The processing of Group Policy failed. Windows attempted to read the file... (Network Steve Forum)

The processing of Group Policy failed. Windows attempted to read the file...

Hello all-

I am currently trying to configure group policy (specifically folder redirects) froma new Windows Server 2008 in my home... the server acts as both an AD DS and file server for4 client computers, all runningWindows Vista Ultimate.

Here are the steps I am currently taking:

I create a new Group Policy called All Users and Computers andapply it to the All Users and Computers OU, which contains exactly what it says (all users and computers in the domain).
I verify that a new folder was created in \\<FQDN>\sysvol\<FQDN>\Policies. The new folder created is named {6479C8E0-3134-4B4F-B047-7ADD51684684}
I change the GPO Enforced setting to Enforced.
I attempt to use the gpupdate command to see if the group policy can be updated successfully. In a command prompt, I type gpupdate <enter>. I receive the message 'Updating Policy...' then after about 15 secondsthe message 'User Policy update has completed successfully.'
I keep the cmd window open. After about 10 seconds another message apperas which says "Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \\<FQDN>\sysvol\<FQDN>\Policies\{6AC1786C-016F-11D2-945F-00C04Fb984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results."
I confirm that the error code is #3 using the Event Log, "The system cannot find the file specificed"

Of course the system cannot find the file specified because the folder does not exist in the sysvol folder. I am wondering why Windows is trying to read from this location when it does not exist, and is not the new group policy I created! I have no other group policies linked or enforced to any other OU/Domain/etc. Any help resolving this issue would be greatly appreciated.

July 7th, 2009 3:16am

Hello,
Please post a complete ipconfig /all from both Dc and Vista PC

Free Windows Admin Tool Kit Click here and download it now

July 7th, 2009 3:34am

Hello,
Please post a complete ipconfig /all from both Dc and Vista PC

July 7th, 2009 3:44am

Hello,

Ok, certain things you will need to correct.

1-You are running multi-homed DC, that is with two NICs..If you donot need the second NIC, I suggest you disable that.Because now you have two IPs which are conflicting.

2-Disable IPV6 on the DC..To do this go to LAN properties and uncheck the IPv6 box.

3-your Vista and your DC are all getting DNS from seprate sources, which I think it is the main issue here. Solution is to install Microsoft Active Directory Integrated DNS on the KELLERDCFS DC, the add the 68.87.64.150 and 68.87.75.198 (I am assuming are from ISP) as forwarders in the MS DNS after installation
4-Point the PRI DNS for both the KELLERDCFS and the VISTA to the 192.168.1.103 (Which I assumed is the IP for KELLERDCFS after you install DNS)

Do all this and post let us know if issue is resolved.

***
Or if you don't want to install MS DNS on the server, then just disable one NIC, disable IPV6 and make the vista and DC point to same DNS server

Free Windows Admin Tool Kit Click here and download it now

July 7th, 2009 4:21am

Hello,

Ok, certain things you will need to correct.

1-You are running multi-homed DC, that is with two NICs..If you donot need the second NIC, I suggest you disable that.Because now you have two IPs which are conflicting.

2-Disable IPV6 on the DC..To do this go to LAN properties and uncheck the IPv6 box.

3-your Vista and your DC are all getting DNS from seprate sources, which I think it is the main issue here. Solution is to install Microsoft Active Directory Integrated DNS on the KELLERDCFS DC, the add the 68.87.64.150 and 68.87.75.198 (I am assuming are from ISP) as forwarders in the MS DNS after installation
4-Point the PRI DNS for both the KELLERDCFS and the VISTA to the 192.168.1.103 (Which I assumed is the IP for KELLERDCFS after you install DNS)

Do all this and post let us know if issue is resolved.

***
Or if you don't want to install MS DNS on the server, then just disable one NIC, disable IPV6 and make the vista and DC point to same DNS server

July 7th, 2009 4:49am

Hello,

Forgot to mention that as well...Disable IPV6 on the Vista as well.

I see you also have RAS with an IP of .150.

On the DC,please go to command prompt do a dcdiag /v and post to the forum. If there are errors, you should do a netdiag /fix

fromt the vista, if you nslookup the DC what ip do you get?

Free Windows Admin Tool Kit Click here and download it now

July 7th, 2009 5:46am

Hello,

in addition to Isaacs information, do NOT use DHCP on the DC, a server especially Domain controller should always have fixed ip address. Additional it should not run RRAS, for that use a member server instead.

Also i suggest to not use the router for DHCP, use the server(also more functionality) and let the router do its basic job, routing.

Where is the hsd1.pa.comcast.net as DNS search suffix coming from(i assume the router because of its DHCP)? Use only the internaldomain name.

See this article to remove IPv6 if not used on a DC complete:
http://blogs.dirteam.com/blogs/paulbergson/archive/2009/03/19/disabling-ipv6-on-windows-2008.aspx

July 7th, 2009 9:23am

Hello all and thanks for the help. First a few things:

I understand that the DC should not be running RRAS, but this a simple server being used in aa home environment by 4 users and getting another server just for RRAS would be overkill.

Secondly, I currently have it so that while the router is handling DHCP, I have reserved a fixed IP for the server, so it always has 192.168.1.100. If I were to use the server as the DHCP, what would my hardware configuration have to look like? I currently have the router plugged into the ISP modem, and then server plugged into the router. All other clients connect to the router wirelessly.

Here's the dcdiag output. I tried dcdiag /fix but to no avail.

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

* Verifying that the local machine KELLERDCFS, is a Directory Server.
Home Server = KELLERDCFS

* Connecting to directory service on server KELLERDCFS.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 1 DC(s). Testing 1 of them.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\KELLERDCFS

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... KELLERDCFS passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\KELLERDCFS

Starting test: Advertising

The DC KELLERDCFS is advertising itself as a DC and having a DS.
The DC KELLERDCFS is advertising as an LDAP server
The DC KELLERDCFS is advertising as having a writeable directory
The DC KELLERDCFS is advertising as a Key Distribution Center
The DC KELLERDCFS is advertising as a time server
The DS KELLERDCFS is advertising as a GC.
......................... KELLERDCFS passed test Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Starting test: FrsEvent

* The File Replication Service Event log test
Skip the test because the event log File Replication Service does not exist.
......................... KELLERDCFS passed test FrsEvent

Starting test: DFSREvent

The DFS Replication Event Log.
......................... KELLERDCFS passed test DFSREvent

Starting test: SysVolCheck

* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... KELLERDCFS passed test SysVolCheck

Starting test: KccEvent

* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... KELLERDCFS passed test KccEvent

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Domain Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role PDC Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Rid Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Infrastructure Update Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
......................... KELLERDCFS passed test KnowsOfRoleHolders

Starting test: MachineAccount

Checking machine account for DC KELLERDCFS on DC KELLERDCFS.
* SPN found :LDAP/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :LDAP/KELLERDCFS.keller-pa.net
* SPN found :LDAP/KELLERDCFS
* SPN found :LDAP/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :LDAP/42268b36-801f-4a6d-b162-34f3b01e04bb._msdcs.keller-pa.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/42268b36-801f-4a6d-b162-34f3b01e04bb/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net
* SPN found :HOST/KELLERDCFS
* SPN found :HOST/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :GC/KELLERDCFS.keller-pa.net/keller-pa.net
......................... KELLERDCFS passed test MachineAccount

Starting test: NCSecDesc

* Security Permissions check for all NC's on DC KELLERDCFS.
* Security Permissions Check for

DC=ForestDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for

DC=DomainDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for

CN=Schema,CN=Configuration,DC=keller-pa,DC=net
(Schema,Version 3)
* Security Permissions Check for

CN=Configuration,DC=keller-pa,DC=net
(Configuration,Version 3)
* Security Permissions Check for

DC=keller-pa,DC=net
(Domain,Version 3)
......................... KELLERDCFS passed test NCSecDesc

Starting test: NetLogons

* Network Logons Privileges Check
Verified share \\KELLERDCFS\netlogon
Verified share \\KELLERDCFS\sysvol
......................... KELLERDCFS passed test NetLogons

Starting test: ObjectsReplicated

KELLERDCFS is in domain DC=keller-pa,DC=net
Checking for CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net in domain DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net in domain CN=Configuration,DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
......................... KELLERDCFS passed test ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Starting test: Replications

* Replications Check
* Replication Latency Check
......................... KELLERDCFS passed test Replications

Starting test: RidManager

* Available RID Pool for the Domain is 1600 to 1073741823
* KELLERDCFS.keller-pa.net is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1111
......................... KELLERDCFS passed test RidManager

Starting test: Services

* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... KELLERDCFS passed test Services

Starting test: SystemLog

* The System Event log test
An Error Event occurred. EventID: 0x00000422

Time Generated: 07/07/2009 17:53:59

Event String:

The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.

b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).