fall out of the gpo scope

hello ,there

I have active directory domain all domain controllers are W2K3 with more than 800 active users and 200 windows vista business edition clients .

a couple of months ago I re-formatted all of clients by using WDS and joining them to the domain everything works fine and clean until early days I noticed some of the clients will fall out of the group policy settings I defined on the domain controller for example I defined in one of the GPO objects to deny access to control panel but as I mentioned on some of them control panel is accessible .

I did the following to fix those clients but it doesn't work   :

disjoining them and joining back to the domain

running gpupdate with force switch on affected clients

also I checked the event log on the clients i found the following entries:

Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Date:          12/23/2012 12:51:20 AM
Event ID:      1006
Task Category: None
Level:         Error
Keywords:     
User:          SYSTEM
Computer:      computernam.domainname.somthing
Description:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}" />
    <EventID>1006</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>1</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2012-12-22T21:51:20.105806700Z" />
    <EventRecordID>36183</EventRecordID>
    <Correlation ActivityID="{2E94115E-29D8-4DA2-8402-2E1807DE51B7}" />
    <Execution ProcessID="1220" ThreadID="2884" />
    <Channel>System</Channel>
    <Computer>computer</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SupportInfo1">1</Data>
    <Data Name="SupportInfo2">4934</Data>
    <Data Name="ProcessingMode">0</Data>
    <Data Name="ProcessingTimeInMilliseconds">4165</Data>
    <Data Name="ErrorCode">49</Data>
    <Data Name="ErrorDescription">Invalid Credentials</Data>
    <Data Name="DCName">
    </Data>
  </EventData>
</Event>

also this one

Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Date:          1/25/2013 3:18:51 PM
Event ID:      1058
Task Category: None
Level:         Error
Keywords:     
User:          SYSTEM
Computer:      computernam.domainname.somthing
Description:
The processing of Group Policy failed. Windows attempted to read the file \\computernam.domainname.somthing\sysvol\computernam.domainname.somthing\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}" />
    <EventID>1058</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>1</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2013-01-25T12:18:51.515528300Z" />
    <EventRecordID>44469</EventRecordID>
    <Correlation ActivityID="{ECE8C338-ACE0-4819-89FB-7DB79231696E}" />
    <Execution ProcessID="1392" ThreadID="3236" />
    <Channel>System</Channel>
    <Computer>computernam.domainname.somthing</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SupportInfo1">4</Data>
    <Data Name="SupportInfo2">840</Data>
    <Data Name="ProcessingMode">0</Data>
    <Data Name="ProcessingTimeInMilliseconds">28018</Data>
    <Data Name="ErrorCode">1352</Data>
    <Data Name="ErrorDescription">The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. </Data>
    <Data Name="DCName">computernam.domainname.somthing</Data>
    <Data Name="GPOCNName">CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=computernam.domainname.somthing,DC=local</Data>
    <Data Name="FilePath">\\computernam.domainname.somthing\sysvol\computernam.domainname.somthing\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini</Data>
  </EventData>
</Event>

when I join newly installed machine to the domain everything works fine even the affected ones after reformatting them

 any help or idea will be appreciate it

shad