Unable to apply GPO on 209 clients (RPC Issues)

I am in the process of cross forest DC migration with an environment of 400 users, first I have configured the GPO to add the dns suffix search domains to the current clients of the old domain however upon applying policy I get The RPC server is unavailable or RPC was cancelled or access denied sometimes.

I have checked the domains (4) health , replication and all looks very well. 

I connected to one of the clients that has an issue to make sure these clients are joined to the domain and using the proper DNS list. then checked if the domain has the correct hostname as it appears in the domain and everything looked fine.

I disabled Kaspersky firewall on the client and disabled Windows firewall client but still the same issue occur .

When trying to connect to any of these clients with hostname to browse to the C$ folder it gives an error, I also tried with the FQDN and had the same problem but with IP it connects fine.

I checked the RPC service, Computer browser service to see if they are running and they were running. 

I am attaching screenshots of the GPO policy and the error that appears when trying to browse to the client folder C$ with hostname or fqdn. 

I have tried the following but it didn't fix anything.. I hope someone could help point me out to the right direction

  1. Checked DNS (Servers and clients)
  2. Checked relative services (Netbios, RPC, Computer browser ..etc)
  3. Checked firewall (Kaspersky and windows) and closed them both.
  4. Checked connected DC on clients and pointed clients to different DCs  to check if it'll solve the problem.
  5. Checking DCs replication and health using DCdiag /v 
  6. Ran nltest.exe /sc_verify:domain.local and returned success ... 

I am attaching 


On one of the clients that have the issues I have also find this error on the event viewer. 

This computer was not able to setup secure session with a domain controller in domain domain.local due to the folliowing "there are currently no logon servers available to service the logon request.

The weird thing is that the client have no issues and can logon to his computer which is a domain member without any issues. 

thanks

April 25th, 2015 1:31pm

Hi,

Did you try to run Group Policy Results Wizard to check the result?

Did you have any firewall policy configuration?

If you could, I think you could post the GP result here for troubleshooting.

Regards.

Free Windows Admin Tool Kit Click here and download it now
April 28th, 2015 5:43am

Hi Vivian, 

I found the problem, it was due to duplicated hostnames on the DNS for all these problematic clients! The DNS scavenging seems it's not working .. I would appreciate if you could assist me on how to troubleshoot the scavenging.

I have already applied the following checks

1- Checked the refresh and no refresh interval (both were 7 days and I changed them to 1 hour) 

2- Restarted DNS.

3- Set DNS to automatic scavenging of stale records.

Still no sign of items are being deleted? 

I would appreciate your help

thanks

April 30th, 2015 3:27am

Hi,

When a server scavenges it will log a DNS event 2501 to indicate how many records were scavenged. 

Did you refer to the event viewer to check the result?

http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

Regards.

Free Windows Admin Tool Kit Click here and download it now
May 5th, 2015 3:23am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics