For the last few weeks, we've been getting complaints, from our developers, about not being able to authenticate on various systems. The issues were hit & miss but still problematic enough to warrant our looking into it. It seems to be getting worse... I now have new servers that aren't getting group policy updates. They may get some, like the list of local admins but won't pick up NTFS permissions for folder-access. Those that pick up the AD group full of local admins have trouble authenticating members of the group. Some were showing event log entries regarding authentication issues due to being unable to contact an AD DC. We reloaded that DC but many of the issues still persist. At this point, I'm running out of places to look for ideas. I've spent the last week looking up Event Log IDs and looking though their meanings and possible remedies but, again, the issues persist. It doesn't seem to matter what the OS is. We've been seeing this on 2008, 2008-R2 & 2012-R2.
Here are some examples of events I'm seeing. I can't figure out the root cause(s).
Log Name: Application Source: Group Policy Files Date: 2/19/2015 2:35:12 PM Event ID: 4098 Task Category: (2) Level: Warning Keywords: Classic User: SYSTEM Computer: H2T8-IOLDP1.HOMENET.local Description: The computer 'uptime.exe' preference item in the 'APPS (UpTime) {3BF05605-27C0-43AD-AC0F-873B678EB217}' Group Policy Object did not apply because it failed with error code '0x80090006 Invalid Signature.' This error was suppressed. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Group Policy Files" /> <EventID Qualifiers="34305">4098</EventID> <Level>3</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2015-02-19T19:35:12.000000000Z" /> <EventRecordID>1871</EventRecordID> <Channel>Application</Channel> <Computer>H2T8-IOLDP1.HOMENET.local</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data>computer</Data> <Data>uptime.exe</Data> <Data>APPS (UpTime) {3BF05605-27C0-43AD-AC0F-873B678EB217}</Data> <Data>0x80090006 Invalid Signature.</Data> </EventData> </Event>
Log Name: Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager Date: 2/19/2015 9:38:13 AM Event ID: 20499 Task Category: None Level: Warning Keywords: User: NETWORK SERVICE Computer: H2T8-IOLDP1.HOMENET.local Description: Remote Desktop Services has taken too long to load the user configuration from server \\h2s3-addc1.HOMENET.local for user RSickler Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-TerminalServices-RemoteConnectionManager" Guid="{C76BAA63-AE81-421C-B425-340B4B24157F}" /> <EventID>20499</EventID> <Version>0</Version> <Level>3</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x4000000000000000</Keywords> <TimeCreated SystemTime="2015-02-19T14:38:13.182363700Z" /> <EventRecordID>4</EventRecordID> <Correlation /> <Execution ProcessID="1932" ThreadID="2156" /> <Channel>Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin</Channel> <Computer>H2T8-IOLDP1.HOMENET.local</Computer> <Security UserID="S-1-5-20" /> </System> <UserData> <EventXML xmlns="Event_NS"> <ServerName>\\h2s3-addc1.HOMENET.local</ServerName> <UserName>RSickler</UserName> </EventXML> </UserData> </Event>
Note that these servers are sitting in OUs that are full of other servers that don't have these issues. These GPOs have been in place for years. I suspect there's a deeper issue with AD, GP or a combination thereof. The group policy issues seem to only affect freshly loaded servers...
- Edited by Rob at HomeNet Friday, February 20, 2015 12:43 PM