|
microsoft.public.windows.server.security - Supporting MS Windows network? Read here before it's too late!
|
|
|
|
|
Posted by Darren Mar-Elia on November 24, 2008, 5:33 pm
Please log in for more thread options
The fact that you get that during a background refresh tells me that
something is amiss in getting to the SYSVOL portion of that GPO. You say the
file is there but what are the permissions on that GPT.INI file? Also, are
you sure that DFS Client is running on that client? Also, is the TCP/IP
NetBIOS helper service running on the client?
Darren
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
*******************************
Spot GPO differences and inconsistencies with the powerful GPO Compare 1.0.
Download the trial at www.sdmsoftware.com/group_policy_compare
*******************************
show/hide quoted text
> Hello Nondisclosure007,
> Did you run gpupdate /force on the client? Are both settings in the same
> policy and where are they linked to?
> Best regards
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
> > Workstation: Vista SP1 x64 bit
> > Server: Windows Server 2008 SBS
> > Problem: not all settings in group policy object for domain get
> > transferred. I've got a logon text and caching of domain logons.
> > After looking at the local policy on on the vista workstation, I see
> > the cached logon value got transferred down but the logon text is
> > still blank.
> > Any ideas?
> > Thanks.- Hide quoted text -
> - Show quoted text -
Thanks for the really quick reply.
All the options are in the same policy (and this policy is the only
one enforced).
I ran the gpupdate /force on the client. I got back the following
error:
{begin copy-
show/hide quoted text
C:\>gpupdate /force
Updating Policy...
User Policy update has completed successfully.
Computer policy could not be updated successfully. The following
errors were enc
ountered:
The processing of Group Policy failed. Windows attempted to read the
file \mydomain.
local\SysVol\mydomian.local\Policies\{5FB3EDF8-
F427-4DEA-98A5-608CF018A75A}\gpt.ini f
rom a domain controller and was not successful. Group Policy settings
may not be
applied until this event is resolved. This issue may be transient and
could be
caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain
controller.
b) File Replication Service Latency (a file created on another domain
controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or invoke gpmc.msc to
access infor
mation about Group Policy results.
show/hide quoted text
C:\>
-end copy}
Now, if I go look in the \MyDC\SysVol\Policies\{5FB3EDF8-
F427-4DEA-98A5-608CF018A75A}\gpt.ini, it's there. So, I'm not sure
what's going on.
Thanks for helping!
|
|
Posted by Nondisclosure007 on November 24, 2008, 6:15 pm
Please log in for more thread options
wrote:
show/hide quoted text
> The fact that you get that during a background refresh tells me that
> something is amiss in getting to the SYSVOL portion of that GPO. You say =
the
show/hide quoted text
> file is there but what are the permissions on that GPT.INI file? Also, ar=
e
show/hide quoted text
> you sure that DFS Client is running on that client? Also, is the TCP/IP
> NetBIOS helper service running on the client?
> Darren
> --
> Darren Mar-Elia
> MS-MVP-Windows Server--Group Policy
> *******************************
> Spot GPO differences and inconsistencies with the powerful GPO Compare 1.=
0.
show/hide quoted text
> Download the trial atwww.sdmsoftware.com/group_policy_compare
> *******************************
> > Hello Nondisclosure007,
> > Did you run gpupdate /force on the client? Are both settings in the sam=
e
show/hide quoted text
> > policy and where are they linked to?
> > Best regards
> > Meinolf Weber
> > Disclaimer: This posting is provided "AS IS" with no warranties, and
> > confers
> > no rights.
> > ** Please do NOT email, only reply to Newsgroups
> > ** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
> > > Workstation: Vista SP1 x64 bit
> > > Server: Windows Server 2008 SBS
> > > Problem: not all settings in group policy object for domain get
> > > transferred. I've got a logon text and caching of domain logons.
> > > After looking at the local policy on on the vista workstation, I see
> > > the cached logon value got transferred down but the logon text is
> > > still blank.
> > > Any ideas?
> > > Thanks.- Hide quoted text -
> > - Show quoted text -
> Thanks for the really quick reply.
> All the options are in the same policy (and this policy is the only
> one enforced).
> I ran the gpupdate /force on the client. =A0I got back the following
> error:
> {begin copy-
> C:\>gpupdate /force
> Updating Policy...
> User Policy update has completed successfully.
> Computer policy could not be updated successfully. The following
> errors were enc
> ountered:
> The processing of Group Policy failed. Windows attempted to read the
> file \mydomain.
> local\SysVol\mydomian.local\Policies\{5FB3EDF8-
> F427-4DEA-98A5-608CF018A75A}\gpt.ini f
> rom a domain controller and was not successful. Group Policy settings
> may not be
> =A0applied until this event is resolved. This issue may be transient and
> could be
> caused by one or more of the following:
> a) Name Resolution/Network Connectivity to the current domain
> controller.
> b) File Replication Service Latency (a file created on another domain
> controller
> =A0has not replicated to the current domain controller).
> c) The Distributed File System (DFS) client has been disabled.
> To diagnose the failure, review the event log or invoke gpmc.msc to
> access infor
> mation about Group Policy results.
> -end copy}
> Now, if I go look in the \MyDC\SysVol\Policies\{5FB3EDF8-
> F427-4DEA-98A5-608CF018A75A}\gpt.ini, it's there. =A0So, I'm not sure
> what's going on.
> Thanks for helping!- Hide quoted text -
> - Show quoted text -
gpt.ini rights:
authenticated users, enterprise domain controllers: read&execute, read
system,domain admins, enterprise admins, administrators:full
I don't have DFS client on this Vista x64 (ultimate) pc (nor can I
find where to get it installed from); I do have DFS replication
running. Ditto on the netbios helper service.
I have my windows server 2008 DHCP server options set:
045 NetBios over TCP/IP NBDD set to my server IP
046 WINS/NBT Node Type set to 0x0 (which seems pointless since I can't
seem to find a wins service for windows 2008).
|
|
Posted by Darren Mar-Elia on November 24, 2008, 4:53 pm
Please log in for more thread options Looking at the local GPO, while sometimes useful, is not definitive on what
policies were actually processed--especially around security policy. Have
you confirmed by re-logging on, that the logon text did not get delivered?
Darren
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
*******************************
Spot GPO differences and inconsistencies with the powerful GPO Compare 1.0.
Download the trial at www.sdmsoftware.com/group_policy_compare
*******************************
show/hide quoted text
> Workstation: Vista SP1 x64 bit
> Server: Windows Server 2008 SBS
> Problem: not all settings in group policy object for domain get
> transferred. I've got a logon text and caching of domain logons.
> After looking at the local policy on on the vista workstation, I see
> the cached logon value got transferred down but the logon text is
> still blank.
> Any ideas?
> Thanks.
|
|
Posted by Nondisclosure007 on November 24, 2008, 5:09 pm
Please log in for more thread options wrote:
show/hide quoted text
> Looking at the local GPO, while sometimes useful, is not definitive on wh=
at
show/hide quoted text
> policies were actually processed--especially around security policy. Have
> you confirmed by re-logging on, that the logon text did not get delivered=
?
show/hide quoted text
> Darren
> --
> Darren Mar-Elia
> MS-MVP-Windows Server--Group Policy
> *******************************
> Spot GPO differences and inconsistencies with the powerful GPO Compare 1.=
0.
show/hide quoted text
> Download the trial atwww.sdmsoftware.com/group_policy_compare
> *******************************
> > Workstation: Vista SP1 x64 bit
> > Server: Windows Server 2008 SBS
> > Problem: not all settings in group policy object for domain get
> > transferred. =A0I've got a logon text and caching of domain logons.
> > After looking at the local policy on on the vista workstation, I see
> > the cached logon value got transferred down but the logon text is
> > still blank.
> > Any ideas?
> > Thanks.- Hide quoted text -
> - Show quoted text -
Tried logoff, no go; re-start, no go; shut off - turn on, no go.
thx.
|
|
Posted by Nondisclosure007 on November 24, 2008, 11:29 pm
Please log in for more thread options wrote:
show/hide quoted text
> Workstation: Vista SP1 x64 bit
> Server: Windows Server 2008 SBS
> Problem: not all settings in group policy object for domain get
> transferred. =A0I've got a logon text and caching of domain logons.
> After looking at the local policy on on the vista workstation, I see
> the cached logon value got transferred down but the logon text is
> still blank.
> Any ideas?
> Thanks.
SOLVED!!!!
http://support.microsoft.com/kb/934907
Hard to believe, but this solved it!
Thanks everyone for your help!
|
| Similar Threads | Posted | | policies | September 12, 2005, 9:16 am |
| RAS and VPN policies - help | March 15, 2007, 10:10 am |
| Account Policies - NT | January 19, 2006, 3:14 pm |
| Group Policies | September 13, 2006, 8:31 am |
| How Policies Work | November 17, 2006, 2:43 pm |
| IAS EAP - TLS Policies question | January 19, 2007, 3:20 pm |
| security policies | May 19, 2009, 8:49 am |
| Multiple Password Policies? | June 22, 2005, 12:15 pm |
| How to have 2 security policies on one server | August 30, 2005, 8:11 am |
| 2003 Group Policies?? | April 19, 2006, 3:34 pm |
|
|
XML Sitemap
> Did you run gpupdate /force on the client? Are both settings in the same
> policy and where are they linked to?
> Best regards
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
> > Workstation: Vista SP1 x64 bit
> > Server: Windows Server 2008 SBS
> > Problem: not all settings in group policy object for domain get
> > transferred. I've got a logon text and caching of domain logons.
> > After looking at the local policy on on the vista workstation, I see
> > the cached logon value got transferred down but the logon text is
> > still blank.
> > Any ideas?
> > Thanks.- Hide quoted text -
> - Show quoted text -