I've got a small production domain with 2 DCs, and 2 client machines.
One of these client machines is working fine, GPUPDATE works fine, and there are no issues. The other client machine is having some issues, however.
GPUPDATE succeeds in updating the User Policies, but ends with the error:The processing of Group Policy failed. Windows could not apply the registry-based policy settings...
Now, attempting to open (using Explorer) the \\domain.local\SYSVOL\domain.local\ works, but shows no Policies folder. If I open one of the DCs (i.e. DC01\SYSVOL\domain.local\) then the Policies folder is visible, but on the other DC it is not. I think that's understandable - only one DC is ever the master. What's a bit strange is that DNS resolves the domain.local to the DC where the folder isn't available (but this is also true for the client machine that has no issues).
I'm... not sure what I'm supposed to do here. I though this might be some trust-related issue, so I removed the machine from the domain and added it back again, but this did not resolve the problem. I'm a bit worried about actually deleting the machine record in the DC, as it's got an MS CRM instance, and I fear what might happen if I do this.
Note: my MAIN goal is creating a new certificate from a certification authority installed in this small domain, but it seems there's something wrong with the machine / domain registration, and this doesn't work. I figured fixing the domain-related issues are likely going to let me enroll for a new certificate.
EDIT: DC replication is working fine. DNS records seem to be correct. This seems like an issue only with the one client machine, rather than the domain and / or domain controllers.