VPN and Group Policy push

T

Terry

Anyone

I have 5 centers that are connected to the corporate
office through a VPN (site to site)using T1 lines.
Corporate has approx 20 users. Each center has approx 10
users.

Users can log into the domain but the group policy is not
getting to the client computers. I have created
the "DisableDHCPMediaSensse" in the registry and no
change. I have check for the ports 88 and 445 for being
open on the VPN and LAN site and it is. I have tried to
ping the computers at each center using the command ping
192.168.0.1 -n 100 -l 2048 and I get a successful reply
with an ave time of 80ms. The computers have different
NICs. Intel, 3Com, etc...

Clients at the corporate sites recieve the Group Policies
fine. The only clients that don't receive the policy is
the ones through the Site to Site VPN.

I have set the slow link detection to force Group Policy
if a slow link is detected.

Client Error: Event ID 1054: Message: Windows cannot
obtin the domain controller name for your computer
network. (An unexpected network eror ocurred) Group
Policy processing aborted

My Question: Why wont group policy push down to the
clients?

Thank you in advance for your assistance.
 
J

John Kaiser [MSFT]

One thing to check if you haven't already is whether your users are
connecting via cached credentials, i.e., logging onto the account and then
connecting via VPN? If so, Group Policy will not process.

Here is the description of this issue in the Group Policy Infrastructure
white paper:

Application of Group Policy During a Remote Access Connection
Group Policy is applied during a remote access connection as follows:

When using the Logon using dial-up connection check box on the logon prompt,
both User and Computer Group Policy is applied, provided the computer is a
member of the domain that the remote access server belongs to or trusts.
However, computer-based software installation settings are not processed.
This is because normally computer policy would have been processed before
the logon screen, but since no network connection is available until logon,
the application of computer policy is done as background refresh at the time
of logon.

When the logon is done with cached credentials, and then a remote access
connection is established, Group Policy is not applied during logon. For
example, if users connecting through a VPN connection are logging in via
cached credentials, folder redirection settings will not be processed,
because folder redirection policy can only be processed at user logon, not
in the background refresh.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Group Policy over VPN site to Site 9
Group Policy Not applying over VPN 1
Group Policy Refresh - block on vpn laptops 0
folder permissions using group policy 1
group policy over dialup 4
Server 2003 Group policy issues 1
Applied group policy? 4
SUS Group Policy Help??? 3

Top