Windows Server 2008 R2 Thread, GPO's not being applied after upgrade to 2008 R2 in Technical; That and check that your DNS infrastructure is working properly. Most GP issues are usually down to DNS being screwed ...
26th July 2010, 05:36 PM #16
That and check that your DNS infrastructure is working properly. Most GP issues are usually down to DNS being screwed somewhere along the line.
Try running DCdiag on your DC and check that there are no errors relating to DNS registration. It won't hurt to run ipconfig /registerdns anyway even if does check out ok.
Check that DHCP is handing out the correct DNS information (if you are using it...) Then check that your clients can correctly resolve the DC's A name and the SRV records that it will have registered.
IDG Tech News
26th July 2010, 06:09 PM #17
You could try working your way through Troubleshooting Group Policy Using Event Logs to see if any errors are reported.
26th July 2010, 07:08 PM #18
- Rep Power
DCdiag returned all results as passed. Did the ipconfig /registerdns as well. Rebooted clients an still nothing. Will try the troubleshooting guide posted by teejay next.
Originally Posted by DrCheese
26th July 2010, 10:14 PM #19
- Rep Power
After checking through the Event Viewer there was only two events that seem odd:
Event ID 5314: A fast link was detected. The Estimated bandwidth is 0 kbps. The slow link threshold is 500 kbps.
Event ID 5327: Estimated network bandwidth on one of the connctions: 0 kbps.
26th July 2010, 10:45 PM #20
Ok, try making a change to a group policy that will require a client reboot, such as assign a piece of software to install. On the client, from the command prompt console, do a gpupdate /force. If it says something along the lines of need to reboot for software installation, then the machine is reading the group policy.
26th July 2010, 10:50 PM #21
Also, have you done the following on a client:
In order to troubleshoot Group Policy more effectively you can enable verbose logging.
Enable Logging to Userenv.log:
Registry Key: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: UserenvDebugLevel = REG_DWORD 0x10002
A full log of GPO activities will then be created in %systemroot%\ Debug\UserMode\Userenv.log
Set this key to start verbose logging to the Application Event Log:
Set: RunDiagnosticLoggingGroupPolicy = REGDWORD 1
A more comprehensive log of Group Policy will be made to the Event Log
More help can be found on GPO troubleshooting on the following link:
27th July 2010, 06:23 AM #22
Have you tied rebuilding/placing a new client onto the network that didn't exist before?
27th July 2010, 06:27 AM #23
- Rep Power
Yes, actually noticed it after joining a brand new laptop into the domain. Also created a bare-metal vm and installed Win7 and Server 2003 R2 (added Client Extentions too) to try.
Originally Posted by p858snake
27th July 2010, 07:11 PM #24
- Rep Power
So I have made some progress today. I deleted every GPO that I created on the old server. Then I reset the Default Domain Policy and Default Domain Controller Policy back to their defaults by running dcgpofix /target:both. Be sure to backup the GPOs first. From there I recreated my custom GPOs and they seem to be working, except one. I am trying to map a drive when I am logged in as the Domain Administrator. I have created the item-level targeting to only apply when the SID matches DOMAIN\Administrator but it doesn't seem to map the drive.
27th July 2010, 07:22 PM #25
That's great news :-)
Originally Posted by bmittleider
Is UAC enabled on the PC as this can cause problems when Domain Admins log in with mapped drives. Try it as a normal user, or disable UAC.
27th July 2010, 10:31 PM #26
- Rep Power
I have created an account and added it to the Domain Admins group. This user successfully maps to the drive. However the built-in Administrator account cannot map the drive. Have tested on Windows 7, Server 2008 R2 and Server 2003 R2. If the user that has been added to Domain Admins logs into any of those OS it works as expected. Didn't have that problem with Server 2008. Could it be a new security option in the schema?
Edit: As far as UAC, Server 2003 doesn't have that so on that computer it wouldn't be an issue.
Last edited by bmittleider; 27th July 2010 at 10:39 PM.
27th July 2010, 11:32 PM #27
Hmm.. in the targeting are you picking the "Administrator" with the native user browser/picker thingy ("from this location" = your *domain*) as opposed to just typing it in the box? Did you select match by SID?
Last edited by PiqueABoo; 27th July 2010 at 11:35 PM.
28th July 2010, 11:50 AM #28
- Rep Power
Yes I was matching by SID and it still doesn't work. Not sure what is happening but now it's less of a problem since the rest of the GPOs are functioning. I will continue to troubleshoot but not in a high priority.
Thanks to everyone who posted suggestions. Hope someone can have an easier time fixing it than I did.
2nd September 2010, 08:28 PM #29
Had the same issue and found that, for me at least the issue was a race condition thanks to the LAN NIC's getting a bit over zealous..
Running this on each problem machine then forcing the gpupdate again solved it.
Windows Registry Editor Version 5.00
By ful56_uk in forum Windows Server 2008 R2
Last Post: 21st June 2010, 10:05 AM
Last Post: 12th October 2009, 12:16 PM
By fafster in forum Windows
Last Post: 13th May 2008, 03:32 PM
By lovelldr in forum Windows
Last Post: 18th July 2007, 09:16 AM
By pooley in forum Windows
Last Post: 9th November 2006, 11:52 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)