clients didn't get new Group policy

mcse_696mcse_696 Member Posts: 151
hi all we have 2 servers 2003 sp1, clients Xpsp2 I applied Group Policy everything was okey , until yesterday I did some changes in Group policy,however clients still got old policies , I did gpupdate /force both side, restart the clients no result I run resultant set of policy client side its shows me the old policies any suggestion ???

Comments

  • fluk3dfluk3d Member Posts: 141 ■■■□□□□□□□
    Have you checked the event viewer on the client machines?
    "Imagination is more important than knowledge." - Albert Einstein
  • wedge1988wedge1988 Member Posts: 434 ■■■□□□□□□□
    check your SYSVOL folder on the server for gpos

    also, if you have changed permissions in active directory recently, you can cause access denied issues to GPOs. Be careful!

    and id also check the event viewer, if it doesnt contain anything then you might have to modify the registry to include verbose information.

    Hope this helps you!
    ~ wedge1988 ~ IdioT Certified~
    MCSE:2003 ~ MCITP:EA ~ CCNP:R&S ~ CCNA:R&S ~ CCNA:Voice ~ Office 2000 MASTER ~ A+ ~ N+ ~ C&G:IT Diploma ~ Ofqual Entry Japanese
  • mcse_696mcse_696 Member Posts: 151
    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1030
    Date: 10/18/2009
    Time: 2:22:25 PM
    User: NT AUTHORITY\SYSTEM
    Computer: PC6
    Description:
    Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1006
    Date: 10/18/2009
    Time: 2:22:25 PM
    User: NT AUTHORITY\SYSTEM
    Computer: PC6
    Description:
    Windows cannot bind to GLOBALONE.LOCAL domain. (Local Error). Group Policy processing aborted.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Event Type: Error
    Event Source: Userenv
    Event Category: None
    Event ID: 1085
    Date: 10/18/2009
    Time: 11:11:14 AM
    User: NT AUTHORITY\SYSTEM
    Computer: PC6
    Description:
    The Group Policy client-side extension Scripts failed to execute. Please look for any errors reported earlier by that extension.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  • mcse_696mcse_696 Member Posts: 151
    I had problem SYSVOL replication between DC
    here the event got on server
    Event Type: Error
    Event Source: NtFrs
    Event Category: None
    Event ID: 13568
    Date: 18/10/2009
    Time: 02:56:53 م
    User: N/A
    Computer: SERVER02
    Description:
    The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.

    Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
    Replica root path is : "c:\windows\sysvol\domain"
    Replica root volume is : "\\.\C:"
    A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found. This can occur because of one of the following reasons.

    [1] Volume "\\.\C:" has been formatted.
    [2] The NTFS USN journal on volume "\\.\C:" has been deleted.
    [3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
    [4] File Replication Service was not running on this computer for a long time.
    [5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
    Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
    [1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service.
    [2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.

    WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.

    To change this registry parameter, run regedit.

    Click on Start, Run and type regedit.

    Expand HKEY_LOCAL_MACHINE.
    Click down the key path:
    "System\CurrentControlSet\Services\NtFrs\Parameters"
    Double click on the value name
    "Enable Journal Wrap Automatic Restore"
    and update the value.

    If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.

    For more information, see Help and Support Center at Events and Errors Message Center: Basic Search.
  • mcse_696mcse_696 Member Posts: 151
    I installed FRS monitoring
    here the event after fixed my problem (I geuss)

    Event Type: Warning
    Event Source: NtFrs
    Event Category: None
    Event ID: 13565
    Date: 18/10/2009
    Time: 03:11:28 م
    User: N/A
    Computer: SERVER02
    Description:
    File Replication Service is initializing the system volume with data from another domain controller. Computer SERVER02 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

    To check for the SYSVOL share, at the command prompt, type:
    net share

    When File Replication Service completes the initialization process, the SYSVOL share will appear.

    The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.
    _____________________________________________________________________________
    Event Type: Information
    Event Source: NtFrs
    Event Category: None
    Event ID: 13553
    Date: 18/10/2009
    Time: 03:11:29 م
    User: N/A
    Computer: SERVER02
    Description:
    The File Replication Service successfully added this computer to the following replica set:
    "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"

    Information related to this event is shown below:
    Computer DNS name is "server02.GLOBALONE.LOCAL"
    Replica set member name is "SERVER02"
    Replica set root path is "c:\windows\sysvol\domain"
    Replica staging directory path is "c:\windows\sysvol\staging\domain"
    Replica working directory path is "c:\windows\ntfrs\jet"
  • jojopramosjojopramos Member Posts: 415
    I have the same problem before that my 2 DC's are not replicating (I added a DC for fault tolerant on 1 of my site - SYSVOL problem) and it turn out that the suggestion on the event viewer help me solve the problem. I only do this instruction and the problem go away...What happens to me is that JRNL_WRAP_ERROR has been corrupted.

    Click on Start, Run and type regedit.

    Expand HKEY_LOCAL_MACHINE.
    Click down the key path:
    "System\CurrentControlSet\Services\NtFrs\Parameter s"
    Double click on the value name
    "Enable Journal Wrap Automatic Restore"
    and update the value.

    If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.
  • mcse_696mcse_696 Member Posts: 151
    First stop start File replication service on both DC's and check replication between DC's repadmin /showrepl , if not fix it Sysvol replication, install (Ultrasound Monitoring and Troubleshooting Tool for File Replication Service (FRS). it will show Alerts something like event viewer will help you fix your problem as it did for me :)
    I solved my problem with performing a Nonauthoritative Restore How to force a non-authoritative restore of the data in the Sysvol folder on a domain controller in Windows 2000 Server and in Windows Server 2003

    Warning:If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system
  • wedge1988wedge1988 Member Posts: 434 ■■■□□□□□□□
    mcse_696 wrote: »
    First stop start File replication service on both DC's and check replication between DC's repadmin /showrepl , if not fix it Sysvol replication, install (Ultrasound Monitoring and Troubleshooting Tool for File Replication Service (FRS). it will show Alerts something like event viewer will help you fix your problem as it did for me :)
    I solved my problem with performing a Nonauthoritative Restore How to force a non-authoritative restore of the data in the Sysvol folder on a domain controller in Windows 2000 Server and in Windows Server 2003

    Warning:If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system

    From your events it seemed to me as though it was a permissions error on the sysvol folder. Not sure how it would have changed but overwriting the files would have restored them like you did. well done on solving it ;)
    ~ wedge1988 ~ IdioT Certified~
    MCSE:2003 ~ MCITP:EA ~ CCNP:R&S ~ CCNA:R&S ~ CCNA:Voice ~ Office 2000 MASTER ~ A+ ~ N+ ~ C&G:IT Diploma ~ Ofqual Entry Japanese
Sign In or Register to comment.