Announcement

Collapse
No announcement yet.

GP thru Firewall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • GP thru Firewall

    all,
    I have an exchange CAS server that is showing the APPLYING DESKTOP SETTINGS forever at login and start-up. Looking in the event logs I see it most likely is group policy trying to get assigned to the box. (errors after so many seconds)

    How can I block the GP from hitting this box....

    If I remeber I can block it somewhere in the GP console.

    Thanks for any help..

  • #2
    Re: GP thru Firewall

    You don't mention which AD you are running.

    How deep is your OU structure, where is your server in this structure? Can you see which policies apply?

    On a side note as well, have you got GCs in the site the CAS server is in and can it resolve DNS etc ok?

    What errors do you see in the event log?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: GP thru Firewall

      Server domain and forest is in server 03 level

      We have a Infrastructure server ou, nested in there is a exchange server ou, all servers are in there.

      There is no DC in the DMZ, but the firewall rules are set to any/any for this box to get to the dc's internally...

      ERRORS:

      The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
      a) Name Resolution failure on the current domain controller.
      b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

      The session setup to the Windows NT or Windows 2000 Domain Controller \\io-XXX-dc-01.corp.ioCCCCCs.com for the domain CORP-IXXC is not responsive. The current RPC call from Netlogon on \\IO-XXX-EX-F-01 to \\io-XXX-dc-01.corp.iCCCCCs.com has been cancelled.

      Comment


      • #4
        Re: GP thru Firewall

        Originally posted by AndyJG247 View Post
        You don't mention which AD you are running.

        How deep is your OU structure, where is your server in this structure? Can you see which policies apply?

        On a side note as well, have you got GCs in the site the CAS server is in and can it resolve DNS etc ok?

        What errors do you see in the event log?
        So I just set "block policy inherit.." on the exchange servers OU, went to the CAS server, ran gpupdate, got the same:

        The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
        a) Name Resolution failure on the current domain controller.
        b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

        Comment


        • #5
          Re: GP thru Firewall

          Originally posted by jimbiddle View Post
          The session setup to the Windows NT or Windows 2000 Domain Controller \\io-XXX-dc-01.corp.ioCCCCCs.com for the domain CORP-IXXC is not responsive. The current RPC call from Netlogon on \\IO-XXX-EX-F-01 to \\io-XXX-dc-01.corp.iCCCCCs.com has been cancelled.
          Check for firewalls and name resolution. How is everything setup?
          Is exchange on 2008 running IPV6?
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment

          Working...
          X