I have 4 Windows 7 Professional Computers in a domain on Windows Server 2012 Essentials. Computer-2 and Computer-3 are identical hardware.
Computer-1 - oldest of the bunch, everything works fine
Computer-2 - Group Policy for users applies just fine, folder redirection and anything else I attempt to do with GPO for users works flawlessly. The problem is that it fails to apply anything from the policies that apply to the computer.
Computer-3 - Identical problems to Computer-2. I cloned the hdd from this computer and put the clone in Computer-2 before I joined either of them to the server.
Computer-4 - Newest rig, everything works fine.
I used gpupdate /force on both computer-2 and computer-3, and on both I get event in the event log. I used gpresult /h and both computers give me a report likethis
Group Policy Infrastructure failed due to the error listed below. Access is denied. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available. Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 2/24/2013 9:22:32 PM and 2/24/2013 9:22:33 PM.
I found some instructions for testing name resolution for the server in nslookup
C:\Windows\system32>nslookup
Default Server: UnKnown
Address: fe80::a4a4:ca5c:25ac:4b93> set q=srv> _ldap._tcp.dc._msdcs.COMPTONIRR.local
Server: UnKnown
Address: fe80::a4a4:ca5c:25ac:4b93
_ldap._tcp.dc._msdcs.COMPTONIRR.local SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = office-server.comptonirr.local
office-server.comptonirr.local internet address = 10.0.1.8
office-server.comptonirr.local internet address = 10.0.1.200and everything seems to check out.
If it helps, both computer-2 and computer-3 show "Not Applicable" under the Group Policy column in the Devices tab in the Dashboard and periodically pop up with a computer monitoring error:
Can only partially assess the health of this computer. The failing components are: DevicePeoviderReporting!DomainJoinStatusInfo
I then removed Computer-3 from the domain, changed its name to Computer-5, and rejoined it with the server 2012 connector software. The same problems occurred.
More details - these 3 messages appear frequently on both computer-2 and the newly designated Computer-5
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2/25/2013 6:12:21 PM
Event ID: 1055
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: COMPUTER-5.COMPTONIRR.local
Description:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" /><EventID>1055</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>1</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime="2013-02-26T00:12:21.664926800Z" /><EventRecordID>8689</EventRecordID><Correlation ActivityID="{A6B3851A-1280-42F1-A35B-A5A6DD3ABACE}" /><Execution ProcessID="124" ThreadID="1152" /><Channel>System</Channel><Computer>COMPUTER-5.COMPTONIRR.local</Computer><Security UserID="S-1-5-18" /></System><EventData><Data Name="SupportInfo1">1</Data><Data Name="SupportInfo2">1632</Data><Data Name="ProcessingMode">2</Data><Data Name="ProcessingTimeInMilliseconds">1529</Data><Data Name="ErrorCode">5</Data><Data Name="ErrorDescription">Access is denied. </Data></EventData></Event>Log Name: System
Source: LsaSrv
Date: 2/25/2013 6:12:21 PM
Event ID: 40961
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: COMPUTER-5.COMPTONIRR.local
Description:
The Security System could not establish a secured connection with the server ldap/OFFICE-SERVER.COMPTONIRR.local/COMPTONIRR.local@COMPTONIRR.LOCAL. No authentication protocol was available.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="LsaSrv" Guid="{199FE037-2B82-40A9-82AC-E1D46C792B99}" /><EventID>40961</EventID><Version>0</Version><Level>3</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime="2013-02-26T00:12:21.591922600Z" /><EventRecordID>8688</EventRecordID><Correlation /><Execution ProcessID="492" ThreadID="600" /><Channel>System</Channel><Computer>COMPUTER-5.COMPTONIRR.local</Computer><Security UserID="S-1-5-18" /></System><EventData><Data Name="Target">ldap/OFFICE-SERVER.COMPTONIRR.local/COMPTONIRR.local@COMPTONIRR.LOCAL</Data></EventData></Event>Log Name: System Source: NETLOGON Date: 2/25/2013 6:12:10 PM Event ID: 5719 Task Category: None Level: Error Keywords: Classic User: N/A Computer: COMPUTER-5.COMPTONIRR.local Description: This computer was not able to set up a secure session with a domain controller in domain COMPTONIRR due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="NETLOGON" /><EventID Qualifiers="0">5719</EventID><Level>2</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2013-02-26T00:12:10.000000000Z" /><EventRecordID>8601</EventRecordID><Channel>System</Channel><Computer>COMPUTER-5.COMPTONIRR.local</Computer><Security /></System><EventData><Data>COMPTONIRR</Data><Data>%%1311</Data><Binary>5E0000C0</Binary></EventData></Event>