Announcement

Collapse
No announcement yet.

Group Policies not applying Windows Server 2008 R2

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Group Policies not applying Windows Server 2008 R2

    Hello,

    I have a few GPOs linked into OUs,but none of them apply.If I run gpresult /r on one of the client computers I get this:



    The processing of Group Policy failed. Windows could not apply the registry-base
    d policy settings for the Group Policy object LDAP://CN=User,cn={FDF06D2C-782F-4
    498-8A4C-18342880CFC2},cn=policies,cn=system,DC=gimo,DC=loc al. Group Policy sett
    ings will not be resolved until this event is resolved. View the event details f
    or more information on the file name and path that caused the failure.
    Computer policy could not be updated successfully. The following errors were enc
    ountered:

    The processing of Group Policy failed. Windows could not evaluate the Windows Ma
    nagement Instrumentation (WMI) filter for the Group Policy object cn={EAF42392-3
    29D-4219-81F7-A17F1F64E499},cn=policies,cn=system,DC=gimo,DC=loc al. This could b
    e caused by RSOP being disabled or Windows Management Instrumentation (WMI) ser
    vice being disabled, stopped, or other WMI errors. Make sure the WMI service is
    started and the startup type is set to automatic. New Group Policy objects or se
    ttings will not process until this event has been resolved.



    How can I solve this?

  • #2
    Moved to 2008R2 forum for better response.

    What do the event logs show?
    What is in the policies - computer or user settings? (Make sure if computer settings, applied to an OU with the computers and vice versa)
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Hello,

      I have exported some of the event logs as I am not sure what exactly to look for .Also have screenshot attached with the GPO and OU setup.

      I have run a WMI repository check and it shows consistent ,so I havent rung salvage command yet,as I am afraid it might cause issues.

      How do I proceed?

      Many Thanks,
      Attached Files

      Comment


      • #4
        The event log you need to be looking at is the on the computer that is not applying the policy. Not the domain controller. It should show int eh Application log or Applications and Services Logs/Microsoft/Windows/GroupPolicy log.

        https://technet.microsoft.com/en-us/...or=-2147217396
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Here it is,however this is just on my computer.The GPOs are not applying for anyone.
          Attached Files

          Comment


          • #6
            Looks like the computer is having issue finding the DC:

            Error,16/06/2017 08:00:27,Microsoft-Windows-GroupPolicy,7007,None,Periodic policy processing failed for user GIMO\vladislav.antonov in 18 seconds.
            Error,16/06/2017 08:00:27,Microsoft-Windows-GroupPolicy,7320,None,Error: Failed to register for connectivity notification. Error code 0x4CE.
            Error,16/06/2017 08:00:27,Microsoft-Windows-GroupPolicy,7326,None,Group Policy failed to discover the Domain Controller details in 0 milliseconds.
            Has anything changed recently? Especially around DNS? Are the computers using an internal DNS server and is the server up to date on it's active directory records?
            Also run dcdiag on the DC and make sure things look healthy.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Has anything changed recently? I am not aware of any change
              Are the computers using an internal DNS server? yes,10.10.0.9 and 10.10.0.11 or something like that.
              is the server up to date on it's active directory records?not sure if I understand this one.I can connect new computers to the domain fine and create domain accounts,only the GPOs are not working


              C:\Windows\system32>dcdiag

              Directory Server Diagnosis

              Performing initial setup:
              Trying to find home server...
              Home Server = server00
              * Identified AD Forest.
              Done gathering initial info.

              Doing initial required tests

              Testing server: Default-First-Site-Name\SERVER00
              Starting test: Connectivity
              ......................... SERVER00 passed test Connectivity

              Doing primary tests

              Testing server: Default-First-Site-Name\SERVER00
              Starting test: Advertising
              ......................... SERVER00 passed test Advertising
              Starting test: FrsEvent
              ......................... SERVER00 passed test FrsEvent
              Starting test: DFSREvent
              ......................... SERVER00 passed test DFSREvent
              Starting test: SysVolCheck
              ......................... SERVER00 passed test SysVolCheck
              Starting test: KccEvent
              ......................... SERVER00 passed test KccEvent
              Starting test: KnowsOfRoleHolders
              ......................... SERVER00 passed test KnowsOfRoleHolders
              Starting test: MachineAccount
              ......................... SERVER00 passed test MachineAccount
              Starting test: NCSecDesc
              ......................... SERVER00 passed test NCSecDesc
              Starting test: NetLogons
              ......................... SERVER00 passed test NetLogons
              Starting test: ObjectsReplicated
              ......................... SERVER00 passed test ObjectsReplicated
              Starting test: Replications
              ......................... SERVER00 passed test Replications
              Starting test: RidManager
              ......................... SERVER00 passed test RidManager
              Starting test: Services
              ......................... SERVER00 passed test Services
              Starting test: SystemLog
              An error event occurred. EventID: 0x00000457
              Time Generated: 06/30/2017 20:26:43
              Event String:
              Driver Brother HL-2280DW Printer required for printer Brother HL-2280DW Printer is unkno
              wn. Contact the administrator to install the driver before you log in again.
              An error event occurred. EventID: 0x00000457
              Time Generated: 06/30/2017 20:26:44
              Event String:
              Driver HP Universal Printing PCL 5 required for printer HP Universal Printing PCL 5 is u
              nknown. Contact the administrator to install the driver before you log in again.
              An error event occurred. EventID: 0x00000457
              Time Generated: 06/30/2017 20:26:44
              Event String:
              Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the admini
              strator to install the driver before you log in again.
              An error event occurred. EventID: 0x00000457
              Time Generated: 06/30/2017 20:26:46
              Event String:
              Driver HP Universal Printing PCL 6 required for printer HP LaserJet 400 colorMFP M475dw
              UPD PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
              An error event occurred. EventID: 0x00000457
              Time Generated: 06/30/2017 20:26:46
              Event String:
              Driver Brother HL-L8250CDN series required for printer Main Printer Ground Floor is unkn
              own. Contact the administrator to install the driver before you log in again.
              An error event occurred. EventID: 0x00000457
              Time Generated: 06/30/2017 20:26:47
              Event String:
              Driver HP Universal Printing PCL 6 required for printer Printer in front of Saj's is unk
              nown. Contact the administrator to install the driver before you log in again.
              An error event occurred. EventID: 0x00000457
              Time Generated: 06/30/2017 20:26:47
              Event String:
              Driver HP Universal Printing PCL 6 required for printer HP Universal Printing PCL 6 is u
              nknown. Contact the administrator to install the driver before you log in again.
              An error event occurred. EventID: 0x00000457
              Time Generated: 06/30/2017 20:26:48
              Event String:
              Driver Send to Microsoft OneNote 16 Driver required for printer Send To OneNote 2016 is
              unknown. Contact the administrator to install the driver before you log in again.
              An error event occurred. EventID: 0x00000457
              Time Generated: 06/30/2017 20:26:48
              Event String:
              Driver Samsung CLX-3180 Series required for printer Samsung CLX-3180 Series is unknown.
              Contact the administrator to install the driver before you log in again.
              ......................... SERVER00 failed test SystemLog
              Starting test: VerifyReferences
              ......................... SERVER00 passed test VerifyReferences


              Running partition tests on : ForestDnsZones
              Starting test: CheckSDRefDom
              ......................... ForestDnsZones passed test CheckSDRefDom
              Starting test: CrossRefValidation
              ......................... ForestDnsZones passed test CrossRefValidation

              Running partition tests on : DomainDnsZones
              Starting test: CheckSDRefDom
              ......................... DomainDnsZones passed test CheckSDRefDom
              Starting test: CrossRefValidation
              ......................... DomainDnsZones passed test CrossRefValidation

              Running partition tests on : Schema
              Starting test: CheckSDRefDom
              ......................... Schema passed test CheckSDRefDom
              Starting test: CrossRefValidation
              ......................... Schema passed test CrossRefValidation

              Running partition tests on : Configuration
              Starting test: CheckSDRefDom
              ......................... Configuration passed test CheckSDRefDom
              Starting test: CrossRefValidation
              ......................... Configuration passed test CrossRefValidation

              Running partition tests on : gimo
              Starting test: CheckSDRefDom
              ......................... gimo passed test CheckSDRefDom
              Starting test: CrossRefValidation
              ......................... gimo passed test CrossRefValidation

              Running enterprise tests on : gimo.local
              Starting test: LocatorCheck
              ......................... gimo.local passed test LocatorCheck
              Starting test: Intersite
              ......................... gimo.local passed test Intersite

              C:\Windows\system32>
              Last edited by parrot1553; 30th June 2017, 20:35.

              Comment


              • #8
                See if carrying out a specific DNS test highlights anything: https://social.technet.microsoft.com...explained.aspx

                - folks, where's the option to disable smilies?
                Last edited by Blood; 3rd July 2017, 15:12.
                A recent poll suggests that 6 out of 7 dwarfs are not happy

                Comment


                • #9
                  did that,there were some dns errors but I resolved most of them.Still GPOs not applying.

                  C:\Users\Administrator>dcdiag /test:dns

                  Directory Server Diagnosis

                  Performing initial setup:
                  Trying to find home server...
                  Home Server = server00
                  * Identified AD Forest.
                  Done gathering initial info.

                  Doing initial required tests

                  Testing server: Default-First-Site-Name\SERVER00
                  Starting test: Connectivity
                  ......................... SERVER00 passed test Connectivity

                  Doing primary tests

                  Testing server: Default-First-Site-Name\SERVER00

                  Starting test: DNS

                  DNS Tests are running and not hung. Please wait a few minutes...
                  ......................... SERVER00 passed test DNS

                  Running partition tests on : ForestDnsZones

                  Running partition tests on : DomainDnsZones

                  Running partition tests on : Schema

                  Running partition tests on : Configuration

                  Running partition tests on : gimo

                  Running enterprise tests on : gimo.local
                  Starting test: DNS
                  Summary of test results for DNS servers used by the above domain controllers:

                  DNS server: 2001:500:200::b (b.root-servers.net.)
                  1 test failure on this DNS server
                  PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.
                  0.0.ip6.arpa failed on the DNS server 2001:500:200::b
                  DNS server: 2001:500:2f::f (f.root-servers.net.)
                  1 test failure on this DNS server
                  PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.
                  0.0.ip6.arpa failed on the DNS server 2001:500:2f::f
                  DNS server: 2001:7fd::1 (k.root-servers.net.)
                  1 test failure on this DNS server
                  PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.
                  0.0.ip6.arpa failed on the DNS server 2001:7fd::1
                  DNS server: 2001:dc3::35 (m.root-servers.net.)
                  1 test failure on this DNS server
                  PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.
                  0.0.ip6.arpa failed on the DNS server 2001:dc3::35
                  ......................... gimo.local passed test DNS

                  C:\Users\Administrator>

                  Comment


                  • #10
                    bumpbumpbumpbump
                    Last edited by parrot1553; 10th July 2017, 01:05.

                    Comment


                    • #11
                      Have you seen this article: https://technet.microsoft.com/en-us/...or=-2147217396
                      A recent poll suggests that 6 out of 7 dwarfs are not happy

                      Comment


                      • #12
                        When a moderator or admin edits your post do NOT remove the edit. 2 week ban to read and absorb the forum rules

                        Original edit was not to bump your posts
                        Tom Jones
                        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                        PhD, MSc, FIAP, MIITT
                        IT Trainer / Consultant
                        Ossian Ltd
                        Scotland

                        ** Remember to give credit where credit is due and leave reputation points where appropriate **

                        Comment

                        Working...
                        X