Announcement

Collapse
No announcement yet.

"The processing of Group Policy failed"

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • "The processing of Group Policy failed"

    Hey,

    I have 2 virtual 2012 Standard servers with 2 DCs that are having issues replicating the Policies folder. Doesnt matter what new policy I make I always get this dreaded message when attempting to "gpupdate /force".
    DNS is working just fine.
    Time is synced between the 2 servers.
    PDC shows successful DFSR attempts at the secondary DC.
    On the other hand, it looks like the secondary DC is only trying to communicate with itself for some reason...

    "The DFS Replication service successfully contacted domain controller DEV-DC.nayaxvend.int to access configuration information".
    DEV-DC is the secondary domain controller.

    Where could I go on from here?

    I was thinking maybe to demote and promote that problematic server to a DC again.


    Thanks
    Last edited by xcalibur; 9th January 2014, 15:59.

  • #2
    Re: "The processing of Group Policy failed"

    If it were me, I'd probably go ahead and do the demote/promote procedure. You only have the 2 DCs, so it shouldn't take very long. Just make sure any roles run by the second DC are transferred to the first and ensure that the first DC is your primary DNS server in the DHCP scope (unless, of course, you use a separate DNS server). There's a good chance it could fix the problem and would likely be faster than troubleshooting it.

    Comment


    • #3
      Re: "The processing of Group Policy failed"

      1. Gpupdate doesn't have anything to do with AD replication.

      2. Check the DNS client settings on the second DC. It should point to the first DC for primary DNS and to itself for secondary DNS.

      3. Vice versa on the primary DC for it's DNS client settings.

      Comment


      • #4
        Re: "The processing of Group Policy failed"

        Originally posted by joeqwerty View Post
        1. Gpupdate doesn't have anything to do with AD replication.

        2. Check the DNS client settings on the second DC. It should point to the first DC for primary DNS and to itself for secondary DNS.

        3. Vice versa on the primary DC for it's DNS client settings.

        It actually does.
        If there's no replication, group policy will naturally fail.
        As I already mentioned, DNS is perfectly fine.

        Comment


        • #5
          Re: "The processing of Group Policy failed"

          DFSR dirty recovery to the rescue:

          http://support.microsoft.com/kb/2218556

          I had no replication whatsoever of SYSVOL and NETLOGON.
          Even worse, after demoting and promoting the server, SYSVOL was gone.

          Authorized Recovery saved the day

          Comment


          • #6
            Re: "The processing of Group Policy failed"

            Originally posted by xcalibur View Post
            It actually does.
            If there's no replication, group policy will naturally fail.
            As I already mentioned, DNS is perfectly fine.
            Well, that would suggest networks with only one DC couldn't apply group policy. Group policy will fail if it hits a DC where replication was incomplete, but it shouldn't shut down policy application universally.

            Comment


            • #7
              Re: "The processing of Group Policy failed"

              Originally posted by xcalibur View Post
              It actually does.
              If there's no replication, group policy will naturally fail.
              As I already mentioned, DNS is perfectly fine.
              My point was that running gpupdate does not initiate replication. I suppose gpupdate could be used as a method for testing whether or not replication has occurred by way of seeing if gpupdate fails, but that seems like a not very intuitive method.

              Comment


              • #8
                Re: "The processing of Group Policy failed"

                Originally posted by xcalibur View Post
                It actually does.
                If there's no replication, group policy will naturally fail.
                As I already mentioned, DNS is perfectly fine.
                GPUPDATE does not have anything to do with AD replication which is what Joe has stated.

                GPUPDATE is a client command that can be run to update any group policies that may have been changed since the last refresh.

                http://technet.microsoft.com/en-us/l.../bb490983.aspx

                If AD replication is failing you have more serious issues than GPO's not working right.

                DFSR is the mechanism for AD replication.

                http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx

                Comment

                Working...
                X