Group policy acts unexpectedly
Hello,
I am trying to solve a problem in my domain environment. I am out of ideas. Company decided to
force specific sceensaver and custom Power management.
I set it as showed in attached file, but there is problem. Random computers starts their sceensaver
sooner, than they shoul and on other random computers taskbar in Win 7 Pro just dissapers - not hide, really dissapears. Only the Start button remains in place.
May i ask you for help? Thanks
Hello,
I am trying to solve a problem in my domain environment. I am out of ideas. Company decided to
force specific sceensaver and custom Power management.
I set it as showed in attached file, but there is problem. Random computers starts their sceensaver
sooner, than they shoul and on other random computers taskbar in Win 7 Pro just dissapers - not hide, really dissapears. Only the Start button remains in place.
May i ask you for help? Thanks
User Configuration (Enabled)
Policies
Administrative Templates
Policy definitions (ADMX files) retrieved from the local machine.
Control Panel/Personalization
Policy
Setting
Comment
Enable screen saver
Enabled
Force specific screen saver
Enabled
Screen saver executable name
\\...\SURAO.scr
Policy
Setting
Comment
Prevent changing screen saver
Enabled
Screen saver timeout
Enabled
Number of seconds to wait to enable the screen saver
Seconds:
600
Preferences
Control Panel Settings
Power Options
Power Plan (Windows Vista) (Name: SURAO)
Power Plan (Windows Vista and later) (Order: 1)
Properties
Action
Update
Make this the active Power Plan:
Enabled
Name
SURAO
When computer is:
Plugged in
Running on batteries
Require a password on wakeup:
Yes
Yes
Turn off hard disk after:
Never
Never
Sleep after:
After 60 minutes
After 10 minutes
Allow hybrid sleep:
On
On
Hibernate after:
Never
Never
Lid close action:
Sleep
Sleep
Power button action:
Shutdown
Shutdown
Start menu power button:
Hibernate
Hibernate
Link State Power Management:
Moderate power savings
Maximum power savings
Minimum processor state:
After 5 minutes
After 5 minutes
Maximum processor state:
After 100 minutes
After 100 minutes
Turn off display after:
After 15 minutes
After 7 minutes
Adaptive display:
On
On
Critical battery action:
Do nothing
Hibernate
Low battery level:
After 10 minutes
After 10 minutes
Critical battery level:
After 5 minutes
After 5 minutes
Low battery notification:
Off
Off
Low battery action:
Do nothing
Do nothing
hi,
could you run a gpresult /r on one or two of the computers that are not getting the policy correctly, or where it isn;t doing as you would expect - we can then see what settings are being applied from what.
it's possible you have some overriding policies, or the computers are getting the policies you have created. You should also check that the problem computers and users are in the correct OU and security filtering for the policy.
Regards,
Denis Cooper
MCITP EA - MCT
Help keep the forums tidy, if this has helped please mark it as an answer
My Blog
LinkedIn:
Similar Messages
-
Hi all,
Having an issue with the shortcuts Group Policy extension applying to our Windows 7 machines. It was working until last Wednesday and since then users get a Group Policy Client service error when logging in.
We have narrowed it down to the shortcuts extension, if the extension is disabled then a user can log in, if enabled and empty then the following error comes up. With all the investigation we have done so far it seems as though something on the client is
making this happen.
We have –
Copied the original policy
Exported and imported the policy
Deleted all the shortcuts
Deleted all the shortcuts and created a brand new shortcut
And the same thing happens. Only if you right click on the Shortcut Extension and select disable then the user can log in
When running Gpupdate /force we get the following error
The Group Policy Client Side Extension Group Policy Shortcuts may have caused the Group Policy Service to terminate unexpectedly. To prevent further failures inthe
Group Policy Service, this extension has been temporarily disabled until after the next system restart. Group Policy settings managed by this extension may no
longer be enforced until the system is restarted. The vendor of this extension should be contacted if this issue recurs.
The Group Policy Client Side Extension Group Policy Internet Settings may have caused the Group Polcy Service to terminate unexpectedly. To prevent further failures
in the Group Policy Service, this extension has been temporarily disabled until after the next system restart. Group Policy settings managed by this extension
may no longer be enforced until the system is restarted. The vendor of this extension should be contacted if this issue recurs.
Has anyone come across this before?
ThanksHi Dejul,
How is the issue going? Does this issue happen to all Windows 7 clients? I am not sure this can be helpful but we can give it a try to install the following hotfix.
Some Group Policy preferences are not applied successfully on computers that are running Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2
http://support.microsoft.com/kb/979731
Besides, please make sure that our clients are patched or updated to the latest.
An enterprise hotfix rollup is available for Windows 7 SP1 and Windows Server 2008 R2 SP1
http://support.microsoft.com/kb/2775511
TechNet Subscriber Support
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Best regards,
Frank Shen -
Hello all-
I am currently trying to configure group policy (specifically folder redirects) from a new Windows Server 2008 in my home... the server acts as both an AD DS and file server for 4 client computers, all running Windows Vista Ultimate.
Here are the steps I am currently taking:
I create a new Group Policy called All Users and Computers and apply it to the All Users and Computers OU, which contains exactly what it says (all users and computers in the domain).
I verify that a new folder was created in \\<FQDN>\sysvol\<FQDN>\Policies. The new folder created is named {6479C8E0-3134-4B4F-B047-7ADD51684684}
I change the GPO Enforced setting to Enforced.
I attempt to use the gpupdate command to see if the group policy can be updated successfully. In a command prompt, I type gpupdate <enter>. I receive the message 'Updating Policy...' then after about 15 seconds the message 'User Policy update has completed successfully.'
I keep the cmd window open. After about 10 seconds another message apperas which says "Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \\<FQDN>\sysvol\<FQDN>\Policies\{6AC1786C-016F-11D2-945F-00C04Fb984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results."
I confirm that the error code is #3 using the Event Log, "The system cannot find the file specificed"
Of course the system cannot find the file specified because the folder does not exist in the sysvol folder. I am wondering why Windows is trying to read from this location when it does not exist, and is not the new group policy I created! I have no other group policies linked or enforced to any other OU/Domain/etc. Any help resolving this issue would be greatly appreciated.Hello all and thanks for the help. First a few things:
I understand that the DC should not be running RRAS, but this a simple server being used in aa home environment by 4 users and getting another server just for RRAS would be overkill.
Secondly, I currently have it so that while the router is handling DHCP, I have reserved a fixed IP for the server, so it always has 192.168.1.100. If I were to use the server as the DHCP, what would my hardware configuration have to look like? I currently have the router plugged into the ISP modem, and then server plugged into the router. All other clients connect to the router wirelessly.
Here's the dcdiag output. I tried dcdiag /fix but to no avail.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine KELLERDCFS, is a Directory Server.
Home Server = KELLERDCFS
* Connecting to directory service on server KELLERDCFS.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\KELLERDCFS
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... KELLERDCFS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\KELLERDCFS
Starting test: Advertising
The DC KELLERDCFS is advertising itself as a DC and having a DS.
The DC KELLERDCFS is advertising as an LDAP server
The DC KELLERDCFS is advertising as having a writeable directory
The DC KELLERDCFS is advertising as a Key Distribution Center
The DC KELLERDCFS is advertising as a time server
The DS KELLERDCFS is advertising as a GC.
......................... KELLERDCFS passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the event log File Replication Service does not exist.
......................... KELLERDCFS passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... KELLERDCFS passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... KELLERDCFS passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... KELLERDCFS passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Domain Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role PDC Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Rid Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Infrastructure Update Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
......................... KELLERDCFS passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC KELLERDCFS on DC KELLERDCFS.
* SPN found :LDAP/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :LDAP/KELLERDCFS.keller-pa.net
* SPN found :LDAP/KELLERDCFS
* SPN found :LDAP/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :LDAP/42268b36-801f-4a6d-b162-34f3b01e04bb._msdcs.keller-pa.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/42268b36-801f-4a6d-b162-34f3b01e04bb/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net
* SPN found :HOST/KELLERDCFS
* SPN found :HOST/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :GC/KELLERDCFS.keller-pa.net/keller-pa.net
......................... KELLERDCFS passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC KELLERDCFS.
* Security Permissions Check for
DC=ForestDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=keller-pa,DC=net
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=keller-pa,DC=net
(Configuration,Version 3)
* Security Permissions Check for
DC=keller-pa,DC=net
(Domain,Version 3)
......................... KELLERDCFS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\KELLERDCFS\netlogon
Verified share \\KELLERDCFS\sysvol
......................... KELLERDCFS passed test NetLogons
Starting test: ObjectsReplicated
KELLERDCFS is in domain DC=keller-pa,DC=net
Checking for CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net in domain DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net in domain CN=Configuration,DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
......................... KELLERDCFS passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... KELLERDCFS passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* KELLERDCFS.keller-pa.net is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1111
......................... KELLERDCFS passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... KELLERDCFS passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 17:53:59
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 17:59:02
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:04:04
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:09:06
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:14:08
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:19:10
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:24:12
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:29:15
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:34:17
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:39:19
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:49:23
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
......................... KELLERDCFS failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net and backlink
on
CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
are correct.
The system object reference (serverReferenceBL)
CN=KELLERDCFS,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=keller-pa,DC=net
and backlink on
CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
are correct.
......................... KELLERDCFS passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : keller-pa
Starting test: CheckSDRefDom
......................... keller-pa passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... keller-pa passed test CrossRefValidation
Running enterprise tests on : keller-pa.net
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
PDC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
Time Server Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
KDC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
......................... keller-pa.net passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... keller-pa.net passed test Intersite
Here's the nslookup from Vista client:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Andrew>nslookup KELLERDCFS
Server: UnKnown
Address: 192.168.1.100
Name: KELLERDCFS.keller-pa.net
Addresses: 192.168.1.150
192.168.1.100
C:\Users\Andrew>
Thanks again! -
Processing of Group Policy failed - User Policy - Windows 7
OP:
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/191f1ee1-a551-446b-9808-ff66a952bb25
When running a gpupdate I get the following message:
Updating Policy...
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows could not authenticate to the Act
ive Directory service on a domain controller. (LDAP Bind function call failed).
Look in the details tab for error code and description.
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
This only happens on one computer under a certain account; other accounts work fine and the problem account works fine on other computers. Therefore the problem is located on the Windows 7 computer.
I have tracked it down to an LDAP error code 49.
I tried the MS sollution (http://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx) but the credentials are sound.
I can also connect to the DC with LDP.exe fine.
Here are the diagnostic read outs (GPResult was too long to post):
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2/29/2012 1:56:09 PM
Event ID: 1006
Task Category: None
Level: Error
Keywords:
User: Domain\UserAccount
Computer: Win7-ComputerA.FQDomain
Description:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1006</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-02-29T19:56:09.732842600Z" />
<EventRecordID>32458</EventRecordID>
<Correlation ActivityID="{CECE6DDC-E7CC-4563-8109-E62382F645D4}" />
<Execution ProcessID="984" ThreadID="3688" />
<Channel>System</Channel>
<Computer>Win7-ComputerA.FQDomain</Computer>
<Security UserID="S-1-5-21-416373151-1271962822-2142307910-40105" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">5012</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1326</Data>
<Data Name="ErrorCode">49</Data>
<Data Name="ErrorDescription">Invalid Credentials</Data>
<Data Name="DCName">
</Data>
</EventData>
</Event>
Windows IP Configuration
Host Name . . . . . . . . . . . . : WIN7-ComputerA
Primary Dns Suffix . . . . . . . : FQDomain
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : FQDomain
ParentDomain
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : FQDomain
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti
on
Physical Address. . . . . . . . . : 00-21-CC-5F-CF-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 216.71.244.28(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, February 29, 2012 12:38:25 PM
Lease Expires . . . . . . . . . . : Thursday, March 01, 2012 12:38:24 PM
Default Gateway . . . . . . . . . : 216.71.244.1
DHCP Server . . . . . . . . . . . : 216.71.244.2
DNS Servers . . . . . . . . . . . : 216.71.244.2
216.71.240.120
216.71.240.132
Primary WINS Server . . . . . . . : 216.71.244.2
Secondary WINS Server . . . . . . : 216.71.240.130
216.71.240.122
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 8C-A9-82-B0-67-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesHi,
It sound like port blocking issue, Seems your client system connecting 216.71.240.x DNS Servers as a logon server and which seems on different subnet
as per subnet mask, So there must be a router or firewall in between and so it might be Active directory ports are being blocked.
So first for testing purpose just remove other
216.71.240.x DNS
servers from TCP/IP configuration and clear dns cache
ipconfig/flushdns
and restart the system. check if it works.
or run this command on DC
dcdiag /test:dns
and share the error report.
Cheers!
Sanjay -
I have two Domain Controllers Main ( Main DC ) and Second DC.
the date of some policies is not out of date....
please check these files to know the problem.
dcdiag.txt output:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine ASMDC, is a Directory Server.
Home Server = ASMDC
* Connecting to directory service on server ASMDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=buc,DC=edu,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=buc,DC=edu,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ASMDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... ASMDC passed test Connectivity
Testing server: Default-First-Site-Name\BSMDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... BSMDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ASMDC
Starting test: Advertising
The DC ASMDC is advertising itself as a DC and having a DS.
The DC ASMDC is advertising as an LDAP server
The DC ASMDC is advertising as having a writeable directory
The DC ASMDC is advertising as a Key Distribution Center
The DC ASMDC is advertising as a time server
The DS ASMDC is advertising as a GC.
......................... ASMDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... ASMDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... ASMDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ASMDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... ASMDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Domain Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role PDC Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Rid Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
......................... ASMDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC ASMDC on DC ASMDC.
* SPN found :LDAP/ASMDC.buc.edu/buc.edu
* SPN found :LDAP/ASMDC.buc.edu
* SPN found :LDAP/ASMDC
* SPN found :LDAP/ASMDC.buc.edu/BUC
* SPN found :LDAP/5e88f85b-15a6-4ff5-b0fd-6df748df06fd._msdcs.buc.edu
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5e88f85b-15a6-4ff5-b0fd-6df748df06fd/buc.edu
* SPN found :HOST/ASMDC.buc.edu/buc.edu
* SPN found :HOST/ASMDC.buc.edu
* SPN found :HOST/ASMDC
* SPN found :HOST/ASMDC.buc.edu/BUC
* SPN found :GC/ASMDC.buc.edu/buc.edu
......................... ASMDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ASMDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=buc,DC=edu
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=buc,DC=edu
(Configuration,Version 3)
* Security Permissions Check for
DC=buc,DC=edu
(Domain,Version 3)
......................... ASMDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ASMDC\netlogon
Verified share \\ASMDC\sysvol
......................... ASMDC passed test NetLogons
Starting test: ObjectsReplicated
ASMDC is in domain DC=buc,DC=edu
Checking for CN=ASMDC,OU=Domain Controllers,DC=buc,DC=edu in domain DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu in domain CN=Configuration,DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
......................... ASMDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=DomainDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Schema,CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... ASMDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8604 to 1073741823
* ASMDC.buc.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 7604 to 8103
* rIDPreviousAllocationPool is 7604 to 8103
* rIDNextRID: 7640
......................... ASMDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ASMDC passed test Services
Starting test: SystemLog
* The System Event log test
An Warning Event occurred. EventID: 0x825A0024
Time Generated: 08/21/2014 00:22:16
Event String:
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system
time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources.
Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
An Warning Event occurred. EventID: 0x8000000E
Time Generated: 08/21/2014 00:32:29
Event String:
There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential BUC.EDU\administrator.
An Error Event occurred. EventID: 0x00000422
Time Generated: 08/21/2014 00:32:29
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\buc.edu\sysvol\buc.edu\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not
successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
......................... ASMDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=ASMDC,OU=Domain Controllers,DC=buc,DC=edu and backlink on
CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
The system object reference (serverReferenceBL)
CN=ASMDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=buc,DC=edu
and backlink on
CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
......................... ASMDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\BSMDC
Starting test: Advertising
The DC BSMDC is advertising itself as a DC and having a DS.
The DC BSMDC is advertising as an LDAP server
The DC BSMDC is advertising as having a writeable directory
The DC BSMDC is advertising as a Key Distribution Center
The DC BSMDC is advertising as a time server
The DS BSMDC is advertising as a GC.
......................... BSMDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... BSMDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... BSMDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BSMDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... BSMDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Domain Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role PDC Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Rid Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ASMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
......................... BSMDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC BSMDC on DC BSMDC.
* SPN found :LDAP/BSMDC.buc.edu/buc.edu
* SPN found :LDAP/BSMDC.buc.edu
* SPN found :LDAP/BSMDC
* SPN found :LDAP/BSMDC.buc.edu/BUC
* SPN found :LDAP/93561cab-4fb3-421f-9a67-af6b4c280eca._msdcs.buc.edu
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/93561cab-4fb3-421f-9a67-af6b4c280eca/buc.edu
* SPN found :HOST/BSMDC.buc.edu/buc.edu
* SPN found :HOST/BSMDC.buc.edu
* SPN found :HOST/BSMDC
* SPN found :HOST/BSMDC.buc.edu/BUC
* SPN found :GC/BSMDC.buc.edu/buc.edu
......................... BSMDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC BSMDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=buc,DC=edu
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=buc,DC=edu
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=buc,DC=edu
(Configuration,Version 3)
* Security Permissions Check for
DC=buc,DC=edu
(Domain,Version 3)
......................... BSMDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\BSMDC\netlogon
Verified share \\BSMDC\sysvol
......................... BSMDC passed test NetLogons
Starting test: ObjectsReplicated
BSMDC is in domain DC=buc,DC=edu
Checking for CN=BSMDC,OU=Domain Controllers,DC=buc,DC=edu in domain DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu in domain CN=Configuration,DC=buc,DC=edu on 2 servers
Object is up-to-date on all servers.
......................... BSMDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=DomainDnsZones,DC=buc,DC=edu
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Schema,CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=buc,DC=edu
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... BSMDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8604 to 1073741823
* ASMDC.buc.edu is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 8104 to 8603
* rIDPreviousAllocationPool is 8104 to 8603
* rIDNextRID: 8106
......................... BSMDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BSMDC passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:15
Event String:
Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:18
Event String:
Driver SolidPDF XChange required for printer SolidPDF XChange is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:18
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!net_pc5!NRG SP 3400N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:19
Event String:
Driver Send To Microsoft OneNote Driver required for printer !!BUCLAPTOP1!Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:20
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!BUCLAPTOP1!NRG SP 3400N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An Warning Event occurred. EventID: 0x80000008
Time Generated: 08/20/2014 23:52:20
Event String:
The jobs in the print queue for printer Microsoft XPS Document Writer (redirected 2) were deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000004
Time Generated: 08/20/2014 23:52:20
Event String:
Printer Microsoft XPS Document Writer (redirected 2) will be deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the
Advanced tab, and then clear the Log spooler warning events check box.
An Warning Event occurred. EventID: 0x80000003
Time Generated: 08/20/2014 23:52:20
Event String:
Printer Microsoft XPS Document Writer (redirected 2) was deleted, and users will no longer be able to print to this printer. No user action is required.
To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click
the Advanced tab, and then clear the Log spooler information events check box.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/20/2014 23:52:22
Event String:
Driver NRG SP 3400N PCL 6 required for printer !!BUCLAPTOP1!NRG SP 3400N PCL 6 (Copy 1) is unknown. Contact the administrator to install the driver before you log in again.
......................... BSMDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BSMDC,OU=Domain Controllers,DC=buc,DC=edu and backlink on
CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
The system object reference (serverReferenceBL)
CN=BSMDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=buc,DC=edu
and backlink on
CN=NTDS Settings,CN=BSMDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=buc,DC=edu
are correct.
......................... BSMDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : buc
Starting test: CheckSDRefDom
......................... buc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... buc passed test CrossRefValidation
Running enterprise tests on : buc.edu
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
PDC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
Time Server Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
KDC Name: \\ASMDC.buc.edu
Locator Flags: 0xe00013fd
......................... buc.edu passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... buc.edu passed test Intersite
====================================================================
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\ASMDC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 5e88f85b-15a6-4ff5-b0fd-6df748df06fd
DSA invocationID: 1355f657-cd24-4ad4-b890-f04f5c624acd
==== INBOUND NEIGHBORS ======================================
DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:43:56 was successful.
CN=Configuration,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:41:11 was successful.
CN=Schema,CN=Configuration,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-20 23:51:37 was successful.
DC=DomainDnsZones,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-21 00:45:39 was successful.
DC=ForestDnsZones,DC=buc,DC=edu
Default-First-Site-Name\BSMDC via RPC
DSA object GUID: 93561cab-4fb3-421f-9a67-af6b4c280eca
Last attempt @ 2014-08-20 23:51:37 was successful.
Regards and thanks in advance
MhiarHi,
Based on the description, the Sysvol is replicated by FRS service.
>>some policies at the main DC are not updated like same policies in second DC.
In this case, we can do a non-authoritative restore on the main DC.
To do so:
Click Start, and then click
Run.
In the
Open box, type cmd and then press ENTER.
In the
Command box, type net stop ntfrs.
Click Start, and then click
Run.
In the
Open box, type regedit and then press ENTER.
Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
In the right pane, double-click
BurFlags.
In the
Edit DWORD Value dialog box, type D2 and then click OK.
Quit Registry Editor, and then switch to the
Command box.
In the
Command box, type net start ntfrs.
Quit the
Command box.
Regarding reinitializing File Replication Service replica sets, the following article can be referred to for more information.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Best regards,
Frank Shen -
Failed to Connect "Group Policy Client Service" Windows 7 x64
This error pops up everytime boot / start-up. I've tried everything, for the last month. including
http://support.microsoft.com/kb/2421599 In the "Resolution Section" did step by step, But did not work for me...
Also
http://blogs.technet.com/b/mempson/archive/2010/01/10/userenvlog-for-windows-vista-2008-win7.aspx Didn't work either. :(
Is this a Winlogin problem? Or does have to do with other computers in my homegroup?
But in Safe Mode & Safe Mode with Networking, this issue does Not appear / pop-up at start up. "Group Policy Client Service"
""HP Premium Remote Services"" tells me that in order to fix, I have to Re-Install Windows. And have been in contact today with Hp Premium Remote Services for over 7 hours with NO Resolution!!
Hate to make a Recovery Partition on a New PC, in order to Re-Install Windows...
This is a Brand New HP Pavilion HPE H8-1234 AMD Processor that I installed on 7/23/2012. Running windows 7 64-bit home premium, OS: Internet Explorer 9.
Have a copy of Windows 7 Ultimate using Anytime Upgrade, My question is would that rectify the "Group Policy Client Service" error?
Always run MalwareBytes Anti-Malware and Hitman Pro, in addition with Norton, on a regular basis. So that I know my system is clean...
Any MS Engineers or Tech's have any ideas, suggestions OR help, How to Fix this issue,With-Out having to use: System Recovery/Restore. To factory condition...
Would be Very Greatly Appreciated! HELP Me Pleeeze !!!!
***Because this issue Baogles my Mind! After all I'am only dealing with half a Brain, LOL- Due to Brain Tumor Surgery...I FOUND SOLUTION TO THIS PROBLEM!
I had this issue on my laptop since November, and it really bugged me. I sifted through the event log and found the pattern of events that preceded the issue, and, probably, caused it.
In short, the pattern is as follows: Windows updates run automatically as scheduled, and when reboot is initiated after the updates are finished, the computer crashes (probably during reboot sequence). When it boots up, it reports that the last shutdown
was unexpected, and the issue begins to occur.
I spent 2 days trying to dig out a solution from the Internet, to no avail, until I came across
this page. It doesn't say anything about this particular problem, but it gives more information about SVCHOST process that starts many services, including Group Policy Client. It looks like during reboot a vital registry settings were lost during
crash and Group Policy Client "doesn't know" how to start. Let me explain:
There are two places to look in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services this path should contain
gpsvc key (a folder), which is responsible for service parameters and configuration. I found that the key was intact, so, you do not touch anything here - just check that the key exists.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SVCHOST This is the most important path you should look into, as it must contain the keys and values referred in the key #1. Below are descriptions what must be present
there.
There must be Multi-String value called GPSvcGroup. My laptop was missing it. So, you should create multi-string value named
GPSvcGroup and assign it value GPSvc.
Next, you must create a key (a folder) and name it GPSvcGroup - this key normally should be there, but, again, it was missin on my laptop.
Then open newly-created GPSvcGroup folder and create 2 DWORD values:
First called AuthenticationCapabilities and you must give it a value of 0x00003020 (or 12320 in decimal)
Second is called CoInitializeSecurityParam and it must have value of 1.
Once you complete all steps above, reboot the computer and the problem will be fixed.
I am so relieved I was able to fix it, and hope this will help others with the similar issue.
Here is the link to the video walkthrough if you have any troubles understanding what has to be done: http://youtu.be/4m5KEmckWK4
I did try the above, but it did not fix my issue with the ""group policy client service failed the logon".
This problem was happening on 5 different RDS Nodes. All I did was rename the Roaming Profile, then delete the locally stored profile on each RDS Server: right click COMPUTER > PROPERTIES > ADVANCED SYSTEM SETTINGS > USER PROFILES > delete the
offending User(s).
Hope that helps.
Life is dangerous, no one has ever survived. So enjoy! -
Group Policy Client service does not start
Hi,
As soon as I (administrator on my PC) logon to Windows 7, I get a message saying that the Group Policy Client service failed to start. I'm not sure why I'm getting this error even though the dependencies are very much up and running..
Below is the error message I get in the notification area as soon as I logon
Failed to connect to a windows service
Windows could not connect to the Group Policy Client service. This problem prevents stndard users from logging on to the system.
As an administrative user, you can review the System Event Log for details about why the service didn't respond.I FOUND SOLUTION TO THIS PROBLEM!
The crash of your computer caused that - you are absolutely right!
I had this issue on my laptop since November, and it really bugged me. I sifted through the event log and found the pattern of events that preceded the issue, and, probably, caused it.
In short, the pattern is as follows: Windows updates run automatically as scheduled, and when reboot is initiated after the updates are finished, the computer crashes (probably during reboot sequence). When it boots up, it reports that the last shutdown
was unexpected, and the issue begins to occur.
I spent 2 days trying to dig out a solution from the Internet, to no avail, until I came across
this page. It doesn't say anything about this particular problem, but it gives more information about SVCHOST process that starts many services, including Group Policy Client. It looks like during reboot a vital registry settings were lost during
crash and Group Policy Client "don't know" how to start. Let me explain:
There are two places to look in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services this path should contain
gpsvc key (a folder), which is responsible for service parameters and configuration. I found that the key was intact, so, you do not touch anything here - just check that the key exists.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SVCHOST This is the most important path you should look into, as it must contain the keys and values referred in the key #1. Below are descriptions what must be present
there.
There must be Multi-String value called GPSvcGroup. My laptop was missing it. So, you should create multi-string value named
GPSvcGroup and assign it value GPSvc.
Next, you must create a key (a folder) and name it GPSvcGroup - this key normally should be there, but, again, it was missin on my laptop.
Then open newly-created GPSvcGroup folder and create 2 DWORD values:
First called AuthenticationCapabilities and you must give it a value of 0x00003020 (or 12320 in decimal)
Second is called CoInitializeSecurityParam and it must have value of 1.
Once you complete all steps above, reboot the computer and the problem will be fixed.
Video walkthrough for those who are not very technical is here: http://youtu.be/4m5KEmckWK4
I am so relieved I was able to fix it, and hope this will help others with the similar issue. -
Group Policy - Issues deploying software packages through GPO
Hello everyone,
I am having issues successfully deploying MSI packages through group policy. I have set my computer account up in its own test OU in my domain, but yet the software will not deploy. Example, I'm trying to deploy AVG Anti-Virus and make sure it
is installed on each and every PC in my domain. As for the GPO, I set it up as an assigned package and pointed to the location of the package with the UNC file path (visible to both the DC and my computer that is part of the affected OU)
On the domain controller, I get these messages in application event logs:
Beginning a Windows Installer transaction: \\hs-dc2\software\avg\installavg.msi. Client Process Id: 9048.
Ending a Windows Installer transaction: \\hs-dc2\software\avg\installavg.msi. Client Process Id: 9048.
This shows up when I refresh GP on my computer. I run gpresult /h GPReport.html and get the following message:
Software Installation failed due to the error listed below.
Fatal error during installation.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between
The software is in a share on the domain controller that is visible from my computer, and permissions are set where "Everyone" has read access. I have tested the package on my computer and it installs
correctly if I do it manually, so it's a good package.
I'm at a loss. I am admitedly very new to GP management, but I'm pretty sure I have covered all my bases here. I humbly ask for any and all help that you all can provide.
Thank you all very much, have a great weekend!> Magnolia_Schools.exe
What's that???
> \\hs-dc2\software\avg\installavg.msi
> <file://\\hs-dc2\software\avg\installavg.msi> /qb addeploy=1
/qb ADDEPLOY=1
Uppercase matters (:
A bissle "Experience", a bissle GMV... Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
I should have explained, my apologies. The InstallAVG.msi is the package I have GP deploying. it is a package that AVG wrote for us that goes in, uninstalls the two previous antivirus softwares we have on our network if it is present, and
then wraps it to run magnolia_schools.exe which installs the AV software. I am uninstalling AVG now and will try reinstalling with
\\hs-dc2\software\avg\installavg.msi /qb ADDEPLOY=1 and report back.
also, the only logs I found that were around the time of the install attempt were such as these:
1: 2905 2: C:\windows\system32\appmgmt\MACHINE\{06ee0d46-cd5f-4216-a09f-2aeb573aa5ba}.aas
1: 2905 2: C:\windows\system32\appmgmt\MACHINE\{06ee0d46-cd5f-4216-a09f-2aeb573aa5ba}.aas
Does that tell you anything?
I will say this, if this means anything...now that AVG is installed, the event logs are changing from an error %%1603 to this:
Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274
The removal of the assignment of application exe2msiSetupPackage from policy Install AVG failed. The error was : %%2
So it acts like it's at least seeing that the package is installed...and reacting differently, correct?
Thanks so much -
How to install Windows Updates on a 2012 Domain Controller w/Group Policy Settings
Hello All,
I'm having an issue installing Windows Updates on my Windows Server 2012 Standard with AD DS role, acting as a backup DC.
I have Group Policies setup for the Domain Controllers to download updates from my WSUS server but not to install them. When I go to my Windows Server 2003 R2 Domain Controller, I can install updates via the "Install Updates and Shutdown". That
option doesn't show up on the 2012 server. I can see from my WSUS server and the event viewer that the updates are being downloaded to the 2012 server........just no option for me to install the updates.
Am I just missing something or will I need to change the way my Group Policy is setup to allow installs and/or downloads? Any help would be greatly appreciated!
TonySo I've totally removed the GPO settings for configuring updates on the Default Domain Controllers OU and I can get the Windows Server 2003 Server to get updates from Windows Updates, but the 2012 Server still won't show me how to download or install any
updates. It just states on the log-in screen that there are "Windows Updates Sign in and install important updates".
Well guess what Microsoft! I've signed in and still don't see where I can install updates!!!
I guess because you've set AU=3.
There doesn't seem to be much documented in depth about AU/WUAgent (not in the history of forever), but Lawrence and others in the WSUS forum do cover a lot of related question about the agent and also GP settings.
Lawrence has blogged a lot of detail about the registry settings which are available for AU/WU, and how some of those settings are not practically of any use since WinXP.
So, even though your question isn't about WSUS, the WSUS forum is a great place to visit for help for WUAgent etc.
Anyway, "where can I install updates?" :
on the Start screen, Search for "Windows Update"
or
Settings charm
Change PC Settings
Update and Recovery
Windows Update
or
Control Panel\System and Security\Windows Update
Some further (light) discussion on the "new" behaviour:
http://blogs.msdn.com/b/b8/archive/2011/11/14/minimizing-restarts-after-automatic-updating-in-windows-update.aspx
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Recently (within the past 2 weeks) I have noticed a few of our servers will have problems with the svchost.exe application causing the GPSVC (Group Policy Client) to crash. The only fix at that point is to reboot the server since the GPSVC service is tied
to svchost.exe and therefore is protected from being manually restarted.
I noticed the following errors when this occurs:
Log Name: Application
Source: Application Error
Date: 7/23/2013 4:35:26 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Server1.xxx.xxx.net
Description:
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000024
Fault offset: 0x00000000000cd7d8
Faulting process id: 0x46c
Faulting application start time: 0x01ce877f9476ac07
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: d252d26d-f372-11e2-8ad4-005056ac00e8
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-07-23T08:35:26.000000000Z" />
<EventRecordID>158950</EventRecordID>
<Channel>Application</Channel>
<Computer>AAW19XM2.agency.nwie.net</Computer>
<Security />
</System>
<EventData>
<Data>svchost.exe</Data>
<Data>6.1.7600.16385</Data>
<Data>4a5bc3c1</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7601.17725</Data>
<Data>4ec4aa8e</Data>
<Data>c0000024</Data>
<Data>00000000000cd7d8</Data>
<Data>46c</Data>
<Data>01ce877f9476ac07</Data>
<Data>C:\Windows\system32\svchost.exe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>d252d26d-f372-11e2-8ad4-005056ac00e8</Data>
</EventData>
</Event>
All of our servers are running Server 2008 R2 Enterprise where we use Citrix to deliver desktop sessions to our users, but some are virtual and some are physical. This seemingly impacts our virtual machines more, and our VMs are hosted through VMWare, however,
about 5 months ago a similar error fired on a non-virtual machine:
Log Name: Application
Source: Application Error
Date: 2/27/2013 6:57:58 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: AAW29033
Description:
Faulting application name: svchost.exe_gpsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000024
Fault offset: 0x00000000000cd7d8
Faulting process id: 0x6c0
Faulting application start time: 0x01ce14e1af313fd9
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: ed3d01c4-80d4-11e2-9128-b499baa9e5e8
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-02-27T11:57:58.000000000Z" />
<EventRecordID>286291</EventRecordID>
<Channel>Application</Channel>
<Computer>AAW29033</Computer>
<Security />
</System>
<EventData>
<Data>svchost.exe_gpsvc</Data>
<Data>6.1.7600.16385</Data>
<Data>4a5bc3c1</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7601.17725</Data>
<Data>4ec4aa8e</Data>
<Data>c0000024</Data>
<Data>00000000000cd7d8</Data>
<Data>6c0</Data>
<Data>01ce14e1af313fd9</Data>
<Data>C:\Windows\system32\svchost.exe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>ed3d01c4-80d4-11e2-9128-b499baa9e5e8</Data>
</EventData>
</Event>
I've searched and cannot seem to find any information as to what may be causing this, or even really where to start. Would someone be able to help me identify what might be causing this event, specific with the Exception code: 0xc0000024, which causes
the Group Policy Client service to stop?You still out there looking at things? If so I have an update. The issue hasn't stopped, even though it did seemingly die down for awhile, however, it is now back with a vengeance.
I am able to force it to happen by killing the svchost process that is hosting GPSVC. If I run gpupdate /force, then logout/login it does get GPSVC running again. Furthermore, if I simply start svchost again via the Task Manager GPSVC starts running again.
When I access the server remotely with KVM it acts just like it does as if I'm logging into it via Citrix/RDP which for Admin IDs gives an error saying "Failed to connect to a windows service. Windows could not connect to the Group Policy Client service...",
however, normal user accounts just get a message when logging into the server "The Group Policy Client Service Failed the Logon. Access is denied."
I haven't opened a case with Microsoft yet, but we about ready to because of the increase in these errors.
If you have any further suggestions that would be great, otherwise I'll provide an update once I get word back from Microsoft.
**EDIT -- apparently I mistook the the server's SCM's actions as my own. I was able to successfully crash the GPSVC service by killing the hosting svchost process, however, after I crashed it and let it sit crashed for awhile when I attempted
to restart either by starting a svchost task, or running gpupdate /force it failed. Either that, or there is a timing issue where if we don't restart the svchost process, or run gpupdate /force quickly enough it won't be able to recover without a reboot. -
We have migrated machines using ADMT tool but we have found some window 7 machines Group policy issues. We see that the computer GP is getting from the new domain but the users profile still has the old domain GP information. Any help on
removing the old GP objects and forcing the new domain User policy would be great. We have tried the basic troubleshooting gpupdate /force reboot etc.
ThanksHi,
Sorry for the delayed response.
First, please verify whether these domain users you mentioned belong to old domain or new domain.
If they belong to old domain the GP is right with no problem. If they belong to new, try following suggestions.
Please test these steps in one of the problematic computer. If it worked, then go on for others.
To avoid unexpected problems, please backup your register keys before following steps:
Open regedit.exe, and delete following keys:
HKLM\Software\Policies\Microsoft Key (looks like a folder).
HKCU\Software\Policies\Microsoft Key.
HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects Key.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies key
Exit the registry and restart.
Note: HKLM = HKEY_LOCAL_MACHINE & HKCU = HKEY_CURRENT_USER
If you have any feedback on our support, please click
here
Keep post.
Kate Li
TechNet Community Support -
Group Policy - Computer preference - Schedule task creation
Hello,
We are getting error while applying schedule task creation GPO (from Windows 2012) to system windows 2008 R2.
Group Policy object did not apply because it failed with error code '0x80041316 The task XML contains an unexpected node.' This error was suppressed.
As recommended in many threads, we have made the settings to run the schedule task with user which is "NT Authority\System" (selected user manully from Damain -> Building group -> System). After changing, we observe that task is getting
created but we keep on getting warning messages in event viewer. In GPO -> schedule task -> setting is to "update" schedule task (not create or replace).
Below is excerpt from traces file while applying GP.
-------2015-02-11 09:41:22.976 [pid=0x35c,tid=0x934] RunOnce value created [SUCCEEDED(S_FALSE)]
2015-02-11 09:41:23.039 [pid=0x35c,tid=0x934] RunOnce value created [SUCCEEDED(S_FALSE)]
2015-02-11 09:41:23.039 [pid=0x35c,tid=0x934] RunOnce value created [SUCCEEDED(S_FALSE)]
2015-02-11 09:41:23.039 [pid=0x35c,tid=0x934] Read GPE XML data file (3146 bytes total).
2015-02-11 09:41:23.039 [pid=0x35c,tid=0x934] RunOnce value created [SUCCEEDED(S_FALSE)]
2015-02-11 09:41:23.070 [pid=0x35c,tid=0x934] RunOnce value created [SUCCEEDED(S_FALSE)]
2015-02-11 09:41:23.085 [pid=0x35c,tid=0x934] Properties handled. [ hr = 0x80041316 "The task XML contains an unexpected node." ]
2015-02-11 09:41:23.085 [pid=0x35c,tid=0x934] Error suppressed. [ hr = 0x80041316 "The task XML contains an unexpected node." ]
2015-02-11 09:41:23.085 [pid=0x35c,tid=0x934] Completed get next GPO. [SUCCEEDED(S_FALSE)]
2015-02-11 09:41:23.085 [pid=0x35c,tid=0x934] WQL : SELECT * FROM RSOP_PolmkrSetting WHERE polmkrBaseCseGuid = "{AADCED64-746C-4633-A97C-D61349046527}"
2015-02-11 09:41:23.101 [pid=0x35c,tid=0x934] Purged 2 old RSoP entries.
2015-02-11 09:41:23.101 [pid=0x35c,tid=0x934] Logging 2 new RSoP entries.
2015-02-11 09:41:23.101 [pid=0x35c,tid=0x934] RSoP Entry 0
2015-02-11 09:41:23.117 [pid=0x35c,tid=0x934] RSoP Entry 1
2015-02-11 09:41:23.117 [pid=0x35c,tid=0x934] Completed get GPO list. [SUCCEEDED(S_FALSE)]
Any input will be helpful.
Thank you.Hi Martin,
Please find it below
<?xml version="1.0" encoding="UTF-8"?>
-<ScheduledTasks clsid="{CC63F200-7309-4ba0-B154-A71CD118DBCC}">-<TaskV2 clsid="{D8896631-B747-47a7-84A6-C155337F3BC8}" removePolicy="0" userContext="0" uid="{1E0044F0-305A-48ED-A432-DDF4E5AB50BC}"
changed="2015-02-11 09:07:27" image="2" name="AssetExplorer">-<Properties name="AssetExplorer" logonType="S4U" runAs="NT AUTHORITY\System" action="U">-<Task version="1.2">-<RegistrationInfo><Author>domain2\useradmin</Author><Description>Asset
Explorer</Description></RegistrationInfo>-<Principals>-<Principal id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>S4U</LogonType><RunLevel>LeastPrivilege</RunLevel></Principal></Principals>-<Settings>-<IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>P1D</ExecutionTimeLimit><Priority>7</Priority></Settings>-<Triggers>-<CalendarTrigger><StartBoundary>2015-02-05T23:00:00</StartBoundary><Enabled>true</Enabled>-<ScheduleByDay><DaysInterval>1</DaysInterval></ScheduleByDay><ExecutionTimeLimit>P1D</ExecutionTimeLimit></CalendarTrigger></Triggers>-<Actions
Context="Author">-<Exec><Command>\\domain\NETLOGON\Global\mycommand.cmd</Command></Exec></Actions></Task></Properties></TaskV2> -<TaskV2 clsid="{D8896631-B747-47a7-84A6-C155337F3BC8}"
removePolicy="0" userContext="0" uid="{0C27559B-07A6-4F36-A400-0D769B62BE93}" changed="2015-02-11 09:16:50" image="2" name="AssetExplorer">-<Properties name="AssetExplorer" logonType="S4U"
runAs="NT AUTHORITY\System" action="U">-<Task version="1.1">-<RegistrationInfo><Author>domain2\useradmin</Author><Description>Asset Explorer</Description></RegistrationInfo>-<Principals>-<Principal
id="Author"><UserId>NT AUTHORITY\System</UserId><LogonType>S4U</LogonType><RunLevel>LeastPrivilege</RunLevel></Principal></Principals>-<Settings>-<IdleSettings><Duration>PT5M</Duration><WaitTimeout>PT1H</WaitTimeout><StopOnIdleEnd>false</StopOnIdleEnd><RestartOnIdle>false</RestartOnIdle></IdleSettings><MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy><DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries><StopIfGoingOnBatteries>false</StopIfGoingOnBatteries><AllowHardTerminate>false</AllowHardTerminate><AllowStartOnDemand>false</AllowStartOnDemand><Enabled>true</Enabled><Hidden>false</Hidden><ExecutionTimeLimit>P1D</ExecutionTimeLimit><Priority>7</Priority></Settings>-<Actions
Context="Author">-<Exec><Command>\\domain\NETLOGON\Global\mycommand.cmd</Command></Exec></Actions>-<Triggers>-<CalendarTrigger><StartBoundary>2015-02-05T23:00:00</StartBoundary><Enabled>true</Enabled>-<ScheduleByDay><DaysInterval>1</DaysInterval></ScheduleByDay><ExecutionTimeLimit>P1D</ExecutionTimeLimit></CalendarTrigger></Triggers></Task></Properties></TaskV2>
</ScheduledTasks> -
FEP Desktop Policies not compatible with GPMC Group Policy Results
Hello,
After aplying FEP default desktop policy I am not able to see Group Policy Results - policies for that computer.
I get this error:
The following errors were encountered: Registry value "%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs" is of unexpected type.
This is a standard exclusion in the installed FEP policy.
You can see only this error and nothing more. Sometimes it is another error mostly over registry value 2 or 3 or 4. It depens although the policy does not change.
I tested it by deleting all other policies from that OU. The only one Default Desktop policy was linked to it.
Also without FEP policy applied it workd as expected.
Is this a known issue?Hello,
After aplying FEP default desktop policy I am not able to see Group Policy Results - policies for that computer.
I get this error:
The following errors were encountered: Registry value "%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs" is of unexpected type.
This is a standard exclusion in the installed FEP policy.
You can see only this error and nothing more. Sometimes it is another error mostly over registry value 2 or 3 or 4. It depens although the policy does not change.
I tested it by deleting all other policies from that OU. The only one Default Desktop policy was linked to it.
Also without FEP policy applied it workd as expected.
Is this a known issue?
It's still a problem. No-one has fixed it.
-=Chris -
When using Group policy computer configuration control panel settings \printers you can specifiy both an IP address port and a path to the print server. Are these connections for local TCP\IP printers or for network print server printers. I am
not sure why I would have to specify path to server if they were local TCP\IP printers or vice\versa(specify IP address if they are only network printers).The best spot for Group Policy Preferences questions is in the Group Policy forum
http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverGP&filter=alltypes&sort=lastpostdesc
However, since they included this print related setting I do know what you are asking about.
The share is used to get the print driver installed on the client for adding the local printer. This will not work if you use type 4 print drivers since the drivers are not downloaded to the clients and the GPP printing scenario falls apart here.
I totally agree with you that this is confusing, however, as a print server admin, what I would do is create one share for each print driver that you need to install on the clients. If you have 80 printers that can use the same driver, create one share
and just update the GPP data with the IP for the specific device.
I would not use a print server to act as a software distribution point if the number of clients on your network is less than 100. Setup a Win7 or Win8 machine with the shares.
Alan Morris Windows Printing Team -
Hi there,
Please can anyone instruct me on how to set up Group Policy to clear down MRU lists and to clear or to prevent user login details for programs such as Remote Desktop from being recorded. Your help would be much appreciated.
Kind regards,
RocknRollTim
P.S. I was redirected by a forum user off the Microsoft Community forum.Hi RocknRollTim,
Agree with Jason. Using a script will be a better option.
Just addition, for history of RDP Connections, please open Registry Editor and follow the path:
HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default. Please check if find MRU registry items where the name (or the IP address) of the terminal server is kept in.
Please also follow the path: HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers. It contains
the list of all RDC (remote desktop client) connections that have ever been established from this computer.
When expand Server folder and select a node, you will see the UsernameHint key that show the name of the user connected by rdp.
Please back up registry items to avoid unexpected issues before any operation.
If any update, please feel free to let us know.
Hope this helps.
Best regards,
Justin Gu
Thank you for responding back Justin Gu and I agree with both you and Jason Miller that a script can easily achieve this task. Thank you all for your help.
Many thanks,
RocknRollTim
Maybe you are looking for
-
How do I add text to existing PDF files using Acrobat Pro10.1?
I upgraded to Acrobat Pro just so that I would be able to complete blank forms send to me as PDF files. But sometimes I can edit them and sometimes I cannot. And the "help" does mention anything as ordinary as form filling. FoxLuca
-
OEL 56 and Oracle validated rpm server will not reboot.
[root@stage-rac21 admin]# up2date -i oracle-validated Fetching Obsoletes list for channel: ol5_x86_64_latest... Fetching Obsoletes list for channel: el5_x86_64_oracle... Fetching rpm headers... Name Version Rel oracle-validated 1.1.0 7.el5 x86 Testin
-
Like the title says, after the most recent update of iTunes (11.1.2) on my MacBookPro (OS X 10.6.8) when I go to the store My Wish List is no longer populated with selections that I have made to consider purchasing, and under Purchased it shows that
-
What is this icon in Customize page ?
i want to move my addons and arrange addons in my favorite place and order but it seems some addons are stick together in a block named "Status Bar" and i can't move them one by one. this image: http://i.imgur.com/mrWGsnu.png what should i do?
-
Can u suggest me OBIEE 10g demo videos or tutorial videos ?
Hi We are using ORACLE EPM 11 right now and we are moving to OBIEE 10g. So, can u please suggest me some sites for "OBIEE 10g demo videos OR tutorial videos" that would be very helpful to me. Best Regards Vinod.