Group Policy not applying

C

Curt Shaffer

I was given the task to implement SUS server on our network. I installed the
server with SP1 and all went well. However I went over to the gpeditor and
made the necessary changes and forced a refresh of the policy. It seems that
the computers ignored the setting. I then tried to add some other random
setting changes via GPO and they did not take either. Some of the previous
policies are still working though. I turned on debugging on the workstation
and I am getting the error: "Windows cannot obtain the domain controller
name for you computer network. Return Value (59). It seems to be a DNS
issue. I found a couple of suggestions on Google but nothing helped. There
is a firewall between our workstations and Domain Controllers. We did this
because we have people that need to access them from outside our company. I
don't know if that is why this is happening and if so why do some policies
work? Any suggestions/explanations?

Thanks

Curt
 
D

Darren Mar-Elia

Curt-
The first and most obvious thing I can think of is that you'll need ICMP
enabled between your clients and their DCs for GP processing to work--or
you'll need to disable slow link detection on the clients. This is described
in an FAQ I've written on my website. Go to www.gpoguy.com/faqs.htm and
search on ICMP.
 
S

Steven L Umbach

Run netdiag on one of your domain computers to see if it shows any problems with
failed tests/warnings/errors relating to dns, dc discovery, kerberos, domain
membership/secure channel, etc. Also run gpresult on domain member as it will tell
the last time computer and user policy was applied and from what GPO's.It is highly
unusual to have domain controllers in a dmz [vpn might be a better solution] . If you
are using ipsec to secure communications through the firewall to the domain
controllers, that can cause problems as domain members can not use ipsec negotiation
for ESP/AH policies that involve communications with domain controllers. Anyhow see
the link below on what ports are required for AD to work through a firewall and pay
attention to the part about RPC and the challenges it makes and workarounds. It may
also help to view firewall logs for traffic dropped to and from domain controllers
and domain members. Looking in Event Viewer on all computers involved would also be
helpful. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;179442
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GPO issues 1
Group Policy Recommendations 3
Default Domain Policy 2003 7
Password policy not enforced 1
GPO Password Policy is applied but not working 4
Windows 2003 Group Policy 2
Gropu Policy is not applying on XP systems. 4
Group policy wont update 1

Top