We have a problem on isaserver 2006 running on windows 2003 r2 enterprise with SP2.

How to troubleshoot below eventid problems.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date:  3/13/2010
Time:  6:12:39 AM
User:  NT AUTHORITY\SYSTEM
Computer: ISAServer
Description:
Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I run rsop.msc the errors listed below

Saturday, March 13, 2010 11:40:13 AM

Group Policy Infrastructure failed due to the error listed below.
The RPC server is unavailable.

Note:  Due to the GP Core failure, none of the other Group Policy components processed their policy.  Consequently, status information for the other components is not available.
Additional Information:
Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Another error of netlogon.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date:  3/13/2010
Time:  10:12:48 AM
User:  N/A
Computer: ISAServer
Description:
This computer was not able to set up a secure session with a domain controller in domain JCBU due to the following:
The remote procedure call was cancelled. 
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. 

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 50 00 02 c0               P..À   

I have DC windows 2008 Enterprise and i have member servers as 2003 as ISA server also 2008 standard as AV server and 2008 Enterprise

Currently GPupdate /Force command is giving error as below on all the member servers.

I have also check that below path i.e. till *.gpt.ini is accessible from 2008 member server but not from 2003 member server.

C:\>gpupdate /force
Updating Policy...

User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed. Windows attempted to read the file \\DomainName.local\sysvol\DomainName.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and cou
ld be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

To diagnose the failure, review the event log or invoke gpmc.msc to access infor
mation about Group Policy results.

-------------------------

But i can access with below path from run command on 2003 member server when i enter complete name as \\DCName.DomainName.local\SYSVOL\aoacrs.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\GPT.INI

But from 2003 when i access from run command \\DomainName.local i can see NETLOGON & SYSVOL folder but i can't click on them as it gives error as "\\DomainName.local\Sysvol  is not accessible. You might not have permission to use this network resource"

Dont know but previously Group Policy was working fine on 2003 member server but on 2008 Member it is not working from long time.

---------------------------

Also NSLookup is working fine on 2008 member, it is pointing to DC properly with ip adddress.

DCDiag on 2003 Member server is only giving error as below

      Starting test: frssysvol
         ......................... DCName failed test frssysvol

DcDiag on 2008 Member server is only giving error as below

Starting test: SysVolCheck
   ......................... DCName failed test SysVolCheck

-------------------------------

C:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : 2008MemberServer
   Primary Dns Suffix  . . . . . . . : DomainName.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : DomainName.local

Ethernet adapter EPharm_AV_3682:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : BASP Virtual Adapter
   Physical Address. . . . . . . . . : 00-14-5E-3E-9E-67
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.240.6.196(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . : 10.240.6.193
   DNS Servers . . . . . . . . . . . : 10.240.18.229
                                       10.240.18.226
                                       10.240.18.228
                                       194.72.7.142
                                       194.72.7.137
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter EPharm_AV_925:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : BASP Virtual Adapter #2
   Physical Address. . . . . . . . . : 00-14-5E-3E-9E-67
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.247.15.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter EPharm_AV_3989:

   Connection-specific DNS Suffix  . : DomainName.local
   Description . . . . . . . . . . . : BASP Virtual Adapter #3
   Physical Address. . . . . . . . . : 00-14-5E-3E-9E-67
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.240.18.237(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 10.240.18.229
                                       10.240.18.230
                                       194.72.7.137
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{247E9943-3A7F-4C76-9B9B-CAD8B7E09
A9C}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{E84FD664-D357-4FA0-B7A7-7AFF627B3
190}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.DomainName.local
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

---------------------------------------------------------

GP log error are recorded as below

GetDCNameFromGPTPath: NetDfsGetClientInfo() failed with error=0xa66 for GPT Path=\\DomainName.local\sysvol\DomainName.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini

GPSVC(3f4.87c) 11:44:59:933 ProcessGPO:  Couldn't find the group policy template file <\\DmainName.local\sysvol\DomainName.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini >, error = 0x5. DC: <null>
GPSVC(3f4.87c) 11:44:59:933 ProcessGPO:  ==============================
GPSVC(3f4.87c) 11:44:59:948 EvalList:  ProcessGPO failed
GPSVC(3f4.87c) 11:44:59:948 GetGPOInfo:  EvaluateDeferredGPOs failed. Exiting
GPSVC(3f4.87c) 11:44:59:948 GetGPOInfo:  Leaving with 0
GPSVC(3f4.87c) 11:44:59:948 GetGPOInfo:  ********************************
GPSVC(3f4.87c) 11:44:59:948 ProcessGPOs: GetGPOInfo failed.
GPSVC(3f4.87c) 11:44:59:948 ProcessGPOs: No WMI logging done in this policy cycle.
GPSVC(3f4.87c) 11:44:59:964 ProcessGPOs: Processing failed with error 5.

PLEASE HELP ME TO GET RID OF THIS ISSUE.

Hello All,

I have been trying to figure out how something is set for users that log in to terminal server.

The Servers (it is a load balancing cluster) - two servers, both Windows 2008 R2, map a folder (which is on both computers)

C:\Users\Public\Desktop to all users that log in to Remote Desktop (aka terminal services).

I am looking for suggestions on where this might be done.  the folder contains shortcuts to various programs on the system,

like Outlook, etc.  When a user logs in via remote desktop to the server, the desktop is populated with the shortcut icons.

This network has 2 DCs operating as a global catalog, etc.

I have searched thru all the group policies on the domain controller - to no avail - (I could have missed something here)

I have also checked each Terminal server computer local group policy for users that log in, etc.  No luck here.

I have looked for log on scripts - there are none.

Would you have any suggestions as to where else I might look around for this type of sharing?

I know this is not a easy thing to comment on, but there may be other places in the O/S where this might be set up.

Thanks,

ERic

During our migration process from Windows Server 2008 R2 to Windows Server 2012 for all of our DC's, I've noticed a problem with the Default Domain Controller Policy.  I can edit this policy from any domain-joined computer running Windows 7 or Windows Server 2008 R2 (and probably earlier versions).  However, I can't edit it via Windows 8 or Windows Server 2012.

Here's the error message I receive:

Failed to open the Group Policy Object.  You might not have the appropriate rights.

Details: The volume for a file has been externally altered so that the opened file is no longer valid.

• This AD domain has been gradually upgraded since its original introduction Windows 2000 Server.
• I'm a Domain Admin and Enterprise Admin.
• I've triple-checked the ACL for this GPO, even going through every property of each entry, and it is exactly as it should be.
• I've verified that all the standard files and folders for the GPO are in the correct location.
• DFS-R is being used for sysvol replication.
• The policy applies correctly, even to Windows Server 2012 domain controllers.
• As mentioned, I can edit the policy without a problem from earlier versions of Windows.
• This problem does not apply to the Default Domain Policy.  Both of these default policies have the proper UUID.
• This problem occurs regardless of which DC I'm connected to via the GPO editor.
• dcdiag /c passes all tests.

I'm stumped!  Any suggestions?

Hi, I need a GPP shortcut pointing to a batch file that needs to be able to be pinned to the Taskbar, to achieve the latter I use cmd.exe as described here:

http://mattrefghi.com/blog/2012/06/how-to-pin-a-batch-file-to-the-taskbar-in-windows-7/

This works perfectly fine if I just create the shortcut manually on a client PC desktop, but I am unable to create the shortcut using GPP in the User Configuration. I've tried the following:

C:\System32\cmd.exe" /c "\\server\share\folder\script.bat"

%SystemDir%\cmd.exe /c "\\server\share\folder\script.bat"

%WindowsDir%\System32\cmd.exe /c "\\server\share\folder\script.bat"

"\\server\share\folder\cmd.exe" /c "\\server\share\folder\script.bat" (obviously copied cmd.exe into the server share here and again, it works if I manually create the shortcut).

All these give the event warning of:

------------------

Event ID:4098

The user 'my_shortcut" preference item in the 'Group Site Policy Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.

------------------

With a Target Path of just "\\server\share\folder\script.bat" the shortcut gets created via GPO just fine. But then I cannot pin it to the taskbar.

Any ideas?

I have been having this issue lately that I think is possible to avoid.

At the moment I have Windows Server 2008 R2 setup with the folders (AppData, Documents, Start Menu, & Desktop) redirecting to a folder called Fldrredir$. The other folders like Downloads and Favorites follow the roaming profile. I have this setup because I have a mixture of XP and 7 clients.

Lately I have had to work it Mac 10.8 clients into the mixture. They work well and I have noticed for instance if I set the folder called Fldrredir$ to be their home folder and mount for example H:/ Mac will mount these folders in the dock. Mac will also build the user's profile around the mounted folders (AppData, Documents, Start Menu, & Desktop). Since there is a conflict with the Desktop folder (both OS wants one in the user's profile) Mac will use the mounted folder and not create one just for it's OS. So any files that the user had on their desktop in XP or 7 will also appear on their Mac profile and Sync correctly. 

The issue I have is that Windows calls their documents folder "My Documents" instead of "Documents" like mac. So I wind up with two folders. One that Mac uses for their profile "Documents" (that does not sync like desktop) and My Documents that will sync but is only accessible by the dock folder and not through Finder.

I wanted to know if I could have Windows redirect the My Documents folder like it does now but have it named Documents.

I am creating this server config right now so I won't have to rebuild actual profiles used by people. As of right now I am using test profiles.

Thank You.

I have 25 win 7 computers in my network. i want to activate VSS on every machines D: drive.

for that i have started vss service from group policy to start on all client. now i want to schedule vss after every 3 to 4 hours.

is this possible???. there is no settings for VSS in GPOS. i have tried to configure through Task Scheduler but i don't not the exact command for that. i have copy below command from my task scheduler 

Command :- C:\windows\system32\vssadmin.exe "Create Shadow /AutoRetry=15 /For=\\?\Volume{952bd05f-8a96-11e2-abe2-806e6f6e6963}\" "%systemroot%\system32".

is this correct ot i have to made some changes in above script. ???

Akshay Pate Server Administrator

With Windows Server 2008, GPP is built-in, right? My issue is we have Windows Server 2003 SP2 Enterprise x86 in our office and our Vulnerability Scanner(Qualys) is detecting that the local admin password has a setting of "not to expire" As far as I know, with GPP, you can set this but with Windows Server 2003 SP2, I'm not sure if this is supported or has a patch that needs to be installed.

Thanks

Jeff

Hi all.

I have a strange issue that I noticed just recently...

We have a site with multiple vlans for example:

10.1.0.0    255.255.255.0

10.1.2.0    255.255.255.0

Clients on the 10.1.0.0  range get an error message when I run gpupdate force as follows:

User Policy could not be updated successfully. The following errors were encountered.

The processing of Group Policy Failed. Windows attempted to recieve new group policy settings for this user or computer.......... etc etc

When I take that same computer and bring it back to my office on 10.1.2.0 network the gpupdate works fine.

Strange thing is clients on the 10.1.0.0 range can logon fine, dns settings are fine. Sysvol shares are available etc.

The subnet is also in sites and services and configured to the correct site.

Any ideas what this could be. Im lost..

Thanks

Shaun

Hello Friends,

Is it possible to lock printer properties using GPO (W2k8)?

I have a problem that printer options are changing every time .For example I want duplex by default to be enabled on the printer but its not working.

Thanks for any help

regards

Good day

I have two domain controllers. one acting as a primary domain controller and another one as a secondary domain controller. some computers  have the secondary DC as a logon server and others have primary DC as logon server. i would loke to force all machines to have one logone server, how do i force them

I have 2 OU's containing computer objects and 3 GPO's linked to these OU's. One OU for the student user accounts, one for the faculty user accounts, and one for the IT Department user account. You can see this in the image below:

You can also see in this image that I have the Security Filtering set so that the GPO only applies to the respective Security Group. These Security Groups have Read and Apply Group Policy permission settings. When I log in as one of the student users and run gpresult /z I get the following:

    Applied Group Policy Objects
    -----------------------------
        N/A

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

        Default Domain Policy
            Filtering:  Disabled (Link)

        Policy Refresh Settings
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Students
        Medium Mandatory Level

It sees that the user is a member of the Students group, but it doesn't show the Students Configuration GPO at all. When I log in and look at the settings on the computer, the pop up blocker settings are set correctly (User Configuration), but when I go to look at any of the Computer Configuration settings they are not there. It's only applying the User Configuration settings. When I try to log in under an IT Department user the same thing happens. Any ideas what might be wrong?

I really need to get this working as some of our software requires some Firewall permissions and out IT Department needs the Restricted Groups feature to work so they can work on the computers when they go out to each Department to do a work order.

Hello

I have in several occasions experienced problems with the GPP print mapping feature. I receive the following error:

Group Policy object did not apply because it failed with error code '0x80070bc4 No printers were found.' This error was suppressed.

I have experienced this in a couple of different setups now, setups at different customers with different printers and both 2003 print servers and 2008/2008R2 print servers.

I create a GPO that maps printers based on AD group membership, I configure the GPP to"Run in logged-on user's security context (user policy option)" and "Remove this item when it is no longer applied" and I configured the needed AD group in the"Item level targeting" feature. Usually the GPP works at first logon, the printer maps correctly, but if I remove the user from the AD group specified in the item level targeting section, the printer is NOT deleted/removed and the error specified above appears in the event viewer.

For now I have reproduced this error message in setups at different customers and in my own test environment on RDS and Citrix XenApp 6 servers running 2008 R2/2003 R2 Service Pack 1. I have tried 3-5 different private hotfixes all aimed at different issues regarding print or GPP on 2008 R2, nothing has working so far.

Right now I am working on a new Citrix XenApp 6 server at a customer and I yet again have experinced the issue described above. I am current ly testing using on ly one printer, a Canon LBP6750 with a PCL5e driver.

Print server OS: 2008 R2 Service Pack 1

Citrix XenApp 6 server OS: 2008 R2 Service Pack 1

Hi everyone. I'm having some trouble applying a scheduled task via GPO under the computer configuration section in the GPO. It works when I apply it in the User Configuration section. When I run a simulation of how the GPO's are applied, I get an error that refers me to the event log. The error in the event log is: The client-side extension caught the unhandled exception 'simulated execution of package to apply policy' inside: 'Access violation (0xc0000005) occurred at 0xaf328de9; the memory at 0x000012e0 could not be read.' See trace file for more details.

I've googled the error, and tried the hotfix (976399) suggested in another thread on the technet forums, but when I try to install it, it says that it's not applicable to this PC.

We are planning to deploy AGPM to our organization. Two things concern us are the relatively high latency wan link (200 ms latency, 10 MB link) and the cases when administrator modify the controller GPO directly from GPMC and the changes getting overwritten when another admin modify from AGPM . Any solutions to these cases. I have seen a post explaining how we can restrict domain admins from using GPMC and then end recommending not to use that. 

We have only single forest single domain in our organization so I believe we can have only one AGPM server. Any one using AGPM over slow wan link?

Hemachandran

hi there..

would like to ask if there any possiblity to lock my domain users default printer.to not let them change?

ill change my print server soon there is no problem delete old ones and deploy new ones but cuz of the my terminal servers i should block them to change default printer which ill assign to them..

couldnt find any proper answer yet..

any one has any suggest? registry change? remove set as default printer option or anylike other?

thnx 

regards

Dear All,

I have applied the following group policy from domain to block USB and CD Rom access.

Computer Configuration > Policies > Administrative Tools > System > Removable Storage Access

ALL REMOVABLE STORAGE CLASS : DENY ALL ACCESS.

Now I have removed the GPO from the domain controller, but still not able to access the USB AND CDROM. Giving the following error on all domain computers. Please suggest.

THANKS.

Any Help Will be highly appreciated.

Manish Kumar MCSA, MCITP Enterprise Admin. MCTS Exchange server 2007, MCITP Virtualization Admin.

hi i want to push a config file through Group Policy........

so can u tell me where to go in GPO to configure this

i have windows server 2008R2

thnx in advance

istiaq

Hi

How to remove error "r is not allow to see this website"

Ehtisham Iftikhar