+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 29 of 29
Windows Server 2008 R2 Thread, GPO's not being applied after upgrade to 2008 R2 in Technical; That and check that your DNS infrastructure is working properly. Most GP issues are usually down to DNS being screwed ...
  1. #16
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,026
    Thank Post
    97
    Thanked 158 Times in 107 Posts
    Rep Power
    58
    That and check that your DNS infrastructure is working properly. Most GP issues are usually down to DNS being screwed somewhere along the line.
    Try running DCdiag on your DC and check that there are no errors relating to DNS registration. It won't hurt to run ipconfig /registerdns anyway even if does check out ok.
    Check that DHCP is handing out the correct DNS information (if you are using it...) Then check that your clients can correctly resolve the DC's A name and the SRV records that it will have registered.

  2. #17

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,174
    Thank Post
    284
    Thanked 773 Times in 583 Posts
    Rep Power
    335
    You could try working your way through Troubleshooting Group Policy Using Event Logs to see if any errors are reported.

  3. #18

    Join Date
    Jan 2009
    Location
    Nebraska
    Posts
    55
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by DrCheese View Post
    That and check that your DNS infrastructure is working properly. Most GP issues are usually down to DNS being screwed somewhere along the line.
    Try running DCdiag on your DC and check that there are no errors relating to DNS registration. It won't hurt to run ipconfig /registerdns anyway even if does check out ok.
    Check that DHCP is handing out the correct DNS information (if you are using it...) Then check that your clients can correctly resolve the DC's A name and the SRV records that it will have registered.
    DCdiag returned all results as passed. Did the ipconfig /registerdns as well. Rebooted clients an still nothing. Will try the troubleshooting guide posted by teejay next.

  4. #19

    Join Date
    Jan 2009
    Location
    Nebraska
    Posts
    55
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    After checking through the Event Viewer there was only two events that seem odd:

    Event ID 5314: A fast link was detected. The Estimated bandwidth is 0 kbps. The slow link threshold is 500 kbps.
    Event ID 5327: Estimated network bandwidth on one of the connctions: 0 kbps.

  5. #20

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,174
    Thank Post
    284
    Thanked 773 Times in 583 Posts
    Rep Power
    335
    Ok, try making a change to a group policy that will require a client reboot, such as assign a piece of software to install. On the client, from the command prompt console, do a gpupdate /force. If it says something along the lines of need to reboot for software installation, then the machine is reading the group policy.

  6. #21

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,174
    Thank Post
    284
    Thanked 773 Times in 583 Posts
    Rep Power
    335
    Also, have you done the following on a client:
    In order to troubleshoot Group Policy more effectively you can enable verbose logging.
    Enable Logging to Userenv.log:
    Registry Key: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Value: UserenvDebugLevel = REG_DWORD 0x10002
    A full log of GPO activities will then be created in %systemroot%\ Debug\UserMode\Userenv.log

    Set this key to start verbose logging to the Application Event Log:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
    Set: RunDiagnosticLoggingGroupPolicy = REGDWORD 1
    A more comprehensive log of Group Policy will be made to the Event Log
    More help can be found on GPO troubleshooting on the following link:

  7. #22
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,490
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    51
    Have you tied rebuilding/placing a new client onto the network that didn't exist before?

  8. #23

    Join Date
    Jan 2009
    Location
    Nebraska
    Posts
    55
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by p858snake View Post
    Have you tied rebuilding/placing a new client onto the network that didn't exist before?
    Yes, actually noticed it after joining a brand new laptop into the domain. Also created a bare-metal vm and installed Win7 and Server 2003 R2 (added Client Extentions too) to try.

  9. #24

    Join Date
    Jan 2009
    Location
    Nebraska
    Posts
    55
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    So I have made some progress today. I deleted every GPO that I created on the old server. Then I reset the Default Domain Policy and Default Domain Controller Policy back to their defaults by running dcgpofix /target:both. Be sure to backup the GPOs first. From there I recreated my custom GPOs and they seem to be working, except one. I am trying to map a drive when I am logged in as the Domain Administrator. I have created the item-level targeting to only apply when the SID matches DOMAIN\Administrator but it doesn't seem to map the drive.

  10. #25

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,174
    Thank Post
    284
    Thanked 773 Times in 583 Posts
    Rep Power
    335
    Quote Originally Posted by bmittleider View Post
    So I have made some progress today. I deleted every GPO that I created on the old server. Then I reset the Default Domain Policy and Default Domain Controller Policy back to their defaults by running dcgpofix /target:both. Be sure to backup the GPOs first. From there I recreated my custom GPOs and they seem to be working, except one. I am trying to map a drive when I am logged in as the Domain Administrator. I have created the item-level targeting to only apply when the SID matches DOMAIN\Administrator but it doesn't seem to map the drive.
    That's great news :-)
    Is UAC enabled on the PC as this can cause problems when Domain Admins log in with mapped drives. Try it as a normal user, or disable UAC.

  11. #26

    Join Date
    Jan 2009
    Location
    Nebraska
    Posts
    55
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I have created an account and added it to the Domain Admins group. This user successfully maps to the drive. However the built-in Administrator account cannot map the drive. Have tested on Windows 7, Server 2008 R2 and Server 2003 R2. If the user that has been added to Domain Admins logs into any of those OS it works as expected. Didn't have that problem with Server 2008. Could it be a new security option in the schema?

    Edit: As far as UAC, Server 2003 doesn't have that so on that computer it wouldn't be an issue.
    Last edited by bmittleider; 27th July 2010 at 09:39 PM.

  12. #27

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Hmm.. in the targeting are you picking the "Administrator" with the native user browser/picker thingy ("from this location" = your *domain*) as opposed to just typing it in the box? Did you select match by SID?
    Last edited by PiqueABoo; 27th July 2010 at 10:35 PM.

  13. #28

    Join Date
    Jan 2009
    Location
    Nebraska
    Posts
    55
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Yes I was matching by SID and it still doesn't work. Not sure what is happening but now it's less of a problem since the rest of the GPOs are functioning. I will continue to troubleshoot but not in a high priority.

    Thanks to everyone who posted suggestions. Hope someone can have an easier time fixing it than I did.

  14. #29
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    Had the same issue and found that, for me at least the issue was a race condition thanks to the LAN NIC's getting a bit over zealous..

    Running this on each problem machine then forcing the gpupdate again solved it.

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "GpNetworkStartTimeoutPolicyValue"=dword:0000003c

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. upgrade to 2008 r2 from 2008 server
    By ful56_uk in forum Windows Server 2008 R2
    Replies: 5
    Last Post: 21st June 2010, 09:05 AM
  2. Replies: 10
    Last Post: 12th October 2009, 11:16 AM
  3. Viewing GPO settings being applied
    By fafster in forum Windows
    Replies: 9
    Last Post: 13th May 2008, 02:32 PM
  4. GPO Not Being Applied
    By lovelldr in forum Windows
    Replies: 1
    Last Post: 18th July 2007, 08:16 AM
  5. GPO's not being applied
    By pooley in forum Windows
    Replies: 7
    Last Post: 9th November 2006, 10:52 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •