Windows Thread, Computers not picking up the group policies in Technical; Hi
I am experiencing a few problems. Computers refuse to pickup there group policies. This has only just started happening. ...
20th January 2008, 09:39 AM #1
Computers not picking up the group policies
I am experiencing a few problems. Computers refuse to pickup there group policies. This has only just started happening. I havenít changed any settings. Yesterday I added a computer to the domain and it wouldnít get the policies and I have the same this morning. Yesterday I managed to get it to pick them up but only by doing gpupdate /force after 12 times.
User policies load fine.
Any thoughts please?
20th January 2008, 10:00 AM #2
Could be the network cards or the switch. Some network cards, usually older or dodgey ones don't become ready and IP connected until after windows attempts to do machine policy stuff. This can also happen if you have a switch that is configured to use spanning tree protocol, this prevents bridging loops by keeping the port closed off for around 30-50 seconds till it is sure that it is not a loop.
For the dodgey network cards you can disable media sense http://support.microsoft.com/kb/239924/ which will make Windows wait for ip connectivity before proceeding. As to the switch you can configure it to use portfast but it depends on the model of switch as to how you need to configure it.
20th January 2008, 10:18 AM #3
The switch is only a basic netgear one, both machines i have tried re-adding to the domain are less than a year old. Could it be a problem with the Nic in the server?
20th January 2008, 10:32 AM #4
Not likely to be the server adapter as this is already on, if you can ping it from the stations then that should not be the problem. I would try the media sense thing as XP also has the same delayed connection issues with some gigabit adapters.
After you have applied the little registry fix then do a gpupdate /force and it should apply the settings first time.
20th January 2008, 10:51 AM #5
Any errors in the client event log?
Sometimes I get 1202 errors on newly added computers which results in policies being partially applied. This usually fixes it:
esentutl /p "%Windir%\security\Database\Secedit.sdb"
20th January 2008, 01:16 PM #6
Did you clear out DNS like you planned in the other thread?
20th January 2008, 01:23 PM #7
No clearing the DNS was for work. That went good and everything seems fine.
This is my home test setup.
20th January 2008, 06:05 PM #8
Have you tried switching userenv logging to verbose to see if you can get any more clues?
Also try increasing the amount of time the OS waits for the NIC to start, see KB840669. This solved a similar problem I was having with some slow NICs in some older laptops.
Hope that is of some help,
Last edited by Iain; 20th January 2008 at 06:07 PM.
20th January 2008, 06:13 PM #9
Hi i re-installed XP on the machine (it needed one) and re-added it to the domain and it was fine.
20th January 2008, 11:47 PM #10
Out of curiosity, did you create the computer object account in Active Directory (within the relevant OU), then add the computer to the domain, or did you simply add the computer to the domain?
The reason I ask, is because by default computers are placed in the Computers folder. Policies cannot be applied when the computer object is here. It must be moved to any OU you have created.
It could also be possible that the computer account became corrupt, so you can use the 'reset' option in AD to re-add the computer to your domain. You don't necessarily have to format, although of course formatting is as good as new
20th January 2008, 11:49 PM #11
One computer was replacing an existing account. The other i added it then dragged the computer in the correct ou, rebooted did gpupdate /force and rebooted again and had no joy.
20th January 2008, 11:55 PM #12
Generally speaking, if you're adding a new computer which has the same computer name, you should delete the existing computer object account in AD (where ever it is located).
Then of course adding the new computer will generate a new computer object account and you just move it to the relevant OU.
How are you structuring your OUs? I generally create an OU called "Curriculum" for example, then create sub OUs whereby I move computer objects. Editing policies on the Curriculum OU (User or Computer) should then filter down to sub OUs, unless you block policy inheritance of course
21st January 2008, 07:54 AM #13
Computers then either Laptops or Desktops.
21st January 2008, 09:40 AM #14
- Rep Power
Originally Posted by FN-Greatermanchester
According to one or two Microsoft KB Articles, Moving a computer in Active Directory while it is turned on can break various trust links between it and the directory - causing various issues.
By Dos_Box in forum Windows
Last Post: 30th July 2007, 12:38 PM
By steelrazor in forum Windows
Last Post: 11th October 2006, 12:06 PM
By e_g_r in forum Windows
Last Post: 25th August 2006, 09:12 AM
By BooBoo in forum Windows
Last Post: 8th August 2006, 07:23 AM
By mullet_man in forum Wireless Networks
Last Post: 12th January 2006, 02:42 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)