No announcement yet.

2 out of 6 PCs - GPO Policy events missing and slow to load

  • Filter
  • Time
  • Show
Clear All
new posts

  • 2 out of 6 PCs - GPO Policy events missing and slow to load


    I've done some digging, searched the net and this forum but seem to have a bit of quirky issue and not finding anyone else reporting the same issue. I apologise now if some has come across this and/or whether I'm missing something very obvious here.

    The setup is:

    1 x SBS 2008 server, fully patched
    6 x W7 Pro machines, fully patched and have Sophos AV
    1 x network switch
    1 x router

    All 6 machines are in the same OU with the same GPOs being applied, no security filtering. All use DHCP under the same scope

    All has been running fine up until a month ago where 2 of the W7 machines are taking ages to startup before login. Sometimes it'll be 10 minutes, other times it'll be 60 minutes even random times.

    It also only happens when both machines are shutdown for the evening (it's a 9-5 office) and then started back up in the morning. Once the initial slow login is done then following reboots during that day is fast. If I leave the machines on overnight then when the user logs on in the morning, it's very quick.

    Once loaded, either when it's been slow to start or not, it's fine, the network shares, internet, etc is fantastic.

    However, if I use GPO Manager to give me GPO results on these two machines, the Policy Events window on each machine is empty. No errors, nothing.

    If I use the SBS console, network and look at the client computers, the status reports either online or offline and other alerts as "OK". The security and update status are either "Not available" or "Unknown".

    If I try to connect to the PCs event viewer from the server I get access denied on all logs, regardless of logging in as it's local admin or domain admin on the event viewer of that machine.

    To me it suggests either DNS, firewall or GPO issue

    I've checked the following over the last two weeks

    - Tested another switch
    - Replaced ethernet cables
    - Removed Sophos AV
    - IP settings on the machines match the DHCP scope for them
    - DNS settings points to the server and match the working clients
    - Disabled firewall on client and server via GPO
    - Sophos firewall has never been enabled
    - GPUpdate /force
    - Disabled all startup and shutdown scripts except the default ClientAgent.vbs
    - check the drivers on the machines, all 6 machines are identical and bought at the same time.
    - Nothing has been configured on any GPO for
    Computer Configuration/Admin Temp/System/Group Policy - so it is out of the box settings.

    Unfortunately, I haven't tried

    - Taking them out of the domain and see if the problem occurs, difficult to do because they're needed machines and because the issue only occurs next morning its quite hard to organise that.

    - Havent yet looked at the operational log for GPO on each machine, will do that today.

    - Haven't moved the two offending machines out of the OU into another one.

    What I would like help with first

    Is why the GPO Manager, results of each machine is not displaying Policy Events even when I rerun the query and select refresh. If I had that then it would make life a lot easier to troubleshoot - I do work remotely so trying to minimise visits to them if possible

    Thanks in advance on this one, hope someone can help me
    Last edited by haroldlondon; 19th January 2012, 07:11. Reason: Forgot some information

  • #2
    Re: 2 out of 6 PCs - GPO Policy events missing and slow to load

    Ok - solved the missing policy events issue in the group policy management tool.

    It was because the Windows SBS client policy was missing administrator and/or domain admin group in the Restricted Groups "Administrators".

    Thinking about it, it would logically need that in order to access event viewer and the policy results.

    However, the policy events dont show any signs of an issue with GPOs.

    The firewalls are definitely off, double checked the clients and server.

    One thing that has occured to me is their profiles are redirected from the server so Im wondering with the likes of Google Earth in their profile whether its something like massive profiles being dragged over the network.


    • #3
      Re: 2 out of 6 PCs - GPO Policy events missing and slow to load

      Could be roaming profiles -- try redirecting as many folders as possible to reduce the size

      Also, have you tried disabling Sophos as AV can often slow things up
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd

      ** Remember to give credit where credit is due and leave reputation points where appropriate **