Announcement

Collapse
No announcement yet.

GPO Not Working

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • GPO Not Working

    Ive created a DOMAIN name GreatBay.local. Ive created a Organization Unit (OU) called Restricted Group. Ive created two new users named test and test1.

    However, its not working.

    See attachment.


    Server: Windows 2003 running Exchange 2003 SP2
    Domain name (Pre-Windows 2000): GREATBAY
    Domain functional Level: Windows 2000 mixed
    Forest functional Level: Windows 2000
    Attached Files

  • #2
    Re: GPO Not Working

    Have you checked to see if the policy is getting applied? (RSoP in logging mode or gpresults)
    Did you run gpupdate on the client? Did you log off then log on?
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: GPO Not Working

      I ran on the server:
      C:\>gpupdate /force
      Refreshing Policy...

      User Policy Refresh has completed.
      Computer Policy Refresh has completed.

      To check for errors in policy processing, review the event log.

      Then I ran gpresult on both machines

      From the Windows 2003 Server:
      C:\>gpresult /s spare11 >gp-spare11.txt
      ERROR: The RPC server is unavailable.

      From the PC itself:
      C:\>gpresult
      INFO: The policy object does not exist.

      How do I fix The RPC error?

      Comment


      • #4
        Re: GPO Not Working

        OK, one more time:
        Originally posted by JeremyW View Post
        Did you run gpupdate on the client? Did you log off then log on?
        What OS is the client?


        From http://www.microsoft.com/technet/pro...1/adogd12.mspx
        The "RPC server unavailable" error can occur for the following reasons:

        DNS problems

        Time synchronization problem

        RPC service is not running

        Network connectivity problem
        Can you post the out put of gpresults?
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: GPO Not Working

          Ooops
          I ran gpupdate on both machines.

          From the Windows 2003 Server:
          C:\>gpresult /s spare11 >gp-spare11.txt
          ERROR: The RPC server is unavailable.

          From the PC (Windows XP sp2 - spare11) itself:
          C:\>gpupdate
          Refreshing Policy...
          User Policy Refresh has completed.
          Computer Policy Refresh has completed.

          From the PC (Windows XP sp2 - spare11) itself:
          C:\>gpresult
          INFO: The policy object does not exist.

          The "RPC server unavailable" error can occur for the following reasons:

          DNS problems
          Not sure how to check for this. I am using an external DNS

          Time synchronization problem
          Not sure how to check for this

          RPC service is not running
          The Remote Procedure Call (RPC) on the winXP PC is running.

          Network connectivity problem
          I'm able to VNC into the PC

          Comment


          • #6
            Re: GPO Not Working

            Ah, so that's the entire output of gpresults?

            Can you please post a diagram of your network? I think we may be dealing with some topology issues.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: GPO Not Working

              Using an external DNS?

              Has the Domain regsitered it's SRV records in this external DNS service? If not, that's your issue; you MUST have a DNS which is capable of accepting the SRV records from your AD Domain for AD to work...

              By the way, just one niggly little thing... the name of your OU. I would steer well clear of giving OU's names that contain the word "Group"... it will just lead to immense confusion when you're trying to figure out what's going on with GPO's, filtering and so on - ESPECIALLY if you're trying to describe it to someone else.


              Tom
              For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

              Anything you say will be misquoted and used against you

              Comment


              • #8
                Re: GPO Not Working

                also check if the users are in the apply to... in the gpo i think you can see it in the gpmc in one of the tabs from the gpo...
                MCSE 2000 Done
                RHCE Done

                Comment


                • #9
                  Re: GPO Not Working

                  Originally posted by yaniv View Post
                  also check if the users are in the apply to... in the gpo i think you can see it in the gpmc in one of the tabs from the gpo...
                  How do I check for this? Ive just installed the new Microsoft GPMC (Group Policy Management Console with Service Pack 1).

                  Comment


                  • #10
                    Re: GPO Not Working

                    Okay you guys asked for a lot of info. Let me know if I missed anything.

                    Ive just installed the new Microsoft GPMC (Group Policy Management Console with Service Pack 1). Below you will see snapshot of my GPO setup.

                    I checked out the following:
                    How to Verify the Creation of SRV Records for a Domain Controller - Q241515

                    In our Windows 2003 server I typed in the following at the command prompt:
                    C:\>nslookup
                    Default Server: vnsc-pri.sys.gtei.net
                    Address: 4.2.2.1

                    > set type=all
                    > _ldap._tcp.dc._msdcs.greatbay
                    Server: vnsc-pri.sys.gtei.net
                    Address: 4.2.2.1

                    *** vnsc-pri.sys.gtei.net can't find _ldap._tcp.dc._msdcs.greatbay: Non-existent
                    domain
                    >

                    What does the above mean?

                    I hope I answered all your questions. I hope these diagrams help. I understand, its better to see it than have it explained.
                    Attached Files

                    Comment


                    • #11
                      Re: GPO Not Working

                      More diagrams
                      Attached Files

                      Comment


                      • #12
                        Re: GPO Not Working

                        OK, I'm positive this is a DNS/topology issue.
                        Can you run ipconfig /all on the server and the client and post the output?
                        Is the DC setup as a DNS server?
                        Where on the diagram are the client and server?
                        Regards,
                        Jeremy

                        Network Consultant/Engineer
                        Baltimore - Washington area and beyond
                        www.gma-cpa.com

                        Comment


                        • #13
                          Re: GPO Not Working

                          Are the DNS Servers 200.84.253.11 and 200.84.253.12 internal or external? If they are internal, are they the ones with the AD SRV records on them? Are they configured to forward all internet requests to external DNS on 4.2.2.1 and 4.2.2.2? What are the DNS Servers on the IP configuration of your domain controller? Can you PING that DNS pair from the DC?

                          All helpful info - questions taken from your network diagram.


                          Tom
                          For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                          Anything you say will be misquoted and used against you

                          Comment


                          • #14
                            Re: GPO Not Working

                            Can you run ipconfig /all on the server and the client and post the output?

                            IPCONFIG/ALL

                            From the Windows 2003 server:
                            C:\>ipconfig/all

                            Windows IP Configuration

                            Host Name . . . . . . . . . . . . : GBSERVER5
                            Primary Dns Suffix . . . . . . . : GreatBay.local
                            Node Type . . . . . . . . . . . . : Hybrid
                            IP Routing Enabled. . . . . . . . : Yes
                            WINS Proxy Enabled. . . . . . . . : No
                            DNS Suffix Search List. . . . . . : GreatBay.local

                            Ethernet adapter Local Area Connection 2:

                            Connection-specific DNS Suffix . :
                            Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
                            Physical Address. . . . . . . . . : 00-13-72-40-01-1B
                            DHCP Enabled. . . . . . . . . . . : No
                            IP Address. . . . . . . . . . . . : 192.168.1.14
                            Subnet Mask . . . . . . . . . . . : 255.255.255.0
                            Default Gateway . . . . . . . . . : 192.168.1.9
                            DNS Servers . . . . . . . . . . . : 4.2.2.1
                            4.2.2.2
                            127.0.0.1
                            Primary WINS Server . . . . . . . : 192.168.1.108

                            From The Windows XP sp2 Client:

                            C:\Documents and Settings\test1.GREATBAY>ipconfig/all

                            Windows IP Configuration

                            Host Name . . . . . . . . . . . . : SPARE11
                            Primary Dns Suffix . . . . . . . : GreatBay.local
                            Node Type . . . . . . . . . . . . : Hybrid
                            IP Routing Enabled. . . . . . . . : No
                            WINS Proxy Enabled. . . . . . . . : No
                            DNS Suffix Search List. . . . . . : GreatBay.local

                            Ethernet adapter Local Area Connection:

                            Connection-specific DNS Suffix . :
                            Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet
                            Controller (3C905C-TX Compatible)
                            Physical Address. . . . . . . . . : 00-0D-56-74-E5-4A
                            Dhcp Enabled. . . . . . . . . . . : Yes
                            Autoconfiguration Enabled . . . . : Yes
                            IP Address. . . . . . . . . . . . : 192.168.100.26
                            Subnet Mask . . . . . . . . . . . : 255.255.255.0
                            Default Gateway . . . . . . . . . : 192.168.1.9
                            DHCP Server . . . . . . . . . . . : 192.168.100.10
                            DNS Servers . . . . . . . . . . . : 4.2.2.1
                            4.2.2.2
                            Primary WINS Server . . . . . . . : 192.168.1.108
                            Lease Obtained. . . . . . . . . . : Friday, January 05, 2007 11:38:33 AM

                            Lease Expires . . . . . . . . . . : Friday, January 05, 2007 12:38:33 PM

                            Is the DC setup as a DNS server?
                            I avoided using an internal DNS on our network. I have our Exchange 2003 sp2 on the same Win2003 server, GBSERVER5 DNS setup using an external DNS 4.2.2.1 and 4.2.2.2. And the PCs on our network is using the same external DNS.

                            Where on the diagram are the client and server? The server is in VLAN1, the 192.168.1.0/24 subnet and... Ooops, I created another subnet 192.168.100.0/24. It branches from our Cisco Management Switch 192.168.1.6.

                            Are the DNS Servers 200.84.253.11 and 200.84.253.12 internal or external? external, this our backup Default Gateway
                            If they are internal, are they the ones with the AD SRV records on them? External, not sure, need more info on SRV.
                            Are they configured to forward all internet requests to external DNS on 4.2.2.1 and 4.2.2.2? Our Main external DNS is 4.2.2.1 and 4.2.2.2.
                            What are the DNS Servers on the IP configuration of your domain controller? 4.2.2.1 and 4.2.2.2. We use this DNS throughout our entire network.
                            Can you PING that DNS pair from the DC? DC meaning Domain Controller our Win2003 server, yes.

                            Hope this answers all the questions.

                            Altogether, we have over 300 PC's on a peer-to peer network. I've just created a domain to centrally maintain the network through a DOMAIN. For testing purposes, I have 4 PC's connected to the domain. They are Windows XP's with SP2, and one Windows 2000 work station.

                            I really like to get the GPO to work on our network.

                            Thank you for all your input.

                            Comment


                            • #15
                              Re: GPO Not Working

                              I'm gonna go out on a limb and say that your DNS is the issue

                              So who is in control of your external DNS servers?
                              Is Exchange functioning?

                              Active Directory (and Exchange) rely heavily on DNS. There needs to be an internal DNS server for Active Directory to work. (technically, it is possible to setup an external DNS but this is a huge security risk)
                              Check out this http://www.petri.com/active_director...quirements.htm and scroll down to the DNS section.
                              Regards,
                              Jeremy

                              Network Consultant/Engineer
                              Baltimore - Washington area and beyond
                              www.gma-cpa.com

                              Comment

                              Working...
                              X