Unable to apply GPO on 209 clients (RPC Issues)

I am in the process of cross forest DC migration with an environment of 400 users, first I have configured the GPO to add the dns suffix search domains to the current clients of the old domain however upon applying policy I get The RPC server is unavailable or RPC was cancelled or access denied sometimes.

I have checked the domains (4) health , replication and all looks very well. 

I connected to one of the clients that has an issue to make sure these clients are joined to the domain and using the proper DNS list. then checked if the domain has the correct hostname as it appears in the domain and everything looked fine.

I disabled Kaspersky firewall on the client and disabled Windows firewall client but still the same issue occur .

When trying to connect to any of these clients with hostname to browse to the C$ folder it gives an error, I also tried with the FQDN and had the same problem but with IP it connects fine.

I checked the RPC service, Computer browser service to see if they are running and they were running. 

I am attaching screenshots of the GPO policy and the error that appears when trying to browse to the client folder C$ with hostname or fqdn. 

I have tried the following but it didn't fix anything.. I hope someone could help point me out to the right direction

  1. Checked DNS (Servers and clients)
  2. Checked relative services (Netbios, RPC, Computer browser ..etc)
  3. Checked firewall (Kaspersky and windows) and closed them both.
  4. Checked connected DC on clients and pointed clients to different DCs  to check if it'll solve the problem.
  5. Checking DCs replication and health using DCdiag /v 
  6. Ran nltest.exe /sc_verify:domain.local and returned success ... 

I am attaching 


On one of the clients that have the issues I have also find this error on the event viewer. 

This computer was not able to setup secure session with a domain controller in domain domain.local due to the folliowing "there are currently no logon servers available to service the logon request.

The weird thing is that the client have no issues and can logon to his computer which is a domain member without any issues. 

thanks

April 25th, 2015 9:32am

Hi,

Did you try to run Group Policy Results Wizard to check the result?

Did you have any firewall policy configuration?

If you could, I think you could post the GP result here for troubleshooting.

Regards.

Free Windows Admin Tool Kit Click here and download it now
April 28th, 2015 1:45am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics