+ Post New Thread
Results 1 to 6 of 6
Windows Thread, Computer Policies Not Applying in Technical; Hi Guys, got an issue with Server 2008 R2 and Windows 7. Just reimaged all the machines in this school ...
  1. #1
    Joanne's Avatar
    Join Date
    Nov 2007
    Location
    Lancashire
    Posts
    1,643
    Thank Post
    144
    Thanked 161 Times in 134 Posts
    Blog Entries
    17
    Rep Power
    82

    Computer Policies Not Applying

    Hi Guys,

    got an issue with Server 2008 R2 and Windows 7. Just reimaged all the machines in this school using WDS. Computer policies are not applying to the machines, but User policies are applying fine. When I do a GPUPDATE /FORCE I get the following:



    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Users\sysadmin>gpupdate /force
    Updating Policy...

    User Policy update has completed successfully.
    Computer policy could not be updated successfully. The following errors were enc
    ountered:

    The processing of Group Policy failed. Windows could not resolve the computer na
    me. This could be caused by one of more of the following:
    a) Name Resolution failure on the current domain controller.
    b) Active Directory Replication Latency (an account created on another domain co
    ntroller has not replicated to the current domain controller).

    To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
    rom the command line to access information about Group Policy results.



    Event viewer shows this:

    Log Name: System
    Source: Microsoft-Windows-GroupPolicy
    Date: 29/10/2013 15:19:05
    Event ID: 1055
    Task Category: None
    Level: Error
    Keywords:
    User: SYSTEM
    Computer: ICT-24.SMSJ.internal
    Description:
    The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
    a) Name Resolution failure on the current domain controller.
    b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
    <EventID>1055</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>1</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2013-10-29T15:19:05.980198400Z" />
    <EventRecordID>6271</EventRecordID>
    <Correlation ActivityID="{BC6910B5-ABA9-4023-98D3-BEFA987177F2}" />
    <Execution ProcessID="940" ThreadID="3672" />
    <Channel>System</Channel>
    <Computer>ICT-24.SMSJ.internal</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <EventData>
    <Data Name="SupportInfo1">1</Data>
    <Data Name="SupportInfo2">1632</Data>
    <Data Name="ProcessingMode">0</Data>
    <Data Name="ProcessingTimeInMilliseconds">1623</Data>
    <Data Name="ErrorCode">5</Data>
    <Data Name="ErrorDescription">Access is denied. </Data>
    </EventData>
    </Event>


    The "access is denied" bit is confusing. Computer is in AD fine and member of domain computers.

    Looked on technet to no avail.

    DNS is all working with reverse lookup zones.

    Has anyone come across this before?

    Any help much appreciated!

  2. #2

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    797
    Thank Post
    180
    Thanked 61 Times in 58 Posts
    Rep Power
    35
    We've always found that we have to run the cmd as a Administrator as otherwise the Computer Policies don't seem to get updated.

  3. #3
    Joanne's Avatar
    Join Date
    Nov 2007
    Location
    Lancashire
    Posts
    1,643
    Thank Post
    144
    Thanked 161 Times in 134 Posts
    Blog Entries
    17
    Rep Power
    82
    Nope sorry... same result running command prompt as administrator :-(

  4. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    The clue is here:

    The processing of Group Policy failed. Windows could not resolve the computer na
    me. This could be caused by one of more of the following:
    a) Name Resolution failure on the current domain controller.
    b) Active Directory Replication Latency (an account created on another domain co
    ntroller has not replicated to the current domain controller).
    Make sure DNS is working on both your DCs (I'm speculating you have two or more), as this is most likely causing your DCs not to replicate.

    Do your Active Directory structures look the same on both DCs?

  5. #5
    Joanne's Avatar
    Join Date
    Nov 2007
    Location
    Lancashire
    Posts
    1,643
    Thank Post
    144
    Thanked 161 Times in 134 Posts
    Blog Entries
    17
    Rep Power
    82
    OK my colleague found the solution:

    Download PSTools from microsoft.

    He then created a script to run the command (assuming folder is in a mapped drive - in this instance x: and folder is named !PSTools)

    cd x:\!PSTools
    PsExec.exe -i -s cmd.exe
    This may get blocked by anti virus. Sophos stopped it from running so had to allow it through.

    Ran this and then it opens a new command prompt window, in which we typed:

    rundll32.exe keymgr.dll, KRShowKeyMgr
    The capital letters are essential in that line.

    This opens a key manager box. Delete the key shown there. Run gpupdate /force, logoff ET VOILA! Policies are applied.

    I think it was something to do with adding the image to the domain before sysprepping or saving a username password combo which had the machine name as the domain OR SOMETHING STUPID LIKE THAT.

    Thanks for suggestions anyway.

    If anyone else comes across this thread when trying to solve this issue, I hope I have helped by posting it here. 2 of us were googling for hours on the issue.
    Last edited by Joanne; 30th October 2013 at 11:54 AM.

  6. Thanks to Joanne from:

    Netman (30th October 2013)

  7. #6

    StevieM's Avatar
    Join Date
    Apr 2013
    Location
    Liverpool
    Posts
    870
    Thank Post
    344
    Thanked 374 Times in 251 Posts
    Rep Power
    112
    I had similar problems when I tried to deploy Office 2013 through a GP startup script. Some machines installed first time, others after a few restarts, still others after a forced GPUpdate. However, some machines would not update at all and I ended up doing manual installs. I don't understand as all the machines are identical and were created using the same image and all are present in AD. Still not got to the bottom of it, but I'll look at some of the solutions here and see if that makes any difference.

SHARE:
+ Post New Thread

Similar Threads

  1. group policy not applying
    By bart21 in forum Windows
    Replies: 4
    Last Post: 20th April 2010, 07:45 PM
  2. Group Policy not applying
    By Maximus in forum Wireless Networks
    Replies: 10
    Last Post: 4th June 2008, 10:51 PM
  3. Replies: 20
    Last Post: 12th November 2007, 04:55 PM
  4. Loopback Policy not applying fully
    By sidewinder in forum Windows
    Replies: 4
    Last Post: 23rd February 2007, 11:49 AM
  5. Group Policy not applying
    By edie209 in forum Windows
    Replies: 18
    Last Post: 27th September 2006, 07:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •