+ Post New Thread
Results 1 to 11 of 11
Windows 7 Thread, First logon doesn't load GP... in Technical; Our new Windows 7 computers seem to have a weird problem; We built up a working Windows 7 image. When ...
  1. #1

    Join Date
    Nov 2010
    Location
    Liverpool, UK
    Posts
    178
    Thank Post
    10
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    First logon doesn't load GP...

    Our new Windows 7 computers seem to have a weird problem;

    We built up a working Windows 7 image. When we put that image onto the other computers, it all works fine. We change the name, configure one or two other little changes and reboot. Then we join the domain, and turn it off. Move the computer account into the correct GPO, and boot the PC up again.

    When the PC comes back on, and we log on with any working account, it doesn't load the user group policy. Logging off and back on immediately, and it works. It then works perfectly, seemingly forever more! It's only that first time we log on.

    EvenViewer displays:

    The description for Event ID 1085 from source Microsoft-Windows-GroupPolicy cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    1
    3961
    1
    2075
    1003
    Cannot complete this function.
    \\SIXTHFORM.Christ.local
    Folder Redirection
    {25537BA6-77A8-11D2-9B6C-0000F8080861}

    The handle is invalid
    I am to run a gpresult on the PC when I have reloaded the ghost image.

  2. #2

    Join Date
    Apr 2008
    Posts
    853
    Thank Post
    111
    Thanked 112 Times in 108 Posts
    Rep Power
    45
    Did you do any windows update before the imaging i.e. did you let them isntall first?

  3. #3

    Join Date
    Nov 2010
    Location
    Liverpool, UK
    Posts
    178
    Thank Post
    10
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    No, we didn't.

  4. #4
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Have a look here

    Event ID 1085 Source Userenv

    I have seen it when folder redirection is not working well.

    Richard

  5. #5

    Join Date
    Nov 2010
    Location
    Liverpool, UK
    Posts
    178
    Thank Post
    10
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by ricki View Post
    Have a look here

    Event ID 1085 Source Userenv

    I have seen it when folder redirection is not working well.

    Richard
    But why is it the first time you log on only? :S

  6. #6

    Join Date
    Mar 2007
    Posts
    1,762
    Thank Post
    79
    Thanked 290 Times in 221 Posts
    Rep Power
    86
    Some Gp's are only picked up at logon so wont show effect untill the second logon... Does that seem plausible for your policies?

  7. #7

    Join Date
    Nov 2010
    Location
    Liverpool, UK
    Posts
    178
    Thank Post
    10
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Well, the whole profile is scrubbed at log off. The policies are applied as follows:

    Staff:
    Default Domain Policy > Workstation policy > Staff policy

    Students:
    Default Domain Policy > Workstation policy > Students policy

    The default domain policy has barely been touched, so isn't really doing anything.

  8. #8

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,921
    Thank Post
    1,626
    Thanked 1,893 Times in 1,407 Posts
    Blog Entries
    2
    Rep Power
    429
    Have a script that forces GP Update before anything else kicks in?

  9. #9
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    HI

    My guess is that something in the group policies is causing a delay and other policies then start being applied and the problem one times out. I used to have it with proxy settings for ie. I was using a old adm that caused a delay and it would not apply first time. I have also seen it where a script or a policy in gpo were looking at the wrong location that would time out. Dns problems can also cause delays and so can dfs.

    I am not sure but the first time you get a profile it sets up a lot of things like you browser settings and if this is getting stuck on something. It could be cuasing the problem.

    The list can be endless.

  10. #10
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    HI

    I have an idea. Would you be willing to do some playing.

    Could you create a test user and place then in a new ou with blocked inheritance.

    Place a test computer in a test ou with blocked inheritance and then link one policy at a time and between tests delete the profile.

    If the tests start to apply it might be a policy that got setting incorrect or corrupt.

    Also does the computer wait for the domain before starting it can be set in group policy.

    My network is not as fast as some of my newest machines and I have to put a delay in and tell them to wait for the domain.

    Richard

  11. #11

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,625
    Thank Post
    49
    Thanked 460 Times in 336 Posts
    Rep Power
    140
    Do you have a Reverse DNS Zone?
    This issue is commonly caused by reverse DNS pollution.

    When you image the PC the Imaging Process will assign a netbios name to an IP address and register this in DHCP/DNS and more importantly create a Reverse entry if you have an RDNS zone.
    Eg - minint-123456.mydomain.local = 192.168.1.123 and 192.168.1.123 = minint-123456.mydomain.local

    Once the system has been renamed and joined to the domain proper, it will become PC0123.mydomain.local = 192.168.1.123

    You often will end up with two different netbiosnames with the same IP address.

    The inconsistency in the DNS/RDNS zones and machine names causes the GP to fail.
    This also applies to any other application the relies on reverse lookups in DNS (Sophos is commonly crippled by this phenomena)

    Check your DNS/RDNS Zones carefully and manually remove any erroneous or duplicated workstation records especially if you have been imaging PC's as it could take 7 days before the DNS and DHCP records fully reconcile which is when these strange issues suddenly disappear!

    Reverse DNS Zones are not essential for Windows DNS to work but if it exists it has to be right.

    This is a routine part of our Preventative Maintenence routines on all of the various systems we support.

SHARE:
+ Post New Thread

Similar Threads

  1. It doesn't feel like Christmas
    By tech_guy in forum General Chat
    Replies: 14
    Last Post: 26th December 2008, 09:57 AM
  2. Simple 1.5 doesn't look right
    By SimpleSi in forum EduGeek Joomla 1.5 Package
    Replies: 7
    Last Post: 25th May 2008, 11:21 AM
  3. About this Mac doesn't come up
    By customh in forum Mac
    Replies: 4
    Last Post: 28th February 2008, 07:24 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •