Event ID 5002/5014 Group Policy DFSR problem

I have 4 domain controllers all are running on windows server 2012. RPC always disconnects/fails having error event Ids 5002 and 5014. AD objects are replicated across DCs but on Group policy DCs are either inaccessible or differ in GPO Version.
thanks for the help.

Good. Okay, then it's just the 5014's & 5002's.
Here's a wiki on 5002:
http://social.technet.microsoft.com/wiki/contents/articles/1207.dfsr-event-5002-dfs-replication.aspx
On the 5014, there should be a corresponding error number. Can you please respond with that and the specific error messaged (edited for privacy, of course.)?

Similar Messages

Windows 8.1 mandatory profile Group Policy printer problems

We're a school district that is using mandatory profiles for the students. We use both Win 7 and Win 8.1 on the workstations. We're having a problem with group policy printer deployment on just the Windows 8 Workstations. I've tried using both the deployment
method in policies and the Preferences with Item level targeting and on the windows 8 ones its always intermittent. Sometimes you login and get the printers or some of them and sometimes not. Other times if you log out and back on etc. I've been troubleshooting
this for a week and have found with Win 7 it seems to always work but on our Win 8.1 ones about 50/50. The error in the Event log for that printer is this.
Group Policy Object did not apply because it failed with error code '0x80070057 The parameter is incorrect.' This error was suppressed.
What I've found that if I create a test account that does not use the mandatory profile the printers always map. Even on Windows 8.1. So far thats the only commonality. Can anyone tel me what I can look at with this. If they never worked that would be an
easier problem but its not consistent.
Thanks
Jason

Hi Jason, Did you ever find a fix for this as we are having exactly the same problem only with windows 8.1 computers using mandatory profiles and it's driving me mad. Any help would be much appreciated Thanks Dan

Group Policy Editor problem

Hi
I updated Windows 7 SP1 Enterprise 64 bit
with the Windows Update.
Now, when I open the Group Policy
Editor, this window is displayed with the
following error message:
How come?
Thanks
Bye
Balubeto

Hi,
Apologize for the late reply.
The error message seems to be related with some updates that didn't update the Admx related files. The error was aften caused by mis-matched ADMX and ADML files.
See this similiar thread:
Error when selecting administrative template in any GPO
https://social.technet.microsoft.com/Forums/windowsserver/en-US/bac54114-54d7-472b-969d-9b08f28dbba9/error-when-selecting-administrative-template-in-any-gpo?forum=winserverGP
For the inetres.admx, line 1495 column 249, please follow the suggestions mentioned in the above thread. Unzipping the download (THIS ONE
http://www.microsoft.com/en-us/download/details.aspx?id=40905), then copy the related language\inetres.adml file to the c:\Windows\PolicyDefinitions\language directory, overwriting
the existing one in the destination.
Best regards
Michael Shao
TechNet Community Support
When I try to execute the copy commands via the command prompt with elevated privileges, the "Access Denied" error is displayed. How come?
Thanks
Bye
Balubeto

Group Policy Preference: Problem Adding Network Locations

Group Policy Preferences (GPP) do not currently support correctly creating shortcuts in Network Locations/My Network Places the way Windows produces them when you go through the "Add a network location" wizard. Unfortunately, the GPP simply creates a standard shortcut instead of creating a folder that contains target.lnk and desktop.ini (the way the "Add a network location" wizard does).
I was curious to know when the GPP engine will be updated to correctly add Network Locations the way the "Add a network location" wizard does?
Thanks.

Talfr77,
I would like to know what environment you tried this under. I made policy like you described on a 2012 domain controller and the resulting shortcut worked fine on windows 8 clients and on the 2012 servers.
However, the 2008 servers and windows 7 clients didn't work. They simply got a folder with two files. It would appear that the format of the target.lnk file may be different between versions of windows. I took a target.lnk from a
working shortcut made on a 2008 server and put in on a 2012 server and the result was it not recognizing the shortcut.
It is also worth noting for anyone who wants to try this method, that in step 2 of Talfr77's directions he says to copy the desktop.ini file using the GPP file copy function to the subfolder with the target.lnk file. He didn't mention how to accomplish
that. You can store the desktop.ini file anywhere on your network as long as the UNC path to it is accessible to the user. I suggest you store it right in a subfolder of the GPO in the sysvol to keep things tidy. So that UNC would be the
source path. (example would be \\domain.local\SYSVOL\domain.LOCAL\Policies\{020DBAF4-2631-4246-8811-DE02F7613959}\desktop.ini) The destination path will be %appdata%\Microsoft\Windows\Network Shortcuts\<Subfolder name>\desktop.ini
The same goes for his step 3 where you edit the folder attributes. The folder you want to edit is %appdata%\Microsoft\Windows\Network Shortcuts\<Subfolder name>
Karl

ZENworks 6.5 SP1b And Group Policy Editor Problems

I just installed ZENworks 6.5 SP1b on a brand new test server that I am
running. I have no users or strain on the server. After I installed the
service pack it started take about 20 to open the Group Policy Editor for
a user policy and about a minute 20 to close it. I was using it before the
upgrade and it only took like 10 seconds to close before. What's up? Can
any one help?

Yeah Sorry I clicked the wrong one
> I presume someone will help in the Desktops forum, since this is for
> server management...
>
> --
>
> Shaun Pond
>
>

AGPM group policy ownership problem

Im trying to move uncontrolled policies to controlled but I get [GPMC Error] Could not take ownership of the production GPO. Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) on all of them. Per the docs, my service account
is a member of the "GPO Creator Owners" group and "Backup Operators" group. I have also given full control of the container the policies are in to the service account. I am able to create new controlled policies and deploy them, I just cant
seem to take control of production GPOs even though it looks like the rights are there.
Anyone have any ides?

Hi Dave,
you also need to get the service account full controller over the existing GPOs:
Full Access to existing GPOs
http://blogs.technet.com/askds/archive/2008/12/16/agpm-least-privilege-scenario.aspx
AGPM ensures that it has proper ownership and permissions to all controlled GPOs. However, GPOs created before implementing AGPM will not provided adequate permissions to the AGPM Service. For this reason, you'll want give the AGPM Service
Full Control to all GPOs that exists prior to implementing AGPM.
That should fix it.
Gunter

I get a Group Policy Disk Quota failure at every system start

This is very long, my apologies
I asked this question about a month ago and then had some medical problems so I'm starting over again.
Whenever I start my system I get a message on the screen that the system is trying to run Group Policy for Disk Quotas. To my knowledge I've never set a disk quota policy and I can't find any indication that one is currently set. I freely admit
that I could be responsible for this. I might have done something in the early days of the system because it wasn't happening for the first month or two.
This time I did more reading and found a procedure on TechNet at:
"http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" which led me step by step through the procedure, although I still can't make sense of the results.
So far I've verified that there are no policies set and that all the hard drives (3) have the Disk Quota bit 'disabled'. I did this as 'Administrator'.
The results from the TechNet procedure turned out to be quite long but I'm listing it here in hope that someone in the community will be familiar with this problem and be able to use the information to figure out the problem.
Here are the results:
From: TechNet Group Policy Testing
( "http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx" )
1 - Troubleshooting using the Group Policy operational log
   a - Determine the instance of Group Policy processing
   (Before you view the Group Policy operational log, you must first determine
   the instance of Group Policy processing that failed.)
My ActivityID from the Group Policy operational log = C87E5BC2-FD21-4794-B678-787AB587D8D5
2 - Create a custom view, via a query, of the Group Policy instance
My resultant query:
<QueryList><Query Id="0" Path="Application"><Select Path="Microsoft-Windows-GroupPolicy/Operational">*[System/Correlation/@ActivityID='{C87E5BC2-FD21-4794-B678-787AB587D8D5}']</Select></Query></QueryList>
3 - Results of running the query from step 2 are listed below, in chronological order, including the complete 'detail' sections from each event.
event 4000
Event Description(s) = Computer startup
BEGIN DETAIL SECTION-----------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 4000
   Version 1
   Level 4
   Task 0
   Opcode 1
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.598400000Z
   EventRecordID 22707
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  PolicyActivityId {C87E5BC2-FD21-4794-B678-787AB587D8D5}
  PrincipalSamName WORKGROUP\GROK$
  IsMachine 1
  IsDomainJoined false
  IsBackgroundProcessing false
  IsAsyncProcessing false
  IsServiceRestart false
  ReasonForSyncProcessing 2
END DETAIL SECTION-------------------------------------------------------------------------------
event 5320
Event Description(s) = Checking for Group Policy client extensions that are not part of the system.
Event Description(s) = Service configuration update to standalone is not required and will be skipped.
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5320
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22711
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  InfoDescription %%4161
END DETAIL SECTION-------------------------------------------------------------------------------
event 5313
Event Description(s) = The following Group Policy objects were not applicable because they were filtered out :
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5313
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22710
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  DescriptionString None
  GPOInfoList
END DETAIL SECTION-------------------------------------------------------------------------------
event 5311
Event Description(s) = The loopback policy processing mode is "No loopback mode".
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5311
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22708
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  PolicyProcessingMode 0
END DETAIL SECTION-------------------------------------------------------------------------------
event 5312
Event Description(s) = List of applicable Group Policy objects:
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5312
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22709
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  DescriptionString Local Group Policy
  GPOInfoList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name><Version>524296</Version><SOM>Local</SOM><FSPath>C:\Windows\System32\GroupPolicy\Machine</FSPath><Extensions>[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{3610EDA5-77EF-11D2-8DC5-00C04FA31A66}{D02B1F72-3407-48AE-BA88-E8213C6761F1}][{F3CCC681-B74C-4060-9F26-CD84525DCA2A}{0F3F3735-573D-9804-99E4-AB2A69BA5FD4}]</Extensions></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 4016
Event Description(s) = Starting Microsoft Disk Quota Extension Processing.
Event Description(s) = List of applicable Group Policy objects: (Changes were detected.)
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 4016
   Version 0
   Level 4
   Task 0
   Opcode 1
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22714
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66}
  CSEExtensionName Microsoft Disk Quota
  IsExtensionAsyncProcessing false
  IsGPOListChanged true
  GPOListStatusString %%4102
  DescriptionString Local Group Policy
  ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 5320
Event Description(s) = Finished checking for non-system extensions.
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5320
   Version 0
   Level 4
   Task 0
   Opcode 0
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:29:33.614000000Z
   EventRecordID 22713
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
  - Security
   [ UserID] S-1-5-18
- EventData
  InfoDescription %%4165
END DETAIL SECTION-------------------------------------------------------------------------------
event 4016
Event Description(s) = Starting Audit Policy Configuration Extension Processing.
Event Description(s) = List of applicable Group Policy objects: (No changes were detected.)
Event Description(s) = Local Group Policy
BEGIN DETAIL SECTION------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 4016
   Version 0
   Level 4
   Task 0
   Opcode 1
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:21.987200000Z
   EventRecordID 22718
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A}
  CSEExtensionName Audit Policy Configuration
  IsExtensionAsyncProcessing true
  IsGPOListChanged false
  GPOListStatusString %%4101
  DescriptionString Local Group Policy
  ApplicableGPOList <GPO ID="Local Group Policy"><Name>Local Group Policy</Name></GPO>
END DETAIL SECTION-------------------------------------------------------------------------------
event 7016
Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
BEGIN DETAIL SECTION-------------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 7016
   Version 0
   Level 2
   Task 0
   Opcode 2
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:21.987200000Z
   EventRecordID 22717
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEElaspedTimeInMilliSeconds 108374
  ErrorCode 2147942402
  CSEExtensionName Microsoft Disk Quota
  CSEExtensionId {3610EDA5-77EF-11D2-8DC5-00C04FA31A66}
END DETAIL SECTION-----------------------------------------------------------------------------------------
event 5016
Event Description(s) = Completed Microsoft Disk Quota Extension Processing in 108374 milliseconds.
BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 5016
   Version 0
   Level 4
   Task 0
   Opcode 2
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:22.314800000Z
   EventRecordID 22720
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  CSEElaspedTimeInMilliSeconds 312
  ErrorCode 2147483658
  CSEExtensionName Audit Policy Configuration
  CSEExtensionId {F3CCC681-B74C-4060-9F26-CD84525DCA2A}
END DETAIL SECTION-----------------------------------------------------------------------------------------
Event 8000
Event Description(s) = Completed computer boot policy processing for WORKGROUP\GROK$ in 108 seconds.
BEGIN DETAIL SECTION----------------------------------------------------------------------------------------
- System
  - Provider
   [ Name] Microsoft-Windows-GroupPolicy
   [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
   EventID 8000
   Version 1
   Level 4
   Task 0
   Opcode 2
   Keywords 0x4000000000000000
   - TimeCreated
   [ SystemTime] 2010-05-15T13:31:22.330400000Z
   EventRecordID 22721
   - Correlation
   [ ActivityID] {C87E5BC2-FD21-4794-B678-787AB587D8D5}
   - Execution
   [ ProcessID] 1280
   [ ThreadID] 1784
   Channel Microsoft-Windows-GroupPolicy/Operational
   Computer GROK
   - Security
   [ UserID] S-1-5-18
- EventData
  PolicyElaspedTimeInSeconds 108
  ErrorCode 0
  PrincipalSamName WORKGROUP\GROK$
  IsMachine 1
  IsConnectivityFailure false
END DETAIL SECTION-----------------------------------------------------------------------------------------
End of results.
Thanks to all,
wegrok
Win7 Ultimate x64, 8 GB ram, AMD Phenom 9950 Quad-proc @2.6Ghz, HD = 1TB ASUS M4N72-E mobo, Video = NVIDIA GeForce 8800 GT w/ Dell 2407 Digital Monitor -------------------------------------------------------------------------------------------------------

Did you ever have luck tracking this down? Im getting this error and have no clue where it is coming from. I have not enabled gp disk quotas, but I do have a network share on a domain member server that has quotas attached to each users folder.
I removed the quotas and still get this error when I manually perform a gpupdate.

Group Policy won't apply, No mapping between account names and security IDs was done.

I am using Group Policy Preferences to remove users from the local admin group and add a local admin account. This GPO is working on 90% of the Win7 machines on the network, but three laptops are not accepting the GPO. I get the following error:
Log Name:      Application
Source:        Group Policy Local Users and Groups
Date:          6/24/2014 8:49:28 AM
Event ID:      4098
Task Category: (2)
Level:         Warning
Keywords:      Classic
User:          SYSTEM
Computer:      laptop1.internal.com
Description:
The user 'Administrators' preference item in the 'Local Admin Policy - Remove Permissions {593ACD77-3663-4023-BEB8-938D83F7862E}' Group Policy object did not apply because it failed with error code '0x80070534 No mapping between account names and security
IDs was done.' This error was suppressed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Group Policy Local Users and Groups" />
    <EventID Qualifiers="34305">4098</EventID>
    <Level>3</Level>
    <Task>2</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-06-24T13:49:28.000000000Z" />
    <EventRecordID>68771</EventRecordID>
    <Channel>Application</Channel>
    <Computer>laptop1.internal.com</Computer>
    <Security UserID="S-1-5-18" />
</System>
<EventData>
    <Data>user</Data>
    <Data>Administrators</Data>
    <Data>Local Admin Policy - Remove Permissions {593ACD77-3663-4023-BEB8-938D83F7862E}</Data>
    <Data>0x80070534 No mapping between account names and security IDs was done.</Data>
</EventData>
</Event>
I've searched high and low for an answer and nothing I find on-line seems to apply. I also notice that the option to 'Run as Administrator' does not work. If I right-click on cmd.exe and select 'run as administrator', the command box opens but
I am not prompted for credentials and the command box does not have admin rights. Not sure if this is related or not.
Any help on this would be greatly appreciated.
Thanks,
Joe

Hi,
Delete your remove action from the GPP and push it again, does this issue still occur?
If it still exists, let’s collect the GPP log for analysis:
Group policy Preference debug logging policy settings are located under:
Computer Configuration\Administrative Templates\System\Group Policy
Click Logging and tracing, select local users and group preference logging and trace.
Meanwhile, just a similar issue, but it is worth trying:
A user is added to the wrong group on a client computer that is running Windows 7 or Windows Server 2008 R2
http://support.microsoft.com/kb/2280515
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support

Strange DNS, Group Policy & Active Directory Issues - Can't track down root issue!

For the last few weeks, we've been getting complaints, from our developers, about not being able to authenticate on various systems. The issues were hit & miss but still problematic enough to warrant our looking into it. It seems to be getting
worse... I now have new servers that aren't getting group policy updates. They may get some, like the list of local admins but won't pick up NTFS permissions for folder-access. Those that pick up the AD group full of local admins have trouble
authenticating members of the group. Some were showing event log entries regarding authentication issues due to being unable to contact an AD DC. We reloaded that DC but many of the issues still persist. At this point, I'm running
out of places to look for ideas. I've spent the last week looking up Event Log IDs and looking though their meanings and possible remedies but, again, the issues persist. It doesn't seem to matter what the OS is. We've been seeing
this on 2008, 2008-R2 & 2012-R2.
Here are some examples of events I'm seeing. I can't figure out the root cause(s).
Log Name: Application
Source: Group Policy Files
Date: 2/19/2015 2:35:12 PM
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: H2T8-IOLDP1.HOMENET.local
Description:
The computer 'uptime.exe' preference item in the 'APPS (UpTime) {3BF05605-27C0-43AD-AC0F-873B678EB217}' Group Policy Object did not apply because it failed with error code '0x80090006 Invalid Signature.' This error was suppressed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Group Policy Files" />
<EventID Qualifiers="34305">4098</EventID>
<Level>3</Level>
<Task>2</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-02-19T19:35:12.000000000Z" />
<EventRecordID>1871</EventRecordID>
<Channel>Application</Channel>
<Computer>H2T8-IOLDP1.HOMENET.local</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>computer</Data>
<Data>uptime.exe</Data>
<Data>APPS (UpTime) {3BF05605-27C0-43AD-AC0F-873B678EB217}</Data>
<Data>0x80090006 Invalid Signature.</Data>
</EventData>
</Event>
Log Name: Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin
Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
Date: 2/19/2015 9:38:13 AM
Event ID: 20499
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: H2T8-IOLDP1.HOMENET.local
Description:
Remote Desktop Services has taken too long to load the user configuration from server \\h2s3-addc1.HOMENET.local for user RSickler
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TerminalServices-RemoteConnectionManager" Guid="{C76BAA63-AE81-421C-B425-340B4B24157F}" />
<EventID>20499</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2015-02-19T14:38:13.182363700Z" />
<EventRecordID>4</EventRecordID>
<Correlation />
<Execution ProcessID="1932" ThreadID="2156" />
<Channel>Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin</Channel>
<Computer>H2T8-IOLDP1.HOMENET.local</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<EventXML xmlns="Event_NS">
<ServerName>\\h2s3-addc1.HOMENET.local</ServerName>
<UserName>RSickler</UserName>
</EventXML>
</UserData>
</Event>
Note that these servers are sitting in OUs that are full of other servers that don't have these issues. These GPOs have been in place for years. I suspect there's a deeper issue with AD, GP or a combination thereof. The group policy issues
seem to only affect freshly loaded servers...

Hello,
assure that no firewall is blocking connection for AD required ports as listed in
https://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx
You have error about not connect setup from AD sites and services with the used subnets in your network and linking them to the correct site, please check this in AD sites and services and also have the DCs placed correct to the site they belong to.
"During the past 4.20 hours there have been 83 connections to this Domain Controller from client machines whose IP addresses don't map to any of the existing sites in the enterprise. Those clients, therefore, have undefined sites and may connect to
any Domain Controller including those that are in far distant locations from the clients. A client's site is determined by the mapping of its subnet to one of the existing sites. To move the above clients to one of the sites, please consider creating subnet
object(s) covering the above IP addresses with mapping to one of the existing sites. The names and IP addresses of the clients in question have been logged on this computer in the following log file '%SystemRoot%\debug\netlogon.log' and, potentially,
in the log file '%SystemRoot%\debug\netlogon.bak' created if the former log becomes full. The log(s) may contain additional unrelated debugging information. To filter out the needed information, please search for lines which contain text 'NO_CLIENT_SITE:'.
The first word after this string is the client name and the second word is the client IP address. The maximum size of the log(s) is controlled by the following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\LogFileMaxSize';
the default is 20000000 bytes. The current maximum size is 20000000 bytes. To set a different maximum size, create the above registry value and set the desired maximum size in bytes."
This error is about a not run adprep /rodcprep:
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=HOMENET,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
So either run the command on a DC or ignore this error.
Please provide also the following data as file:
ipconfig /all >c:\ipconfig.log [all DCs]
dcdiag /v /c /d /e /s:dcname >c:\dcdiag.log
repadmin /showrepl dc* /verbose /all /intersite >c:\repl.log ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
ADREPLSTATUS:
http://www.microsoft.com/en-us/download/details.aspx?id=30005 can also be exported to file.
As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!)
https://skydrive.live.com and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter:
Info you requested:
ipconfig_dcs.txt
dcdiag.txt
repl.log
dnslint.htm
ADREPLSTATUS: ADReplicationStatus.2015.2.23.9.21.16.csv ADReplicationStatusToolData.zip

Group Policy Preference Power Plan "Blocked By Group Policy"

I noticed this error in the application event log of a Windows 7 PC:
Log Name: Application
Source: Group Policy Power Options
Date: 3/21/2013 3:19:42 AM
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: xxx
Description:
The computer 'Power Plan (Windows Vista and later)' preference item in the 'Windows 7 Desktop Power Plan {A078F08F-45CC-4209-A264-FE0CB5635A99}' Group Policy object did not apply because it failed with error code '0x800704ec This program is blocked by group
policy. For more information, contact your system administrator.' This error was suppressed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Group Policy Power Options" />
<EventID Qualifiers="34305">4098</EventID>
<Level>3</Level>
<Task>2</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-03-21T10:19:42.000000000Z" />
<EventRecordID>7687</EventRecordID>
<Channel>Application</Channel>
<Computer>xx</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>computer</Data>
<Data>Power Plan (Windows Vista and later)</Data>
<Data>Windows 7 Desktop Power Plan {A078F08F-45CC-4209-A264-FE0CB5635A99}</Data>
<Data>0x800704ec This program is blocked by group policy. For more information, contact your system administrator.</Data>
</EventData>
</Event>
How can I find out exactly why it is not working? "Blocked by group policy" is not specific enough.

Hi,
You can also enable GPP tracing and logging for more information:
Computer Configuration\Policies\Administrative Templates\System\Group Policy\Configure Power Options preference logging and tracing
http://blogs.technet.com/b/askds/archive/2008/07/18/enabling-group-policy-preferences-debug-logging-using-the-rsat.aspx
Regards,
Cicely
There is no such option "Configure Power Options preference logging and tracing" at Computer
Configuration\Policies\Administrative Templates\System\Group Policy\.
It alphabetical order Always use local ADM files ... is followed by Disallow interactive users from generating ... Not

November updates cause error in IE group policy files

Hi,
I reinstalled Windows 8.1 with Update today and noticed an error after installing either the IE 11 cumulative update or the optional November rollup update package. The error pops up only if either or both are installed. If they are uninstalled, the error
no longer appears.
The error pop up displays when group policy editor is opened,
"Resource '$(string.VerMgmtAuditModeEnable)' referenced in attribute displayName could not be found. File C:\windows\PolicyDefinitions\inetres.admx, line 1495, column 249."

Hi Sahil,
This issue is related with the ADMX files of Internet Explorer. The error was often caused by mis-matched ADMX and ADML files.
Here is a similar thread for reference: Group Policy Editor problem
The fix:
Unzipping the download (THIS ONE
http://www.microsoft.com/en-us/download/details.aspx?id=40905), then copy the related language\inetres.adml file to the c:\Windows\PolicyDefinitions\language directory, overwriting the existing one in the destination.
Best regards
Michael Shao
TechNet Community Support

Slow logins to domain, several event ID errors (group policy, netlogon, NTP errors)

We have a laptop user who was experiencing slow logons in a remote office.   (Remote office has 100 users, only 1 is reporting the issue). Helpdesk swapped computers to give the user brand new hardware.   The new laptop worked
fine while in the IT department in the main office, the user returned to their desk in their remote office after replacing the laptop and logged in and experienced the same slow logon issues as the older laptop.
Logons take up to 45 mins to process. (Login script hangs and does not process). During the process, you can check IPConfig and it received the proper DNS settings. you can ping the authenticating server by name. We have scanning
on our local copiers setup to scan to the users desktop, and this errors out. DNS on the AD controller shows the proper IP address for the machine and you can ping the machine by name.
System Event log is loaded with errors:
Event ID 5719 - Netlogon, computer not able to setup a secure session with a domain controller in the domain
Event ID 1129 - Group Policy, processing of Group Policy failed because of lack of network connectivity
Event ID 129 - Time Service, NTP Client was unable to set a domain peer to use as a time source
Event ID 5783 - NetLogon, The session setup to the WIndows NT or 2000 domain controller (xxx) for the domain is not responsive. RPC call cancelled.   (NOTE - you can ping this domain controller by name and by IP with no issues)
Event ID 130 - Time-Service, NTP client unable to set a domain peer
All these seem to point to RPC errors timing out because they cannot communicate to the network resources. The problem happens on wired or wireless connections. We had the user move to a different network connection (one we know is working for
another user) the problem persists.   The problem was on the original computer and continues to happen even after replacing the hardware with a brand new laptop.
I have tried running the following hotfix. Which does not resolve the issue:
http://support2.microsoft.com/kb/2459530 which technically this shouldn't be an issue because we use DHCP off the 2003 AD domain controller.
I have checked the domain controller, AD Replication is processing with no issues. DNS is working. The local DHCP server has no issues or events related to this account and neither does the local DNS server or the authenticating server (which
is in another remote office).

Hi,
As we know, most of the time error event 5719 is caused by network connectivity issues or name resolution issue, I suggest you refer to this link to make a further analysis
http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
And this link:
Root Causes for Slow Boots and Logons
http://social.technet.microsoft.com/wiki/contents/articles/10130.root-causes-for-slow-boots-and-logons-sbsl.aspx
Yolanda Zhu
TechNet Community Support

Having problem with svchost.exe/ntdll.dll errors causing GPSVC (Group Policy Client) to crash preventing users from logging into the server.

Recently (within the past 2 weeks) I have noticed a few of our servers will have problems with the svchost.exe application causing the GPSVC (Group Policy Client) to crash. The only fix at that point is to reboot the server since the GPSVC service is tied
to svchost.exe and therefore is protected from being manually restarted.
I noticed the following errors when this occurs:
Log Name: Application
Source: Application Error
Date: 7/23/2013 4:35:26 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Server1.xxx.xxx.net
Description:
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000024
Fault offset: 0x00000000000cd7d8
Faulting process id: 0x46c
Faulting application start time: 0x01ce877f9476ac07
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: d252d26d-f372-11e2-8ad4-005056ac00e8
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-07-23T08:35:26.000000000Z" />
<EventRecordID>158950</EventRecordID>
<Channel>Application</Channel>
<Computer>AAW19XM2.agency.nwie.net</Computer>
<Security />
</System>
<EventData>
<Data>svchost.exe</Data>
<Data>6.1.7600.16385</Data>
<Data>4a5bc3c1</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7601.17725</Data>
<Data>4ec4aa8e</Data>
<Data>c0000024</Data>
<Data>00000000000cd7d8</Data>
<Data>46c</Data>
<Data>01ce877f9476ac07</Data>
<Data>C:\Windows\system32\svchost.exe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>d252d26d-f372-11e2-8ad4-005056ac00e8</Data>
</EventData>
</Event>
All of our servers are running Server 2008 R2 Enterprise where we use Citrix to deliver desktop sessions to our users, but some are virtual and some are physical. This seemingly impacts our virtual machines more, and our VMs are hosted through VMWare, however,
about 5 months ago a similar error fired on a non-virtual machine:
Log Name: Application
Source: Application Error
Date: 2/27/2013 6:57:58 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: AAW29033
Description:
Faulting application name: svchost.exe_gpsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000024
Fault offset: 0x00000000000cd7d8
Faulting process id: 0x6c0
Faulting application start time: 0x01ce14e1af313fd9
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: ed3d01c4-80d4-11e2-9128-b499baa9e5e8
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-02-27T11:57:58.000000000Z" />
<EventRecordID>286291</EventRecordID>
<Channel>Application</Channel>
<Computer>AAW29033</Computer>
<Security />
</System>
<EventData>
<Data>svchost.exe_gpsvc</Data>
<Data>6.1.7600.16385</Data>
<Data>4a5bc3c1</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7601.17725</Data>
<Data>4ec4aa8e</Data>
<Data>c0000024</Data>
<Data>00000000000cd7d8</Data>
<Data>6c0</Data>
<Data>01ce14e1af313fd9</Data>
<Data>C:\Windows\system32\svchost.exe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>ed3d01c4-80d4-11e2-9128-b499baa9e5e8</Data>
</EventData>
</Event>
I've searched and cannot seem to find any information as to what may be causing this, or even really where to start. Would someone be able to help me identify what might be causing this event, specific with the Exception code: 0xc0000024, which causes
the Group Policy Client service to stop?

You still out there looking at things? If so I have an update. The issue hasn't stopped, even though it did seemingly die down for awhile, however, it is now back with a vengeance.
I am able to force it to happen by killing the svchost process that is hosting GPSVC. If I run gpupdate /force, then logout/login it does get GPSVC running again. Furthermore, if I simply start svchost again via the Task Manager GPSVC starts running again.
When I access the server remotely with KVM it acts just like it does as if I'm logging into it via Citrix/RDP which for Admin IDs gives an error saying "Failed to connect to a windows service. Windows could not connect to the Group Policy Client service...",
however, normal user accounts just get a message when logging into the server "The Group Policy Client Service Failed the Logon. Access is denied."
I haven't opened a case with Microsoft yet, but we about ready to because of the increase in these errors.
If you have any further suggestions that would be great, otherwise I'll provide an update once I get word back from Microsoft.
**EDIT -- apparently I mistook the the server's SCM's actions as my own. I was able to successfully crash the GPSVC service by killing the hosting svchost process, however, after I crashed it and let it sit crashed for awhile when I attempted
to restart either by starting a svchost task, or running gpupdate /force it failed. Either that, or there is a timing issue where if we don't restart the svchost process, or run gpupdate /force quickly enough it won't be able to recover without a reboot.

Event 4098 Group Policy Printers, Printers intermittently don't deploy

Hi,
On a similar vein to this topic We also deploy printers Via the Server 2008 group policy preferences. All our PC's are Vista Business 32bit SP1. The problem we are having is that intermittently the printer will not install at logon. If you logoff and back on again it is there. On one particular PC I found this event in the Applications log.
Log Name:      Application
Source:        Group Policy Printers
Date:          13/01/2009 4:07:48 PM
Event ID:      4098
Task Category: (2)
Level:         Warning
Keywords:      Classic
User:          SYSTEM
Computer:      E-HSS.cygnet.library.uwa.edu.au
Description:
The user 'HSSClient1' preference item in the 'Client Vista Domain Policy SP1 {A85CA6F0-874B-467F-B50A-939E64932884}' Group Policy object did not apply because it failed with error code '0x80070709 The printer name is invalid.' This error was suppressed.
Event Xml:
<System>
    <Provider Name="Group Policy Printers" />
    <EventID Qualifiers="34305">4098</EventID>
    <Level>3</Level>
    <Task>2</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2009-01-13T07:07:48.000Z" />
    <EventRecordID>37184</EventRecordID>
    <Channel>Application</Channel>
    <Computer>E-HSS.cygnet.library.uwa.edu.au</Computer>
    <Security UserID="S-1-5-18" />
Now if this error happened every time we would change the name of the printer to be something more "Valid" but it doesn't and we can logon again and the printer installs fine. Can someone explain to me why it thinks HSSClient1 is invalid intermittently?
From this thread I investigated the print processor of one of our printer queues and found is was not set to 'WinPrint' So on HSSClient1 I set the print processor to 'WinPrint'. Do all printers managed/deployed by Group Policy preferences need to have their processor set to WinPrint?
Regards
Jason Langoulant
UWA Library I.T.

Hi,
Regarding print processors , third party print processors are supported but not recommended. Print processors are user-mode dynamic-link libraries that are responsible for converting the spooled data of a print job to a format that can be sent to a print monitor. Print processors are also responsible for handling program requests to pause, to resume, and to cancel print jobs. But Print processors would be started during system startup. It’s not related to this GPO issue.
This issue may occur if you create the Printer as TCP/IP printer. Please try to delete the original printer and try to create a new shared Printer in Group Policy Preferences.
However, if it’s the original printer is not TCP/IP printer, please also try to recreate it and help to run the MPS report (PFE version) on the clients to collect reports. The MPS Reporting Tool is utilized to gather detailed information regarding a systems current configuration. The data collected will assist you with fault isolation.
A . Please download MPS Reporting Tool (MPSRPT_PFE.EXE) from the following link:
(http://www.microsoft.com/downloads/details.aspx?FamilyID=00ad0eac-720f-4441-9ef6-ea9f657b5c2f&DisplayLang=en)
Please note: The link may be truncated when you read the E-mail. Be sure to include all text between '(' and ')' when navigating to the download location.
B . Right click MPSRPT_PFE.EXE and select Run as Administrator to run this tool, and you will see a Command Window start up.
C . Please type Y with the message of <Include the MSINFO32 report? (defaults to Y in 15 seconds)[Y,N]?
D . When the tool is done you will see an Explorer Window opening up the %systemroot%\MPSReports\Setup\Reports\cab folder and containing a <Computername>MPSReports.cab file. After collecting, please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the file and then give me the download address.
Thanks.

Group Policy servers WARNING Event ID:4098

Hi All,
On our Domain controller we get every 5minutes the following error:
Event ID: 4098
User: NT AUTHORITY\SYSTEM
Source: Group Policy Services
Description:
The computer 'Application Updater' preference item in the 'Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}' Group Policy object did not apply because it failed with error code '0x80070424 The specified service does not exist as an installed
service.' This error was suppressed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I just can't figure out what gpo setting is causing the problem....??
Anybody an idea how to solve this?

Hi,
According to the event description: The computer "Application Updater" preference item in the default domain policy..., we should troubleshoot this issue follow the steps as below:
1. As the GPO is Default Domain Policy, so the policy should be applied to all DCs and client, if the issue only occur on one of you DC, please check all the services, and find out the differences between DC and client.
2. Open Default Domain Policy, expand Computer Configuration, Preferences, Services. If you have new a service, please delete it and then check the result.
3. If the issue still there after the above troubleshoot, I would like suggest you to do DCGPOFIX.EXE, this tool could let us set the Default Domain Controller to the default setting.
DCGPOFIX - to be used - only in the last resort
http://blogs.technet.com/b/janelewis/archive/2006/09/22/458132.aspx
Hope this helps.
Best Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help.

Event ID 5002/5014 Group Policy DFSR problem

Similar Messages

Maybe you are looking for