DNS client service issue

I’ve got a DNS client service issue:
I have a webserver in my local Domain, which is accessible locally only.
One client machine with Windows Server 2012 sometimes cannot access the websites situated on this local webserver. Its event viewer does not contain any issues. The machine can still access the internet. The thing I need to do then, is to restart the DNS client
service on this Windows Server client. After that these local websites are reachable again. The DNS Server is installed on the DC.
What approach could I follow to solve this issue?
Patrick

Are you using the fqdn (host.domain.tld), a single label name or a custom dns name?
If you use the single label name, dns name resolution depends on the suffixes, make sure these are configured.
If the issue occurs, you could use nslookup to check if the communication with all configured dns servers is working and the required records are there.
Use ping to check if the correct ip with FQDN is returned. No FQDN implies netbios was used for name resolution - no good -> check the dns configuration
If you use a custom dns name, check what IP it resolves (ping/nslookup); is it a server local IP? If not, check if the issue resolves by putting the dns alias in the hostsfile with a local ip (or 127.0.0.1 if the bindings for your site allow)
The issue might also be solely related to the dns cache maintained by the service. You could check if ipconfig /flushdns resolves the issue to confirm. Their is not much configuration or debugging info available on this, but issues I've seen all boil down
to dns servers not being corretcly configured on the client's ip settings.
You could enable the DNS Client Events operational log (eventviewer->applications and services logs\Microsoft\Windows to maybe get more info on the issue.
MCP/MCSA/MCTS/MCITP

Similar Messages

  • DNS Client Service Issues

    Hi all,
    We seem to be having some odd issues with about 50% of our Windows 7 clients.  I'll give you a brief run down of what is occurring.
    Server 2008 R2 Domain serving about 50 clients.  Having changed a static entry in DNS to point an A record to a new server, the Windows 7 clients randomly can't resolve the IP.
    So on testing using either the FQDN or just the host name the request doesn't resolve using ping.
    Tried using NSLOOKUP and NSLOOKUP resolves just fine.
    Tried ping again and no joy.  Turned off the DNS Client Service and instantly the host name resolved to the correct IP.
    Restart the DNS Client Service and there's about a 25% chance the hostname will no longer resolve.  On ALL of the PCs that have this issue.  Stopping or restarting the DNS Client  Service resolves the problem.
    Also it should be noted that running ipconfig /flushdns has no effect and the host still doesn't resolve to the IP.  ONLY stopping the DNS Client service on the Windows 7 PCs does the trick. 
    Your suggestions are most welcome!
    Thanks,
    Simon.

    Hi Yolanda,
    Nothing in any event log anywhere and I've checked all the AV logs and run scans already, drivers are up to date.  Also there is no firewalling at the client end.
    Had a read through the NRPT doc and I don't think that is relevant as the host they are trying to get to doesn't have anything different to anything else in the DNS Domain.  All hosts are of the form host.contoso.com.  All we've done is change
    the IP address on one of the hosts manually within DNS. 
    It is almost as if on a reboot, the DNS Client Service picks up an old copy of the cache and refuses to overwrite it.
    I'm considering changing the Parameters of the service to reduce the TTL of the cached entries from the default of one day to one hour and turn off caching of negative responses as follows:
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
    "MaxCacheTtl"=dword:e10
    "MaxNegativeCacheTtl"=dword:0
    Thanks,
    Simon.

  • If i have Dns Client service running, is it necessary to enable dns prefetch in the about:config section?

    I've been wondering this for a while and can't seem to find the answer.
    Whenever i set network.dns.disablePrefetch to true, the browser seems to load a bit more smoothly and even with the pref. disabled, the dns client service seems to still cache dns whenever i check on cmd using the ipconfig /displaydns command.
    Does this mean that the browser still fetches dns even with the pref disabled?

    I'm not really sure if it speeds up the loading process or not since it's a bit hard to tell but like i said, the loading is smoother.
    Is Dns Client service different from Dns prefetch?

  • Domain Controllers that are DNS servers DNS Client settings

    [Copying verbatim from a mail by Joe ]
    So I have been pinged by a few folks recently on configuration of client DNS settings on Domain Controllers that are also functioning as DNS Servers. Lots of debate. I understand there has been long time debate within MSFT as well.
    From http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx there
    is the quote
    "3.When referencing a DNS server on itself, a DNS client should always use a loopback address and not a real IP address."
    From http://www.microsoft.com/en-us/download/confirmation.aspx?id=9166 (Windows
    Server 2008 R2 Core Network Guide)
    "9.        In Preferred DNS server, type the IP address of your DNS server. If you plan to use the local computer as the preferred DNS server, type the IP address of the
    local computer.
    10.       In Alternate DNS Server, type the IP address of your alternate DNS server, if any. If you plan to use the local computer as an alternate DNS server, type the IP address of
    the local computer."
    From http://technet.microsoft.com/en-us/library/dd378900(v=ws.10).aspx (DNS:
    DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers)
    "The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to
    itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should
    be configured only as a secondary or tertiary DNS server on a domain controller...
    Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
    ESPECIALLY "For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary
    DNS server on a domain controller." and "Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
    Why shouldn't loopback not be first, the justification is why you shouldn't only use loopback, not why it shouldn't be first.
    From http://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx (DNS:
    DNS servers on <adapter name> should include the loopback address, but not as the first entry)
    "If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners. 
    The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself,
    or points to itself first for name resolution, this can cause a delay during startup. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only
    as a secondary or tertiary DNS server on a domain controller."
    This also seems like justification against only using loopback versus using it first.
    Are there any actual real documented issues for using loopback first and a remote DNS server second and perhaps third? If the local DNS server service isn't working yet (or at all), I would expect the DNS Client process
    to try to connect to it, fail, and then failover to the secondary just like I would expect it to failover if the remote DNS server was secondary and it was unavailable and it failed back to the loopback. Am I making a bad assumption?
    And by documented I don't mean random responses to questions on the internet or other such items. I mean a KB article or technet article or properly researched and tested other web article from a reliable resource.
    thanks, 
    joe

    As I understand it, the scenario whereby a DC could become an 'island' if it points only to itself, or to itself first, was repaired in the Windows Server 2003 product cycle. See
    http://support.microsoft.com/kb/275278 for information about this scenario.
    However, there is still a known problem of slow boot times that can occur. See
    http://support.microsoft.com/kb/2001093 for information about this. The scenario that is discussed assumes there is a power failure and servers shut down due to overheating while on backup power. When
    multiple servers come online simultaneously after power is restored, there can be a significant delay.
    The recommended configuration is one that avoids a single point of failure, but also tries to optimize the speed of resource record registration, so that Active Directory can properly synchronize.
    -Greg

  • DHCP Client Service Procedure Not Found

    I have a W2008R2 Standard server (DC) holding both DHCP and DNS roles.  When the server was originally built the (migrated from 2003) DHCP did not load properly and per a Microsoft support incident we backed up the existing DHCP and rebuilt it. Everything
    was working fine however the DHCP Client Service does not run.  This was back in 2012 so I don't recall if it the service was started and quit or if we just didn't notice that the Client Service was not running.  It has not been a problem for me
    until now.  I need to run a new backup agent on this server and it requires the DHCP Client Service to be running.  I did notice upon a reboot that the service was "stopping" and will not restart.  It appears as though it does start
    on boot and then immediately stops as I would not have caught the "stopping" status had I not went into the Services mmc right away.  The error that I get when trying to restart is 127:  The specified procedure could not be found.  This
    is the only info logged in the event viewer as well.  The service is configured to start using Network Service credentials and is set to automatic.  The dependencies are:  "depends on" Ancillary Function Driver for Winsock & TCP/IP
    Protocol Driver. The WinHTTP Web Proxy Auto-Discovery Service depends on the Client Service.  I have noticed on two other W2008R2 servers that the dependencies are different: The "depends on" are:  Ancillary Funtion Driver for Winsock,
    NetIO Legacy TDI Support Driver and Network Store Interface Service. The components depending on the Client Service are the same on all servers.  I'm not sure if these differences are due to the fact that this server is running DHCP server and the others
    are not? Or is this difference the reason for my issue?  I'm hesitant to change these parameters without some guidance for fear of trashing my entire box.  I did remove and completely rebuilld/reinstall the DHCP server role last night, hoping that
    may fix the issue, but no luck.  I've run DNS tests & DCDiag with no issues found.  Anyone familiar with this problem?  What to do? Thanks!

    Updates:  There are no events being reported at all in the DHCP Service log.  Things I have tried thus far:  
    All Windows Updates installed
    Uninstall and re-install the DHCP Server
    Reset Winsock
    Made sure permssions are set to Full for both Network Service & Local Service accounts (I tried changing the logon account to Local Service also).   
    I noticed on another (working)  W2008R2 server that the dependencies were different although this server did not hold the role of DHCP Server.  The problematic server only listed Ancillary Function Driver for Winsock & Tcpip.  The working
    server listed Ancillary Function Driver for Winsock, Network Store Interface Service and NetIO Legacy TDI Support Driver.  I then changed the dependencies to match that of the working server.  Verified that all of these were "started" in
    Device Manager.  The DHCP Client Service now fails with Error 1079:  The account specified for this service is different from the account specified for other services running the same process.  (I did find a Microsoft Fixit for this--didn't
    make any difference though).
    I noticed on the other working server that the logon account for DHCP Client Service is actually LocalServiceNetworkRestricted.  I had set it to LocalService.  After making this change, my error now has changed to: Windows could not start the DHCP
    Client service on Local Computer.  Error 1314:  A required privilege is not held by the client.
    I split my DHCP scope and set up a second DHCP server to determine what effect the DHCP Server role had on things. I don't know that I've noticed anything to be honest.  So moving on...  
    I mirrored the permissions in the registry to those of the new (additional) DHCP server for the following key:  HKLM\System\CurrentControlSet\Services\DHCP.  When I compare the permissions I notice that the problematic server is missing some
    entries.  The working server has:  SYSTEM, LOCAL SERVICE, NETWORK SERVICE, Administrator, Users, Network Configuration Operators & Dhcp.  The troubled server does not list Network Configuration Operators or Dhcp.  I was able to add
    the NW Configuration Operators ( a built-in security group), but do not see anything for Dhcp other than user groups for DHCP Admins & Users.  Based on what I see on the working server, I don't think that is the right thing to add.   
    I also noticed that some keys were missing for this reg entry vs. the same key on the second server.  Missing were (all under the HKLM entry above):  RequiredPrivileges (REG_MULTI_SZ) value:  SeChangeNotifyPrivilege SeCreateGlobalPrivilege  ServiceDll
    (REG_EXPAND_SZ) %SystemRoot%\system32\dhcpcore.dll (*I did verify this file does exist) and ServiceSidType (REG_DWORD) value:  1.  I added these reg keys. I also noticed that the troubled server has a subkey titled Enum.  There are 4 values
    listed:  Default (REG_SZ), no value.  0 (REG_SZ) Data value= Root\LEGACY_DHCP\0000, Count (REG_DWORD) Value: 1 and NextInstance (REG_DWORD) Value: 1.  The working server does not have this key. 
    In comparing the reg values on each server, the only significant difference that I've notice other than what is listed above is HKLM\System\CurrentControlSet\Services\Dhcp\Parameters.  On the working server the ServiceDll is dhcpcore.dll.  On the
    server having the issue that value is defined as dhcpcsvc.dll.  I'm suspect that this could be a contributing factor, but have not made the change yet.
    I am still sitting with the error 1314:  A required privilege is not held by the client.
    So this is where I'm at...Any ideas would be appreciated as I'm really trying to avoid having to rebuild this entire server.  Thank you

  • The Group Policy Client service failed the sign-in The universal unique identifier (UUID) type is not supported

    Hi guys,
    we created a custom WIM Image (Windows 8 Enterprise) with MDT 2012.
    Sysprept the Image, Deployed via SCCM 2012 SP1.
    Computers are Domainjoined. Error with standard Domain User.
    On some computers (not every computer) and not with every user on the first logon following error message arises:
    The Group Policy Client service failed the sign-in The universal unique identifier (UUID) type is not supported
    It works, when you log in a second time but this error isn't very nice. 
    Is there a solution for that?
    Kind Regards
    Martin

    Hi,
    The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. This issue can be caused by various reasons based on the computer environment.
    Can you find any information in event log about this issue?
    Here is the related blog in which the steps can solve most of such issues if the issue continuously happen.
    http://blogs.msdn.com/b/moiqubal/archive/2012/03/04/how-to-fix-quot-the-group-policy-client-service-failed-the-logon-access-denied-quot-error.aspx
    Also, you can refer to the similar thread about this issue:
    http://social.technet.microsoft.com/Forums/en-US/4a644219-50ee-494d-b965-e64a8555109e/the-group-policy-client-service-failed-the-signin-the-universal-unique-identifier-uuid-type-is
    Since this issue can be related to SCCM, to better help you, please submit a new thread for further help:
    https://social.technet.microsoft.com/Forums/en-US/home?category=systemcenter2012configurationmanager
    Hope these could be helpful.
    Kate Li
    TechNet Community Support

  • Error Message when logging on "The Group Policy Client service failed the logon. Access is denied"

    Since the move to Windows 7 we have started getting this error above when people login at random times and on random machines, at first we thought it was only a select few users, but now it seems to have occurred to about 20 different Staff members working
    at the school. Also of those 20 odd users it has happened to them on a few occasions.
    What we know
    We know this problem is only occurring to staff with Roaming Profiles, it seems like somehow the profile is not Synchronizing with the Servers File Share that houses the profiles, which causes the NTUSER.DAT file to become corrupt and go from being around
    2 – 3 MBs to 256KB (In all cases where a user has had this issue there NTUSER.DAT file has been 256KB)
    Current Resolution to the problem
    When a staff member contact us with this problem, we fortunately have Previous Versions working on the profiles folder on the server, so we are able to restore their NTUSER.DAT file from 1 to 2 days before it became corrupt, which then seems to allow them
    to log on fine
    What we have tried so far & suggested so far
    After some research on Google, we found the following thread on EduGeek
    http://www.edugeek.net/forums/windows-7/78733-windows-7-user-profile-failed-error-again.html#post700415
    Which suggested that the problem may lay within registry, so we implemented the Script that was posted on the website, however this has not seemed to make any difference
    In the early stages when only 5 – 10 staff seemed to be having the problem, we believed the issue could be with just certain AD accounts. It had not seemed to happen to any recently created AD accounts so we thought it could be a corrupt attribute on
    the user so we delete one of the staff AD accounts that had the problem and creating a brand new one, however within about 2 – 3 weeks that staff member had the issue occur again
    Leading on from point two, we also thought the problem could be with people using multiple computers, logging on in 2 places and not logging off properly, but unfortunately the staff member referred to in point 2 only uses the one computer in reception.
    Another potential cause that we figured might be the route of the problem, was it could be specific computers that are not communicating properly with the server, which could be causing this problem to occur, but we have no real way of testing this,
    as the staff generally log onto 3 – 4 different computers throughout the day and in different location
    We log a call with EE and they just pointed us to various websites that we had already checked and wasn’t much help.
    In Summary
    This error has now occurred with about 20 members of staff, we currently only use Windows 7 at our Senior School & Moving to Windows 7 at our Prep School in the Summer
    holidays, we would like to find out the route of this problem ideally before then, as we could potentially be doubling the amount of staff with the problem after the move. Has anyone else seen this problem or have a brain wave on how to solve it?
    Regards
    Andy

    Hi Dudleya,
    First of all ,I would suggest to check the permissions of the NTUSER.DAT registry hive .Here is a link for reference :
    The Group Policy Client service failed the logon. Access is denied(Juke Chou`s answer)
    https://social.technet.microsoft.com/Forums/windows/en-US/8c0054a3-35be-4fc4-839c-e2176613eb23/the-group-policy-client-service-failed-the-logon-access-is-denied?forum=w7itpronetworking
    Please refer to this link and add the registry keys to have a check .Please backup the registry keys before you made modifications to them.
    The Group Policy Client Service Failed The Logon In Windows 8(It should also work on windows 7 )
    http://www.thewindowsclub.com/fix-group-policy-client-service-failed-logon-windows-8
    If the issue persists ,we can refer to this link to troubleshoot this issue .
    Troubleshoot User Profiles with Events(It should also be applied to windows 7 )
    https://technet.microsoft.com/en-us/library/jj649075.aspx
    NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.
    Best regards

  • Failed to Connect "Group Policy Client Service" Windows 7 x64

    This error pops up everytime boot / start-up. I've tried everything, for the last month.  including
    http://support.microsoft.com/kb/2421599 In the "Resolution Section" did step by step, But did not work for me...
    Also
    http://blogs.technet.com/b/mempson/archive/2010/01/10/userenvlog-for-windows-vista-2008-win7.aspx  Didn't work either.  :(
    Is this a Winlogin problem? Or does have to do with other computers in my homegroup?
    But in Safe Mode & Safe Mode with Networking, this issue does Not appear / pop-up at start up. "Group Policy Client Service"
    ""HP Premium Remote Services"" tells me that in order to fix, I have to Re-Install Windows. And have been in contact today with Hp Premium Remote Services for over 7 hours with NO Resolution!!
    Hate to make a Recovery Partition on a New PC, in order to Re-Install Windows...
    This is a Brand New HP Pavilion HPE H8-1234 AMD Processor that I installed on 7/23/2012. Running windows 7 64-bit home premium, OS: Internet Explorer 9.
    Have a copy of Windows 7 Ultimate using Anytime Upgrade, My question is would that rectify the "Group Policy Client Service" error?
    Always run MalwareBytes Anti-Malware and Hitman Pro, in addition with Norton, on a regular basis. So that I know my system is clean...
    Any MS Engineers or Tech's have any ideas, suggestions OR help, How to Fix this issue,With-Out having to use: System Recovery/Restore. To factory condition...
    Would be Very Greatly Appreciated! HELP Me Pleeeze !!!!
    ***Because this issue Baogles my Mind! After all I'am only dealing with half a Brain, LOL- Due to Brain Tumor Surgery...

    I FOUND SOLUTION TO THIS PROBLEM!
    I had this issue on my laptop since November, and it really bugged me.  I sifted through the event log and found the pattern of events that preceded the issue, and, probably, caused it.
    In short, the pattern is as follows: Windows updates run automatically as scheduled, and when reboot is initiated after the updates are finished, the computer crashes (probably during reboot sequence).  When it boots up, it reports that the last shutdown
    was unexpected, and the issue begins to occur.
    I spent 2 days trying to dig out a solution from the Internet, to no avail, until I came across
    this page.  It doesn't say anything about this particular problem, but it gives more information about SVCHOST process that starts many services, including Group Policy Client.  It looks like during reboot a vital registry settings were lost during
    crash and Group Policy Client "doesn't know" how to start.  Let me explain:
    There are two places to look in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services this path should contain
    gpsvc key (a folder), which is responsible for service parameters and configuration.  I found that the key was intact, so, you do not touch anything here - just check that the key exists.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SVCHOST This is the most important path you should look into, as it must contain the keys and values referred in the key #1.  Below are descriptions what must be present
    there.
    There must be Multi-String value called GPSvcGroup. My laptop was missing it.  So, you should create multi-string value named
    GPSvcGroup and assign it value GPSvc.
    Next, you must create a key (a folder) and name it GPSvcGroup - this key normally should be there, but, again, it was missin on my laptop.
    Then open newly-created GPSvcGroup folder and create 2 DWORD values:
    First called AuthenticationCapabilities and you must give it a value of 0x00003020 (or 12320 in decimal)
    Second is called CoInitializeSecurityParam and it must have value of 1.
    Once you complete all steps above, reboot the computer and the problem will be fixed.
    I am so relieved I was able to fix it, and hope this will help others with the similar issue.
    Here is the link to the video walkthrough if you have any troubles understanding what has to be done: http://youtu.be/4m5KEmckWK4
    I did try the above, but it did not fix my issue with the ""group policy client service failed the logon".
    This problem was happening on 5 different RDS Nodes. All I did was rename the Roaming Profile, then delete the locally stored profile on each RDS Server: right click COMPUTER > PROPERTIES > ADVANCED SYSTEM SETTINGS > USER PROFILES > delete the
    offending User(s).
    Hope that helps.
    Life is dangerous, no one has ever survived. So enjoy!

  • Group Policy client Service Error - Access is denied

    I am
    at domain admin working on windows 7 roaming profiles, testing with a
    staff user.  I am in a domain environment.  I have changed the
    profile path for a user to the folder I created for new windows 7 roaming
    profiles.  gave it all the permissions noted here and followed these steps
    at Microsoft's deploying roaming profiles page for win 7.<o:p></o:p>
    once I logged in the user,
    it created their profile.v2 but I still couldn't access it.  getting
    access denied.  so I went back and changed the staff roaming profile back
    to the original profile path.  didn't make any group policy changes. 
    but now she gets group policy client service failed to logon. access is
    denied.  I have deleted the .v2 profile that win 7 creates in her old
    profile path, moved her profile path back to what is was before testing,
    retested her xp profile which does work and she can login and work. 
    but the win 7 machines no matter where she logs in, will not work.  they
    all give the same error about group policy client service failed.  no
    other users are having this problem

    Hi,
    Regarding the issue here, have you checked the below thread?
    Group
    Policy Client Service Failed the logon - Access Denied: Windows 7 Ultimate/Server 2008 R2
    Please take a try with the steps mentioned by Nina Liu.
    QUOTE here:
    At this time, let’s refer to the following steps for troubleshooting:
    1. Open registry editor on the problematic Windows 7 machine (please log in as domain admin)
    2. Highlight HKEY_USERS, choose File -> Load Hive, browse to the location of one failing roaming profile and open NTUSER.DAT file, click open
    3. Under Key Name, enter any name you like, but remember what you have entered, such as enter "test"
    4. Expand, HKEY_USERS, you should see new registry hive called "test" or any name you entered earlier
    5. Right click on that "test" hive and choose permissions. Confirm that the following users have permissions:
    - Administrators: Full Control
    - SYSTEM: Full Control
    - User (or group) that owns this profile: Full Control
    6. If the permissions were wrong, correct them, then click on Advanced tab, on Advanced tab and enable "Replace permission entries on all child objects with entries
    shown here that apply to child objects" and click Apply.
    7. Highlight "test" registry hive, then click on File -> Unload Hive to release handle on NTUSER.DAT file.
    8. Log off and log on with the failing roaming profile you have just modified.
    Any process, please feel free to contact us.
    Best regards
    Michael Shao
    TechNet Community Support

  • Group Policy Client service does not start

    Hi,
    As soon as I (administrator on my PC) logon to Windows 7, I get a message saying that the Group Policy Client service failed to start. I'm not sure why I'm getting this error even though the dependencies are very much up and running..
    Below is the error message I get in the notification area as soon as I logon
    Failed to connect to a windows service
    Windows could not connect to the Group Policy Client service. This problem prevents stndard users from logging on to the system.
    As an administrative user, you can review the System Event Log for details about why the service didn't respond.

    I FOUND SOLUTION TO THIS PROBLEM!
    The crash of your computer caused that - you are absolutely right!
    I had this issue on my laptop since November, and it really bugged me.  I sifted through the event log and found the pattern of events that preceded the issue, and, probably, caused it.
    In short, the pattern is as follows: Windows updates run automatically as scheduled, and when reboot is initiated after the updates are finished, the computer crashes (probably during reboot sequence).  When it boots up, it reports that the last shutdown
    was unexpected, and the issue begins to occur.
    I spent 2 days trying to dig out a solution from the Internet, to no avail, until I came across
    this page.  It doesn't say anything about this particular problem, but it gives more information about SVCHOST process that starts many services, including Group Policy Client.  It looks like during reboot a vital registry settings were lost during
    crash and Group Policy Client "don't know" how to start.  Let me explain:
    There are two places to look in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services this path should contain
    gpsvc key (a folder), which is responsible for service parameters and configuration.  I found that the key was intact, so, you do not touch anything here - just check that the key exists.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SVCHOST This is the most important path you should look into, as it must contain the keys and values referred in the key #1.  Below are descriptions what must be present
    there.
    There must be Multi-String value called GPSvcGroup. My laptop was missing it.  So, you should create multi-string value named
    GPSvcGroup and assign it value GPSvc.
    Next, you must create a key (a folder) and name it GPSvcGroup - this key normally should be there, but, again, it was missin on my laptop.
    Then open newly-created GPSvcGroup folder and create 2 DWORD values:
    First called AuthenticationCapabilities and you must give it a value of 0x00003020 (or 12320 in decimal)
    Second is called CoInitializeSecurityParam and it must have value of 1.
    Once you complete all steps above, reboot the computer and the problem will be fixed.
    Video walkthrough for those who are not very technical is here: http://youtu.be/4m5KEmckWK4
    I am so relieved I was able to fix it, and hope this will help others with the similar issue.

  • Group Policy Client service failed! Help!

    A few days ago I was booted out of my account, while watching a DVD. My system restarted itself, but not before flashing some sort of blue screen. Unfortunately I was unable to read the content of it. After restarting, I was presented with a light blue login screen, instead of my normal screen. However, my name and profile picture remained the same. I was able to login with my password, only to be informed that I had been set up with a temporary account. I was unable to access my files, and had no idea how to access my regular account. After logging out, and restarting in hopes that it would go back to normal... my system went into recovery mode, and afterwards presented me with the same temporary account login screen. Only this time, I was unable to login. Instead I received "The Group Policy Client service failed the logon. Access denied" message. I'm the only user (administrative), and my computer has no internet connection. So, I'm not sure if this is a simple error; a result from my low capacity battery needing to be replaced, or a virus. I've checked previous forums, but I've had no luck. I can't login to my computer at all, and it's very frustrating. I've also backed up my files, just in case my system has to be restored to its factory settings (I hope not). Could any one tell me how to resolve this? Please!
    - Frustrated (Pavilion dv6-1350us) User

    Hello @chigi93 ,
    Welcome to the HP Forums!
    I understand you were booted from your account and can now only log in with a temporary account.
    Windows does this when the main account is unavailable. The account most likely needs to be repaired.
    Please follow this document to fix a corrupted profile: Fix a corrupted user profile.
    If that doesn't work please go through this document: You receive a "The User Profile Service failed the logon” error message.
    Let me know if that works.
    Please click the "Kudos, Thumbs Up" at the bottom of this post if you want to say "Thanks" for helping!
    Please click "Accept as Solution" if you feel my post solved your issue, it will help others find the solution.
    The Great Deku Tree
    I work on behalf of HP.

  • The Group Policy Client Service Failed The Logon

    Hello,
    When our students login to our Windows 7 machines they are getting this error:
    The Group Policy Client Service Failed The Logon
    Access is denied.
    We are attempting to use both volatile and roaming profiles. The profiles are being stored on their H drives. I seem to only see the issue when the Windows NT 6.1 Workstation Profile.V2 folder already exists on their H drive. If the profile is not there then everything works fine.
    Loading the user's ntuser.dat hive located in their H drive and changing the permissions manually to allow System, Administrators, and Users Full Control fixes the issue. How can I do this across all my user's H drives? Should I just delete them all and manually create the folder myself?
    Last time I found one, the permissions for the hive had an "Unknown" user in the permissions list. There was no "Users" group. Removing the "Unknown" and adding "Users" fixed the problem. Are the permissions getting corrupted somehow?
    Thanks for any assistance.
    I've used the following link for reference:
    Support | Windows 7 Roaming Profiles fail - user is assigned a temporary profile or fails to log on
    Novell Doc: ZENworks 10 Configuration Management Policy Management Reference - Assigning a Roaming Profile Policy that has the User Profile Stored on a Home Directory

    Originally Posted by coreyhansen
    So it appears that I am experiencing the temporary profile detailed in my link I referenced above. I have status bubbles disabled by policy and didn't notice the notification. I'm going to try pre-populating my user H drives with the Windows NT 6.1 Workstation Profile.V2 folder containing an ntuser.dat file I've already edited the hive permissions of. This worked in small scale testing, so we will see.
    I've been referencing this thread: http://forums.novell.com/novell-prod....html#poststop
    So I have tried this with students that are experiencing the problem, and gotten limited success. It feels like it works at random, with around 50% of attempts working.
    Has anyone out there had success with roaming profiles? Do I just need to go back to folder redirection? Will anyone please respond?
    This is what the student's ntuser.dat hive permissions look like when things are not working:

  • Windows 8.1 cannot connect to group policy client service

    Windows 8.1 laptop under administrator account has this "cannot connect to group policy client service" error.Found the following instructions on internet but I don't see this "Replace owner on subcontainers and objects" box on Permissions/Advanced
    popup windows ???
    Could anyone help ?
    Change the permissions on the relevant keys configuring the Group Policy Client service to allow Full Control to Administrators
    Open regedit (Start > type regedit in the search box) and navigate to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc
    Right-click the registry key and choose Permissions.
    Click Advanced, then click Owner.
    Choose Administrators and check the Replace owner on subcontainers and objects box.
    Exit the permissions dialog and then open it again.
    Click Advanced, then choose Administrators and click
    Edit…
    Check Replace all child object permissions with inheritable permissions from this object.  
    Click OK and confirm; exit.
    Thank you,

    Hello CarLover,
    Based on my test, the option Replace owner on subcontainers and objects exists in Windows 7, but doesn’t exist in Windows 8.1.
    Please take a look at the screenshot about the option in Windows 7.
    Please take a look at the following thread similar to this issue.
    http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/why-wont-windows-connect-to-the-group-policy/b73107f8-8447-4599-87a5-65ecc6a63aa0
    Best regards,
    Fangzhou CHEN
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • DNS client in a non-global zone

    Hello,
    I want to configure only the non-global zone as a DNS client, with
    /etc/resolv.conf
    /etc/defaultdomain
    /etc/nsswitch.conf
    Is this ok or is this a global wide issue?
    -- Nick

    Yes. The /etc file system is private to each zone (both in the sparse and whole root models) so each zone can have it's own DNS settings (as well as private things like a different time zone and such).

  • FIM Password Reset Client Service error 1053 when starting service - what is the minimum permissions set?

    Hi,
    I've installed Password Reset Client Service on a machine with locked down GPO settings. Now, service, running under NETWORK_SERVICE account doesn't start (Service Control Manager reports error 1053 after waiting 30 seconds for the service to respond during
    start).
    If I change service account to some other account (i.e. domain account), service runs fine and I am able to reset password successfully, so there is no issues with password reset infrastructure, firewall, etc..). Problem is only with NETWORK SERVICE not
    having enough permission to do its job.
    Unfortunately, there is no event log entries in neither of relevant event logs (Application, Security, System, Forefront Identity Manager) that would provide additional information on why service doesn't start. ProcessMonitor tracing revealed only, that
    service cannot access some of the registry entries. After granting permissions, service still refuses to start.
    What I'd like to know is there a list of permissions, configuration entries, that NETWORK SERVICE needs in order to run normally?
    If that is not available, does anybody have any idea, how to find out what is preventing NETWORK SERVICE account from running that service?
    Thank you and best regards,
    P

    Fatih,
    The above often solves it because this disabled CRL checking for the account running the service. As the service is the network service, it has no scope off of the box, so the machine account is typically used and many shops have policies in place that prevent
    this. If the above entry doesn't help, try using your account as the service account. If that works, then its probably a syntax problem with above entry. If it fails with your account too then its most likely not CRL checking.  There is
    a registry key that can be configured that could assist:
    [HKEY_LOCAL_MACHINE \System \CurrentControlSet \Control]
    ServicesPipeTimeout = 30000
    Try setting this to another value higher than 30000. This value is milliseconds. I would also look at network capture and verify if we are indeed attempting to go to the Internet during service startup.

Maybe you are looking for

  • File-Save As Behaves Badly

    There are really two conditions I can't solve, both related to the File:Save As... menu item in Acrobat Pro v9.1.2... I should note that I have Acrobat Pro 9.1.2 installed, and I'm running Safari 4.0.2 (5530.19) on an MBP 2.5GHz C2D with 4GB of RAM.

  • Why does my Wacom Bamboo Capture not work in Photoshop Elements 10?

    I cannot use my electronic pen with photoshop elements ten. It came with tablet and is called bamboo capture and works good with its own software but won't work in photoshop. Help  thanks.  

  • How to use task flow's transaction options with session's user data

    Hi. I have custom extension of ApplicationModuleImpl class: package test.model imports... public class CustomAppModuleImpl extends ApplicationModuleImpl {     public static final String SESSION_VAR = "MySessionVar";     public CustomAppModuleImpl() {

  • Edit RSS and .xml in iweb on .mac

    I am desperately trying to find out how to edit my RSS and (.xml) file in iweb. I can get to the file if I publish my website to a folderr on my MAC, but this doesn't help me. I need to edit this file and let iweb publish it on my .mac podcast site.

  • Delete pls

    Delete this please, already cleared the situation.