I have 2 sites:
192.168.10.0/24 - main site, this is where DC is.
192.168.20.0/24 - remote site, connected via site-to-site VPN.
On main site everything works fine, GPO are being updated to members.
On remote site, I can login with domain user, I can ping DC server via IP address and hostname, i can access DC via %logonserver% and i can open SYSVOL and NETLOGON folders.
The problem is that I can't update GPO. If i try to run gpupdate /force, I get this:
Updating policy...
Computer policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
User Policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
Running GPRESULT /H GPReport.html I get this:
INFO: The user "DOMAIN\user" does not have RSoP data.
In Event Viewer i have Error codes 7017 and 7320.
GpLogView returns this:
GPLogView.exe -a 965ecff1-4502-4f7a-9d82-1c0fb1d92734
Processing events...
2020-04-28 12:27:10.440 4005 Starting manual processing of policy for user DOMAIN\user.
Activity id: {965ecff1-4502-4f7a-9d82-1c0fb1d92734}
2020-04-28 12:27:10.443 5340 The Group Policy processing mode is Background.
2020-04-28 12:27:10.444 5320 Attempting to retrieve the account information.
2020-04-28 12:27:10.444 4017 Making system call to get account information.
2020-04-28 12:27:11.070 7017 The system call to get account information completed.
The call failed after 641 milliseconds.
2020-04-28 12:27:11.070 5320 Retrying to retrieve account information.
2020-04-28 12:27:11.570 4017 Making system call to get account information.
2020-04-28 12:27:12.210 7017 The system call to get account information completed.
The call failed after 625 milliseconds.
2020-04-28 12:27:12.210 5320 Retrying to retrieve account information.
2020-04-28 12:27:12.711 4017 Making system call to get account information.
2020-04-28 12:27:13.420 7017 The system call to get account information completed.
The call failed after 704 milliseconds.
2020-04-28 12:27:13.420 5320 Retrying to retrieve account information.
2020-04-28 12:27:13.921 4017 Making system call to get account information.
2020-04-28 12:27:14.468 7017 The system call to get account information completed.
The call failed after 546 milliseconds.
2020-04-28 12:27:14.468 7320 Error: Retrieved account information. Error code 0x80090322.
2020-04-28 12:27:14.470 1053 The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
2020-04-28 12:27:14.473 8005 Completed manual processing of policy for user DOMAIN\user in 4 seconds.
Processed 17 records.
As far as I can see, all required ports are open.
Any advice on what should i troubleshoot next?
We were getting a similar error The processing of Group Policy failed. Windows could not resolve the computer name.
The issue for us was that the clocks were out of sync. And they wouldn't sync with AD because they were out of sync (security issue?). Anyways it was a chicken and the egg.
I forced a clock sync with:
w32tm /config /manualpeerlist:"time.google.com" /syncfromflags:manual /reliable:yes /update
And gpupdate
ran successfully. This may help you.
User contributions licensed under CC BY-SA 3.0