The Processing Of Group Policy Failed, Event ID 1058
Jahed Stetter
My setup is as followsWindows 2003 Active Directory
Windows 2008 Member Server to the AD
Terminal Server Installed on Windows 2008 Server
GPMC Installed and Managed from Windows 2008 server
I have created couple of GPO and everything was working fine. In recent days
we encountered the issue of getting the following error from the Event log of
Windows 2008 server.The processing of Group Policy failed. Windows attempted to read the file
\\domain.com\SysVol\domain.com\Policies\7A2EA692-8C20-4FA4-8C5B-1122CC2598FF\gpt.ini
from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and
could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain
controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.When this error occurs users are not getting the GPO settings (i.e. GPO
doesn't get applied). If I try to go to the folder
\\domain.com\SysVol\domain.com\Policies there I could not see the folder
7A2EA692-8C20-4FA4-8C5B-1122CC2598FF. But at the same time if I check it
from my AD server the folders are exist. I really don't know what is
happening there. All I find a solution to make it visible that folder is from
Windows 2008 server I just copy the any of the existing GPO and paste it with
default permissions. The moment copy of the GPO has been created I could see
the folder 7A2EA692-8C20-4FA4-8C5B-1122CC2598FF visible. Then everything
works fine back.usres are getting their GPO settings applied. But then this
is a temporary solution. After some time again I am getting the same error
back and doing the same steps to make the folders visible back.Did anybody encounter this issue?Managing the Windows 2003 domain GPO from a Windows 2008 GPMC is making any
issue? I also give a try installing GPMC on AD server and I don't see any
improvement on this issue.Any help would be appreciated.Thanks
Prakash
I guess I'm not getting your issue -- are you saying that from a client
machine you cannot access the Policies\7A2EA... folder as it is not
there and from the Windows Server 2008 server, you can? When trying your
temporary solution, you simply copy an other policy folder and rename it
to the 7A2EA.. name?Have you checked the three points the event suggests (replication, FRS
errors, DNS)? Are the multiple domain controllers in this domain? Does
the Windows Server 2008 DC have multiple network interfaces?cheers,Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog:
Maillist (german): =mailingliste
My domain is running on Windows 2003 R2 and not on the Windows 2008
Windows 2008 is member server to the domain and installed with Terminal
services. My users are just RDP to windows 2008 server in order to access the
application installed on it.I don't see the three points suggested in event logs are making any sense as
I could manage to get rid out of this error just by copy and paste the any
existing GPO.Do we need to anything on the Windows 2008 member server in order to access
the folders under \\domain.com\sysvol\domain.com\polices ? I really get
confused as this issue is that I'm not able to access that folder. Those
folders get disappeared and can be make it visible just by copy and paste the
GPO.Thanks
Prakash
I'm with you on this one.Same issue. Single 2008 server w/2 Vista Clients. 1058 errors show up. I'm
unable to access the netlogon share locally from the server. (using the UNC
name \\server1) I reboot the server, everything is fine for a while.
The processing of Group Policy failed. Windows attempted to read the file \replaceddomain.com.au\sysvol\replaceddomain.com.au\Policies31B2F340-016D-11D2-945F-00C04FB984F9\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved.
If I set authenticated users (read/apply) in security filter and domain computers (read) in delegation I receive error 1058 for user policies and none of them apply as GPO client gives up after first access denied failure.
The xattr for the sysvol/netlogon folders look to be OK (have compared against a fresh 4.4 install and against the UCS forum threads linked above). I have also tried adding in a domain computers group ACL for the sysvol folder with no change.
If I remove the home share attribute from the user account under POSIX (Linux/UNIX) section then sysvol/netlogon browsing works as it should!! I guess the failing home mount, failed the user login through samba to pam and broke the sysvol browsing!
I am looking to apply a GPO policy that inserts a registry key into an RDS/ICA session based upon a registry key setting on the client device. Is this possible when using registry targeting, or is that only able to look at the registry on the server the policy is being applied to? I am unable to use RDS Client Name targeting for this, and this is my next thought.
The problem we have is that users Offline files sync is failing, but it looks like the machine is trying to Sync another users directory. For example, assumign I am 'userY' in my Sync Centre, the current status is 'Failed - Access Denied' and the folder states is "\\server\share\userX" where X is a completely different user to my account. This happens across the board and there is no consistancy for the username that appears to be being synced.
After the permission change: I have deployed the Group Policy Preferences to replace the DLL in question BUT it does not not get replaced. To test, i have added a character to the file name and the policy gets pushed correctly the file gets created or replaced. SO the policy works.
When I start Group Policy Managment on the Domain Controler I get a error message .(The system cannot find the path specified)
when I click ok it starts the mmc
when I try to edit the Default Domain Policy I get an error (Failed to open the Group Plicy Object. You may not have appropriat rights)
When I go to Browser and type \\xxxxx.local\sysvol\
I see a file that is called xxxxx.local it is not a shortcut it is jut a LOCAL File
When I go to \\the domain controller \SYSVOL I see the same thing.
however if I go to the DC, I can go to c"\windows\sysvol\
I see 4 folders (1.Domain, 2.Staging, 3.Staging area 4.sysvol)
and yes if I expand sysvol I see the same local file again.
User: SYSTEM
Computer: SERVER.xxxxx.local
Description:
The processing of Group Policy failed. Windows attempted to read the file \\xxxxx.local\sysvol\xxxxx.local\Policies\31B2F340-016D-11D2-945F-00C04FB984F9\gpt.ini
from a domain controller and was not successful.
\ Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
We have a default user policy. In Group Policy Management when I drill down toUser Config\Policies\Admin templates and then "right click" I can then choose "Add/Remove Template" When I do this I see a list of .ADM files that are applied to this GPO. Where are they? When I'm in the Add/Remove Templates little window I only have buttons for ADD & REMOVE and if I choose ADD it does not bring me to where the .ADM files live. I know our ADM files are on different shares (bad practice I know) but there is one I need to find so I can add it to another GPO and I can't find it.
I created a simple trusted sites GPO and applied it to an OU with me as the only user(group) to test. After setting up the GPO, I ran GPUPDATE /FORCE on my PC, then ran the GPRESULT /R to get the report info. The GPO appeared in the list of applied GPOs, but the website never was placed in the Trusted Sites location in IE 11.
We are facing a strange issue with GPO's. We have a parent OU named OU1 and a SUB OU named OU2. We have applied a GPO on OU1 with IE proxy setting defined as GPO1 and another GPO applied on OU2 with different proxy settings applied as GPO2. The GPO2 is enforced so that the users in OU2 should get the proxy settings specified in GPO2.
We are facing the issue with users in OU2 that they are getting the proxy settings from GPO1 which is applied on OU1. When I run RSOP I can see the proxy settings which is applied on OU2 which is correct. But the IE shows the address from GPO1 which is not correct. When I check Precedence tab of RSOP I can see that GPO1 is above GPO2 in precedence. Don't know how
The point is we have several group policies, and I think they are not applying fine. for instance my own user, if I run gpresult -v I see some items in the default domain policiy are not applied. It inform of 3 group policy objects applied, as it should be, but not every configuration is applied.
In brackets are Event Viewer error codes that you can use to trace these GPO processing errors (Event Viewer > Windows Logs > System). You should get an idea of the underlying problem from the descriptions of the specific errors on an affected machine.
The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\Policy_GUID\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved.
bcf7231420