %windir%\system32\macromed\Flash\install.log; specifically the line:
MessageBox: 12582960,"The version of Adobe® Flash® Player ActiveX that you are trying to install is not the most current version. Please visit http://www.adobe.com/go/getflashplayer to obtain the latest, most secure version."
Whilst I can understand (to some extent) the design of this feature - preventing the installation of an older client in this manner is disruptive to Adobe's clients.
It would be advantageous if we could override this using an MSI property. For example the Safe Versions features is in effect, unless the notional IGNORESAFEVERSIONS property is set to 'YES'. (Perhaps Adobe could consider this a feature request?)
This would afford protection for the maximum number of customers, but allow users with a business need to roll back to an older version of Flash player to shoulder the responisbility of running an older version.
http://kb2.adobe.com/cps/141/tn_14157.html is NOT a sensible solution for customer who are relient on GPSI for Flash Player installation. Repeatedly running the downloadable uninstaller is not a sane thing to do, as far as I can tell.
I've only tested this with the Adobe supplied MSI (not the in-browser installer) as I have thousands of machines to deploy this to.
Does anyone else have issues with this, and how do you get around them?Hi,
Apologies for digging up this thread but this issue has meant that I haven't deployed any updates to the Flash Player ActiveX since 10.0.45.2 for fear that it'll break my whole GP software deployment.
Firstly, I don't think Adobe will ever do 'the right thing' and introduce a new MSI property to make the install ignore any existing SafeVersions registry keys because I don't think they can; the actual ActiveX install is a custom action that calls an external executable embedded within the MSI that doesn't use Windows Installer technology so it wouldn't be aware of any MSI properties.
However, I've recently revisited this problem and I think I may have come up with a solution.
The trick I've employed is to ensure that the HKLM\Software\Macromedia\FlashPlayer\SafeVersions registry key gets removed during the MSI uninstall routine. To do this you need to modify the MSI to add a new row into the Registry table.
You can do this by generating a transform using Orca, like so;
Registry = [any unique value you like]
Root = 2
Key = Software\Macromedia\FlashPlayer\SafeVersions
Name = *
Value = [Blank]
Component = ISRegistryComponent
The important bit is the asterix against the Name value. This tells the MSI to always remove that registry key upon uninstall no matter what existing values are contained within the key. Once that key is gone you can install any other version of Flash Player you like, even older versions.
This whole method of deployment relies on a couple of things to work though;
You must ensure that Flash Player auto updates are turned off for all your workstations that have Flash Player installed using Group Policy. http://kb2.adobe.com/cps/167/16701594.html describes this method. Note that for x64 machines you must place the MMS.CFG file under %systemroot%\SysWOW64\Macromed\Flash and not %systemroot\SysWOW64 like the document says. This ensures that your users don't manually update Flash Player out of your control and with an MSI that doesn't employ the fix as above.
Ensure that all future versions of Flash Player are pushed out using Group Policy and that you use the transform file above for each one. If you do this you can roll back to a previous version without issue.
Assign the MSI to your computers rather than users
I've only ever 'replaced' Flash Player in Group Policy when rolling out a new version rather than upgrade it. This means that the existing version is completely uninstalled before the new one. That's not to say that upgrades won't work, it's just that I've never tried it.
EDIT: 'Upgrading' previous MSI's works fine.
One last thing to note though is if you've already assigned Flash Player using Group Policy you can directly modify the install_flash_player_10_active_x.msi that was used to include the above registry row (ie, not using a transform) and then re-deploy it. This ensures that the SafeVersions key will be removed right from the start if it is ever uninstalled. Of course, if any of your users have manually upgraded to a newer version since then this won't work - in that case you'll have to remove the SafeVersions key manually, perhaps using a VB script (ideally at machine shutdown).
I hope this information helps anyone who's had a headache with deploying Flash Player through Group Policies.
Cheers,
Zinc
Message was edited by: Zinc666 -
Hi experts,
My client's environment is tightly controlled and this causes me issues whenever we need to upgrade B1. As such i would to develop a Group Policy and have the upgrade triggered remotely when the user logs in to the computer.
Has anyone explored this avenue?
thx,
Richard.Hi experts,
My client's environment is tightly controlled and this causes me issues whenever we need to upgrade B1. As such i would to develop a Group Policy and have the upgrade triggered remotely when the user logs in to the computer.
Has anyone explored this avenue?
thx,
Richard. -
Local group policy application issues
I'm having some issues with applying local group policies using ZCM 11.2.3a. Basically, not all of the settings I've applied in the GPO are being applied to the PC.
The setup is this:
* Applying policies to Windows 7 Enterprise x64
* User Group Policies are applied first, then Computer policies are applied. User policies seem to be applying correctly.
* Security settings in the Computer Group Policy are applying correctly (eg, renaming the local administrator and guest account, displaying a message prior to the logon window).
* The policies list in the ZCM agent properties reports that the policy has been successfully applied.
* No settings in the 'Administrative Templates' section of the policy are applied to the PC.
Checking in gpedit.msc, policies show that they're enabled. However if I run rsop.msc, there's no administrative templates section in the computer policy at all. If I run gpupdate /force, I also get errors for the computer configuration - 'The processing of Group Policy failed because of an internal system error'.
This is a new policy package I've created from scratch within the past week.
I've just now also gone and created a brand new test policy package, with one setting in admin templates configured, and one in security settings. This one has successfully applied correctly.
Is anyone else seeing issues like this? It's not the first strange behaviour I've been seeing with ZCM policy application, and not the first policy package we've had that's become corrupted. I'm really starting to lose confidence in policy application via ZCM. Unfortunately, with no AD in our environment, I've got no alternative.Originally Posted by thatsnotme
I'm having some issues with applying local group policies using ZCM 11.2.3a. Basically, not all of the settings I've applied in the GPO are being applied to the PC.
The setup is this:
* Applying policies to Windows 7 Enterprise x64
* User Group Policies are applied first, then Computer policies are applied. User policies seem to be applying correctly.
* Security settings in the Computer Group Policy are applying correctly (eg, renaming the local administrator and guest account, displaying a message prior to the logon window).
* The policies list in the ZCM agent properties reports that the policy has been successfully applied.
* No settings in the 'Administrative Templates' section of the policy are applied to the PC.
Checking in gpedit.msc, policies show that they're enabled. However if I run rsop.msc, there's no administrative templates section in the computer policy at all. If I run gpupdate /force, I also get errors for the computer configuration - 'The processing of Group Policy failed because of an internal system error'.
This is a new policy package I've created from scratch within the past week.
I've just now also gone and created a brand new test policy package, with one setting in admin templates configured, and one in security settings. This one has successfully applied correctly.
Is anyone else seeing issues like this? It's not the first strange behaviour I've been seeing with ZCM policy application, and not the first policy package we've had that's become corrupted. I'm really starting to lose confidence in policy application via ZCM. Unfortunately, with no AD in our environment, I've got no alternative.
We have the same problem.
It does not occur on all clients. Only sporadically. Some settings are applied, some not.
We also have ZCM 11.2.3a in use.
Have you already opened a SR on this? Can you let us share the information? Perhaps an SR number so that we can attach ourselves?
Thanks Stefan -
EMET v5.1 ADMX Group Policy Template Issue - Default protection settings can't be disabled
I am configuring EMET v5.1 (from 11/18/14) settings via GPO using the custom EMET admx template provided by Microsoft. I am able to enable all the EMET settings via GPMC and disable most of them, but I am not able to disable these 3 EMET setting via
GPMC in a GPO:
Default Protections for Internet Explorer
Default Protections for Popular Software
Default Protections for Recommended Software
When configuring any of these 3 EMET GPO settings to disabled and pressing apply or OK, GPMC keeps it at Not Configured, it does not change to disabled as it normally would. I have never before seen this in GPMC, where you try to disable a setting and it
doesn't change to disabled.
Unless this is somehow intended by Microsoft for these 3 EMET GPO settings, I think that this is a glitch/bug in the EMET GPO Template or the way that it works in GPMC.
Looking for some Guidance from a MS Rep to replicate this issue or anyone else who can confirm if they also see this issue. I have tested on multiple Windows 8.1 Enterprise x64 Update 2 Workstations, with GPMC loaded and the latest EMET ADMX file loaded
from the EMET client on 11/18/14. I have tested this in 2 separate domains, Note that we do not have Central ADMX Stores in either domain.I had a similar requirement as yours and found that we were able to get around in a simpler method then what was listed here. What we did was set GPO Preferences Registry changes which would then override the previously set EMET ADMX settings set from
another global GPO.
To be specific we had some thirds applications which were add-ons to Microsoft Excel, and the EMET was preventing the application from talking to Excel. So for the users that use this application we have a GPO which Does the following in the Preferences
section:
Action: Replace
HIVE: HKEY_LOCAL_MACHINE
Key path: SOFTWARE\Policies\Microsoft\EMET\Defaults
Value name: Excel
Value type: REG_SZ
Value data: *\OFFICE1*\EXCEL.EXE -Caller -MandatoryASLR -
Problem Pushing Printer Preferences through Group Policy
Most of the time, networked printers that we push through group policy preferences show up just fine on our clients (Windows 7). About 1 in 10 computers fail however, and it's driving me up the wall! The computer that fails is not consistent, meaning I can
reboot a computer and the printer then shows up correctly. It may not, however, a week later. Fairly random. Looking through the application event log, I uncovered this:
The user 'myprinter' preference item in the 'mygrouppolicy {7EDE8A14-773C-4E43-93AE-050240E0B204}' Group Policy object did not apply because it failed with error code '0x800706ba The RPC server is unavailable.' This error was suppressed.
Again, this error does not occur all the time, though if I reboot a large group of computers, it will definitely show up on 1 or 2 of them. At this point, I'm looking for any suggestions for a next step. Thanks!
-PeterHello Modab,
If you reboot server the printer is redeployed properly. It is possible that when the printer is deployed the network is still not prepared properly so the RPC error
is popped up. Please try the following suggestions:
1. Disable Fast Logon feature
Enable the
[Computer Configuration \ Administrative Templates \ System \ Logon \ Always wait for the network at computer startup and logon]
group policy.
Logon Optimization
http://msdn.microsoft.com/en-us/library/aa374350(VS.85).aspx
Description of the Windows XP Professional Fast Logon Optimization feature
http://support.microsoft.com/kb/305293/en-us
2. Group policy application issue may occur because of Gigabit NIC. Please try the suggestions in the following steps and KB.
a.
To prevent your network adapter from detecting the link state(For Windows Vista/7):
Run the following commands one by one:
netsh interface ipv4 set global dhcpmediasense=disabled
netsh interface ipv6 set global dhcpmediasense=disabled
For Windows XP, you can see
http://support.microsoft.com/kb/239924
b.
Contact the vendor of the network card or visit their web site to obtain updated drivers for the Gigabit NIC.
Examples of NICs known to exhibit this issue:
- Broadcom Gigabit Adapter
- Intel Gigabit Ethernet PRO Adapter, Intel Pro/1000
- Intel 82544EI-based XT Gigabit Adapter (82540EM chipse)
- Compaq/HP NIC dual interface 10/100/1000 doing teaming (HP NC7170)
- Dell Inspiron laptops using an on-board Broadcom BCM4401 NIC
c.
A sever may have a Dual Port NIC or multiple NIC's with one port or NIC set to Disabled. The disabled port or NIC should not be at the top of the binding order in the Network
Advance Properties.
1.
Click Start, point to Settings, and then click "Network and Dial-up Connection".
2.
On the Advanced menu, click "Advanced Settings".
3.
On the "Adapters and Bindings" tab, in the connections list, select the NIC that the clients use to connect to the server and move it to the top of the list.
d.
Turning off STP can cause issues in your network if a loop ever develops. If you are running a Cisco Series switch or any other switch that runs Spanning Tree, it is best to
leave spanning tree turned on, but enable PORTFAST on all the ports except uplink and fiber trunks.
326152 Cannot connect to domain controller and cannot apply Group Policy with Gigabit Ethernet devices
http://support.microsoft.com/default.aspx?scid=kb;EN-US;326152
3.
Remove all of 3rd-party software such as firewall software.
4. Set a registry value to delay the application of Group Policy.
http://support.microsoft.com/kb/2421599
http://support.microsoft.com/kb/840669
Brent Hu,
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ” -
To get some errors about group policy due to disabled an account
Hello
I have an active directory on windows 2012 datacenter. there is a domain on it. it works well.
Also there is a another AD on another location. there is another domain on it. also it works too.
there is a trust relationship between 2 domains.
I disabled an account on first AD server 4 days ago. and then my colleague who manages second AD, notified that started to recieve some errors from eventviewer and have an issue about their group policy.
the issue event as below;
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller
(LDAP Bind function call failed). Look in the details tab for error code and description.
Event ID 1006
Event Source Group Policy
I think the concerning account was built on the second AD for a service. But we don't know how we can find the account on the second AD server in order to change it.
How can I fix the issue?
ThanksHi Yavuz,
>>But we don't know how we can find the account on the second AD server in order to change it.
What account did we disable? We can check the error code (displayed as a decimal) and error description fields of Event ID 1006 to see if more information can be found.
Regarding Event ID 1006, the following article can be referred to for more information.
Event ID 1006 — Group Policy Preprocessing (Active Directory)
https://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Group Policy - Issues deploying software packages through GPO
Hello everyone,
I am having issues successfully deploying MSI packages through group policy. I have set my computer account up in its own test OU in my domain, but yet the software will not deploy. Example, I'm trying to deploy AVG Anti-Virus and make sure it
is installed on each and every PC in my domain. As for the GPO, I set it up as an assigned package and pointed to the location of the package with the UNC file path (visible to both the DC and my computer that is part of the affected OU)
On the domain controller, I get these messages in application event logs:
Beginning a Windows Installer transaction: \\hs-dc2\software\avg\installavg.msi. Client Process Id: 9048.
Ending a Windows Installer transaction: \\hs-dc2\software\avg\installavg.msi. Client Process Id: 9048.
This shows up when I refresh GP on my computer. I run gpresult /h GPReport.html and get the following message:
Software Installation failed due to the error listed below.
Fatal error during installation.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between
The software is in a share on the domain controller that is visible from my computer, and permissions are set where "Everyone" has read access. I have tested the package on my computer and it installs
correctly if I do it manually, so it's a good package.
I'm at a loss. I am admitedly very new to GP management, but I'm pretty sure I have covered all my bases here. I humbly ask for any and all help that you all can provide.
Thank you all very much, have a great weekend!> Magnolia_Schools.exe
What's that???
> \\hs-dc2\software\avg\installavg.msi
> <file://\\hs-dc2\software\avg\installavg.msi> /qb addeploy=1
/qb ADDEPLOY=1
Uppercase matters (:
A bissle "Experience", a bissle GMV... Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
I should have explained, my apologies. The InstallAVG.msi is the package I have GP deploying. it is a package that AVG wrote for us that goes in, uninstalls the two previous antivirus softwares we have on our network if it is present, and
then wraps it to run magnolia_schools.exe which installs the AV software. I am uninstalling AVG now and will try reinstalling with
\\hs-dc2\software\avg\installavg.msi /qb ADDEPLOY=1 and report back.
also, the only logs I found that were around the time of the install attempt were such as these:
1: 2905 2: C:\windows\system32\appmgmt\MACHINE\{06ee0d46-cd5f-4216-a09f-2aeb573aa5ba}.aas
1: 2905 2: C:\windows\system32\appmgmt\MACHINE\{06ee0d46-cd5f-4216-a09f-2aeb573aa5ba}.aas
Does that tell you anything?
I will say this, if this means anything...now that AVG is installed, the event logs are changing from an error %%1603 to this:
Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274
The removal of the assignment of application exe2msiSetupPackage from policy Install AVG failed. The error was : %%2
So it acts like it's at least seeing that the package is installed...and reacting differently, correct?
Thanks so much -
Software Installation Processing Alerts - Group Policy Failures?
Hello,
I am getting several errors reported by SCOM Software Installation Processing alert
In the local event log I have:
Warning 9/15/2014 11:09:37 AM GroupPolicy 1112 None
Warning 9/15/2014 11:09:37 AM Application Management Group Policy 108 None
Error 9/15/2014 11:09:37 AM Application Management Group Policy 103 None
Warning 9/15/2014 11:09:37 AM Application Management Group Policy 101 None
with the details:
101 - The assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %%1274
103 - The removal of the assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %%2
108 - Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274
1112 - The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
- Computer Configuration > Policies > Administrative Templates > System > Group Policy > Policy > Startup policy processing is enabled
what does exactly this means?
Thanks,
Dom
System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity ManagerHi,
Yes the packaged is installed.
Troubleshooting the issue deeper with http://support.microsoft.com/kb/249621/en-us is showing
Software installation extension has been called for background policy refresh
09-16 06:34:09:346
Software installation extension has been called for background policy refresh
The following policies are to be applied, flags are 11.
MITS Servers Software (unique identifier {E76FB561-E177-421D-AE43-109EADEAD751})
System volume path = \\ad.medctr.ucla.edu\sysvol\ad.medctr.ucla.edu\Policies\{E76FB561-E177-421D-AE43-109EADEAD751}\Machine
Active Directory path = LDAP://CN=Machine,cn={E76FB561-E177-421D-AE43-109EADEAD751},cn=policies,cn=system,DC=ad,DC=medctr,DC=ucla,DC=edu
Set the Active Directory path to LDAP://CN=Class Store,CN=Machine,cn={E76FB561-E177-421D-AE43-109EADEAD751},cn=policies,cn=system,DC=ad,DC=medctr,DC=ucla,DC=edu;.
Enumerating applications in the Active Directory for computer MSVROFAS2 with flags 5.
The following applications were found in policy MITS Servers Software.
Assigned application SMS Client Setup Bootstrap (flags a0044c70).
Found 1 applications in policy MITS Servers Software.
Enumerating the managed applications which are currently applied to this user.
No managed applications are currently applied to this user.
Found 0 applications locally that are not included in the set of applications from the Active Directory.
Application SMS Client Setup Bootstrap from policy MITS Servers Software is set for installation because it is assigned to this computer policy.
Software installation extension cannot perform removal or install operations during asynchronous policy refresh and will force a synchronous foreground refresh.
The assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %1274
Removing application SMS Client Setup Bootstrap from the software installation database.
Calling Windows Installer to remove application advertisement for application SMS Client Setup Bootstrap from script C:\Windows\system32\appmgmt\MACHINE\{ecbf218d-0d04-4b00-a43e-91ba5c41d119}.aas.
Windows Installer cannot remove application advertisement for application SMS Client Setup Bootstrap from script C:\Windows\system32\appmgmt\MACHINE\{ecbf218d-0d04-4b00-a43e-91ba5c41d119}.aas, error 2.
The removal of the assignment of application SMS Client Setup Bootstrap from policy MITS Servers Software failed. The error was : %2
Policy Logging for Software Management is attempting to log application SMS Client Setup Bootstrap from policy MITS Servers Software.
Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %1274
Software installation extension has detected changes that require a synchronous foreground policy refresh.
Software installation extension returning with final error code 1274.
And this is happening hourly !!!
This is the current status...
Thanks,
Dom
System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager -
Hi All,
Am facing plenty of issues in Group policies.. Like when i run this command "gpresult /v" i could see the same policy applied in as thrice in applied group policy.. and that policy is default domain policy.. also trying to add one of intranet site
in Internet Group policy maintenance policy but its not reflected to users.. even i forced the policy.. Please advice me on this.
i have given the gpresult fyr.. some have a quick look and advice me accordingly.
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 3/6/2014 at 9:20:31 AM
RSOP data for OURDOMAIN\venkat2r on INBRLT141 : Logging Mode
OS Configuration: Member Workstation
OS Version: 6.1.7601
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\venkat2r
Connected over a slow link?: No
USER SETTINGS
Last time Group Policy was applied: 3/6/2014 at 9:07:33 AM
Group Policy was applied from: INCHDC01.OURDOMAIN.com
Group Policy slow link threshold: 500 kbps
Domain Name: OURDOMAIN
Domain Type: WindowsNT 4
Applied Group Policy Objects
ourdomain_Policy_Customized
Global_Wallpaper
ourdomain_Policy_Customized
ourdomain_Policy_Customized
The following GPOs were not applied because they were filtered out
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
High Mandatory Level
The user has the following security privileges
Resultant Set Of Policies for User
Software Installations
N/A
Logon Scripts
N/A
Logoff Scripts
N/A
Public Key Policies
N/A
Administrative Templates
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn
Value: 1, 0, 0, 0
State: Enabled
GPO: ourdomain_Policy_Customized
KeyName: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut
Value: 54, 0, 48, 0, 48, 0, 0, 0
State: Enabled
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\System\Wallpaper
Value: 67, 0, 58, 0, 92, 0, 87, 0, 105, 0, 110, 0, 100, 0, 111, 0, 119, 0, 115, 0, 92, 0, 87, 0, 101, 0, 98, 0, 92, 0, 87, 0, 97, 0, 108, 0, 108, 0, 112, 0, 97, 0, 112, 0, 101, 0,
114, 0, 92, 0, 69, 0, 109, 0, 101, 0, 114, 0, 105, 0, 111, 0, 46, 0, 106, 0, 112, 0, 103, 0, 0, 0
State: Enabled
GPO: ourdomain_Policy_Customized
KeyName: Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
Value: 1, 0, 0, 0
State: Enabled
GPO: ourdomain_Policy_Customized
KeyName: Software\Policies\Microsoft\Internet Explorer\Main\Start Page
Value: 104, 0, 116, 0, 116, 0, 112, 0, 58, 0, 47, 0, 47, 0, 115, 0, 116, 0, 97, 0, 114, 0, 46, 0, 101, 0, 109, 0, 101, 0, 114, 0, 105, 0, 111, 0, 99, 0, 111, 0, 114, 0, 112, 0, 46,
0, 99, 0, 111, 0, 109, 0, 47, 0, 83, 0, 105, 0, 110, 0, 103, 0, 97, 0, 112, 0, 111, 0, 114, 0, 101, 0, 47, 0, 100, 0, 101, 0, 102, 0, 97, 0, 117, 0, 108, 0, 116, 0, 46, 0, 97, 0, 115, 0, 112, 0, 120, 0, 0, 0
State: Enabled
GPO: ourdomain_Policy_Customized
KeyName: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure
Value: 49, 0, 0, 0
State: Enabled
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper
Value: 1, 0, 0, 0
State: Enabled
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoThemesTab
Value: 1, 0, 0, 0
State: Enabled
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\System\WallpaperStyle
Value: 52, 0, 0, 0
State: Enabled
Folder Redirection
N/A
Internet Explorer Browser User Interface
GPO: ourdomain_Policy_Customized
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: ourdomain
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
HTTP Proxy Server: N/A
Secure Proxy Server: N/A
FTP Proxy Server: N/A
Gopher Proxy Server: N/A
Socks Proxy Server: N/A
Auto Config Enable: No
Enable Proxy: No
Use same Proxy: No
Internet Explorer URLs
GPO: ourdomain_Policy_Customized
Home page URL: http://star.OURDOMAIN.com/Singapore/default.aspx
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: ourdomain_Policy_Customized
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: Yes
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
GPO: ourdomain_Policy_Customized
Import the current Program Settings: No
Thanks, Venkatesh. "Hardwork Never Fails"Hi,
Before going further, I have to admit that I made a mistake and Paul is right.
>>But i am not able to change the security settings in IE like adding sites in Trusted sites its grayed out.
If we don’t want to allow users to change this setting, we can configure this setting via native policy and the following blog can be referred to as reference.
Internet Explorer 10 – Add Sites To The Trusted Sites Zone With Group Policy
http://johnfail.wordpress.com/2013/11/07/internet-explorer-10-add-sites-to-the-trusted-sites-zone-with-group-policy/
If we want to allow users to change this setting, we can configure this setting via GPP Registry.
Regarding this point, the following thread can be referred to for more information.
Add Trusted Sites Via GPO but still allow users to add trusted sites
http://community.spiceworks.com/topic/326140-add-trusted-sites-via-gpo-but-still-allow-users-to-add-trusted-sites
Best regards,
Frank Shen -
Fireworks 8 Installation Problem via Group Policy
Hi,
We are trying deploy Studio 8 across our site using the
provided MSI's and Group Policy following this guide -
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=332882
I have created the mst files for all products and set them to
be deployed by group policy. Dreamweaver, Flash, Contribute, Flash
Video Encoder and Flash Extensions Manager all install fine however
Fireworks will not, looking in the event log it doesn't even
attempt to install. All folders have the same permissions, the MSI
& MSTs are all part of the same Group Policy Object using the
"Software Installation" method with the same permissions.
Fireworks will install using MSIEXEC from the command line so
the package and mst are fine.
Has anyone else come across this problem?
Thanks
MattWe are having the same issue here at our NSW High School. I
have traced the problem to be that Fireworks wants to deploy in
Chinese (instead of English) and because of this it will not
install. I am looking for a way to convert the msi file to an mst
so I can choose English as the default install language.
Hope this info is useful -
Issue with GPO "WSE Group Policy Password Synchronization"
When I started my migration of SBS2011 to 2012r2 with essentials service I noticed this GPO appear which I assume is for passwords to be synced to the cloud however when I implemented group policy from essentials the dashboard crashed and the typical
GPO's that it creates weren't there and only the folder-redirection was present it was also blank so I deleted it (I didnt delete the GPO "WSE Group Policy Password Synchronization" )
I then re-launched the dashboard and ran through the process again, it worked what a treat! except the GPO for "WSE Group Policy Password Synchronization"
appears to be blank, I remember it pointing to a ps file but I dont know what ps file and how to recreate it, along with to confirm what it does. Sadly I have no GPO backup to go back to.
any help on this would be much appreciated
CheersHi,
à
however when I implemented group policy from essentials the dashboard crashed
Based on your description, I understand that Dashboard crashed when implemented group policies (some WSE Group
Policy).
àthe typical
GPO's that it creates weren't there and only the folder-redirection was present it was also blank so I deleted it (I didnt delete the GPO "WSE Group Policy Password Synchronization")
Did you mean that deleted the ‘WSE Group Policy Folder Redirection’? Would you please let me know whether do
any operation for the ‘WSE Group Policy Password Synchronization’? Meanwhile, please check if other WSE Group Policy also was
No Settings defined in Settings tab (as your ‘WSE Group Policy Password Synchronization’ picture showed).
àSadly I have
no GPO backup to go back to.
Please start a BPA scan and check if find relevant issue. If no GPO backup, it seems that not be able to help
us to restore group policy objects. By the way, did you have a Full server backup?
If anything I misunderstand or any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu -
issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login
issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login
-
I have two Domain Controllers Main ( Main DC ) and Second DC.
the date of some policies is not out of date....
please check these files to know the problem.
dcdiag.txt output:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine ASMDC, is a Directory Server.
Home Server = ASMDC
* Connecting to directory service on server ASMDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=buc,DC=edu,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=buc,DC=edu,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ASMDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... ASMDC passed test Connectivity
Testing server: Default-First-Site-Name\BSMDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... BSMDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ASMDC
Starting test: Advertising
The DC ASMDC is advertising itself as a DC and having a DS.
The DC ASMDC is advertising as an LDAP server
The DC ASMDC is advertising as having a writeable directory
The DC ASMDC is advertising as a Key Distribution Center
The DC ASMDC is advertising as a time server
The DS ASMDC is advertising as a GC.
......................... ASMDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... ASMDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... ASMDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ASMDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... ASMDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Domain Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role PDC Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Rid Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
......................... ASMDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC ASMDC on DC ASMDC.
* SPN found :LDAP/ASMDC.buc.edu/buc.edu
* SPN found :LDAP/ASMDC.buc.edu
* SPN found :LDAP/ASMDC
* SPN found :LDAP/ASMDC.buc.edu/BUC
* SPN found :LDAP/5e88f85b-15a6-4ff5-b0fd-6df748df06fd._msdcs.buc.edu
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5e88f85b-15a6-4ff5-b0fd-6df748df06fd/buc.edu
* SPN found :HOST/ASMDC.buc.edu/buc.edu
* SPN found :HOST/ASMDC.buc.edu
* SPN found :HOST/ASMDC
* SPN found :HOST/ASMDC.buc.edu/BUC
* SPN found :GC/ASMDC.buc.edu/buc.edu
......................... ASMDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ASMDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=buc,DC=edu
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=buc,DC=edu
(Configuration,Version 3)
* Security Permissions Check for
DC=buc,DC=edu
(Domain,Version 3)
......................... ASMDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ASMDC\netlogon
Verified share \\ASMDC\sysvol
......................... ASMDC passed test NetLogons
Starting test: ObjectsReplicated
ASMDC is in domain DC=buc,DC=edu
Checking for CN=ASMDC,OU=Domain Controllers,DC=buc,DC=edu in domain DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu in domain CN=Configuration,DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
......................... ASMDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=DomainDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Schema,CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... ASMDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8604 to 1073741823
* ASMDC.buc.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 7604 to 8103
* rIDPreviousAllocationPool is 7604 to 8103
* rIDNextRID: 7640
......................... ASMDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ASMDC passed test Services
Starting test: SystemLog
* The System Event log test
An Warning Event occurred. EventID: 0x825A0024
Time Generated: 08/21/2014 00:22:16
Event String:
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system
time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources.
Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
An Warning Event occurred. EventID: 0x8000000E
Time Generated: 08/21/2014 00:32:29
Event String:
There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential BUC.EDU\administrator.
An Error Event occurred. EventID: 0x00000422
Time Generated: 08/21/2014 00:32:29
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\buc.edu\sysvol\buc.edu\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not
successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
......................... ASMDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=ASMDC,OU=Domain Controllers,DC=buc,DC=edu and backlink on
CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
The system object reference (serverReferenceBL)
CN=ASMDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=buc,DC=edu
and backlink on
CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
......................... ASMDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\BSMDC
Starting test: Advertising
The DC BSMDC is advertising itself as a DC and having a DS.
The DC BSMDC is advertising as an LDAP server
The DC BSMDC is advertising as having a writeable directory
The DC BSMDC is advertising as a Key Distribution Center
The DC BSMDC is advertising as a time server
The DS BSMDC is advertising as a GC.
......................... BSMDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... BSMDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... BSMDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BSMDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... BSMDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Domain Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role PDC Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Rid Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
......................... BSMDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC BSMDC on DC BSMDC.
* SPN found :LDAP/BSMDC.buc.edu/buc.edu
* SPN found :LDAP/BSMDC.buc.edu
* SPN found :LDAP/BSMDC
* SPN found :LDAP/BSMDC.buc.edu/BUC
* SPN found :LDAP/93561cab-4fb3-421f-9a67-af6b4c280eca._msdcs.buc.edu
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/93561cab-4fb3-421f-9a67-af6b4c280eca/buc.edu
* SPN found :HOST/BSMDC.buc.edu/buc.edu
* SPN found :HOST/BSMDC.buc.edu
* SPN found :HOST/BSMDC
* SPN found :HOST/BSMDC.buc.edu/BUC
* SPN found :GC/BSMDC.buc.edu/buc.edu
......................... BSMDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC BSMDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=buc,DC=edu
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=buc,DC=edu
(Configuration,Version 3)
* Security Permissions Check for
DC=buc,DC=edu
(Domain,Version 3)
......................... BSMDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\BSMDC\netlogon
Verified share \\BSMDC\sysvol
......................... BSMDC passed test NetLogons
Starting test: ObjectsReplicated
BSMDC is in domain DC=buc,DC=edu
Checking for CN=BSMDC,OU=Domain Controllers,DC=buc,DC=edu in domain DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu in domain CN=Configuration,DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
......................... BSMDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=DomainDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Schema,CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... BSMDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8604 to 1073741823
* ASMDC.buc.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 8104 to 8603
* rIDPreviousAllocationPool is 8104 to 8603
* rIDNextRID: 8106
......................... BSMDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BSMDC passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:15
Event String:
Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:18
Event String:
Driver SolidPDF XChange required for printer SolidPDF XChange is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:18
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!net_pc5!NRG SP 3400N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:19
Event String:
Driver Send To Microsoft OneNote Driver required for printer !!BUCLAPTOP1!Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:20
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!BUCLAPTOP1!NRG SP 3400N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An Warning Event occurred. EventID: 0x80000008
Time Generated: 08/20/2014 23:52:20
Event String:
The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 2) were deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000004
Time Generated: 08/20/2014 23:52:20
Event String:
Printer Microsoft XPS Document Writer (redirected 2) will be deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000003
Time Generated: 08/20/2014 23:52:20
Event String:
Printer Microsoft XPS Document Writer (redirected 2) was deleted, and users will no longer be able to print to this printer. No user action is required.
To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click
the Advanced tab, and then clear the Log spooler information events check box.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:22
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!BUCLAPTOP1!NRG SP 3400N PCL 6 (Copy 1) is unknown. Contact the administrator to install the driver before you log in again.
......................... BSMDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BSMDC,OU=Domain Controllers,DC=buc,DC=edu and backlink on
CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
The system object reference (serverReferenceBL)
CN=BSMDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=buc,DC=edu
and backlink on
CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
......................... BSMDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : buc
Starting test: CheckSDRefDom
......................... buc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... buc passed test CrossRefValidation
Running enterprise tests on : buc.edu
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
PDC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
Time Server Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
KDC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
......................... buc.edu passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... buc.edu passed test Intersite
====================================================================
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\ASMDC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 5e88f85b-15a6-4ff5-b0fd-6df748df06fd
DSA invocationID: 1355f657-cd24-4ad4-b890-f04f5c624acd
==== INBOUND NEIGHBORS ======================================
DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:43:56 was successful.
CN=Configuration,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:41:11 was successful.
CN=Schema,CN=Configuration,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-20 23:51:37 was successful.
DC=DomainDnsZones,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:45:39 was successful.
DC=ForestDnsZones,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-20 23:51:37 was successful.
Regards and thanks in advance
MhiarHi,
Based on the description, the Sysvol is replicated by FRS service.
>>some policies at the main DC are not updated like same policies in second DC.
In this case, we can do a non-authoritative restore on the main DC.
To do so:
Click Start, and then click
Run.
In the
Open box, type cmd and then press ENTER.
In the
Command box, type net stop ntfrs.
Click Start, and then click
Run.
In the
Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double-click
BurFlags.
In the
Edit DWORD Value dialog box, type D2 and then click OK.
Quit Registry Editor, and then switch to the
Command box.
In the
Command box, type net start ntfrs.
Quit the
Command box.
Regarding reinitializing File Replication Service replica sets, the following article can be referred to for more information.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Best regards,
Frank Shen
Maybe you are looking for
-
How to change default weather in Yosemite Notification Center
Hi, I just moved from one city to another, but the default weather Notification in the new Center still shows my old city. I have been trying to change this by going to the dashboard and changing the city from there, but the changes are not reflected
-
Printing problems on Server 2008R2 - Server 2012R2
Hi, We have troubles with Firefox and printing pages. First i want to say i have already tried all this steps: https://support.mozilla.org/en-US/kb/fix-printing-problems-firefox Let me explain my problem: In a TerminalServer Session i want to print a
-
How to run "Transfer Invoice Variance to Inventory Valuation"
Hi friends, Im using oracle 11i. we have purchasing, inventory, AP, GL. Pls give me navigation path of running Transfer Invoice Variance to Inventory Valuation concurrent program. i have created an invoice with some addition cost (freight) that is no
-
Improvements to mac OS updates interface
Does anyone else find the interface for Mac OS updates annoying? Here are the problems I have. 1. When an update is available I get a notification that I must do something about - even when I do not want to pay attention to updates. 2. The notificat
-
Hi, I just bought HP Pavilion Elite pc, with beats audio. how do I turn on the beats audio or the speakers on the pc? is there a built in speaker with the PC? I tried to press fn+B but nothing happened... many thanks