The ol' GPO not applying issue that's been seen many times before.....
Since the 29th April, none of my member servers are processing any GPO's.
I've had a lot of experience with managing AD and GPO's so am posting here after performing many obvious checks. This issue just seems a little strange to me:
Checks performed:
Even though browsing to and through \domain.local\sysvol\domain.local\policies\ is possible, it’s extremely slow to respond initially. This improves after first enumeration.
The fact that they process fine on the DC’s points to a firewall issue and am currently speaking to our hosted support team at the datacentre to find out whether anything is missing there.
Errors seen on Member Server Application Event Log Group Policy Drive Maps: 4098
The user 'G:' preference item in the 'Drive Mappings {FF057D4C-4453-4B05-9617-28DA586479B1}' Group Policy Object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed.
System Event Log Microsoft-Windows-GroupPolicy EventID: 1058
The processing of Group Policy failed. Windows attempted to read the file \domain.local\SysVol\domain.local\Policies{FF057D4C-4453-4B05-9617-28DA586479B1}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
Microsoft-Windows-GroupPolicy EventID: 1085
Windows failed to apply the Group Policy Scheduled Tasks settings. Group Policy Scheduled Tasks settings might have its own log file. Please click on the "More information" link.
GroupPolicy Operational Log Microsoft-Windows-GroupPolicy EventID: 7017
The system calls to access specified file completed. \domain.local\SysVol\domain.local\Policies{42A99E50-622B-4CCA-B7AF-30F44916599D}\gpt.ini The call failed after 113782 milliseconds.
Within the GroupPolicy tracing log on the local server I see the following error repeatedly:
0x80070040 "The specified network name is no longer available
The only software change made on all server was on the 28th April when I removed McAfee VSE and installed TrenMicro's OfficeScan 11 client but am not seeing any events relating to McAfee leftovers. I've also since removed OfficeScan 11 to test and make sure it's not this that's the cause. I think it's just a co-incidence tbh but will keep looking.
System event log errors starting appearing at 09:09 on the 29th whereas AV removal and installation occurred at 16:46 the previous day.
Anyway, can anyone see anything I've missed as part of my troubleshooting?
User contributions licensed under CC BY-SA 3.0