DC not processing the domain controller GPO

P

pgill

I have one DC out of 20 that is not auditing security
logs that have been configured via the Default Domain
Controllers GPO. The dc is in the domain controllers OU
and is the PDC Emulator. I have run the gpresult against
this server and it states that it is processing the gpo,
however no security audits are being logged and the local
gpedit.msc tool shows that all audit options for local
and effective says no auditing.
 
P

pgill

-----Original Message-----
I have one DC out of 20 that is not auditing security
logs that have been configured via the Default Domain
Controllers GPO. The dc is in the domain controllers OU
and is the PDC Emulator. I have run the gpresult against
this server and it states that it is processing the gpo,
however no security audits are being logged and the local
gpedit.msc tool shows that all audit options for local
and effective says no auditing.


.I have also set the registry for debugging GPOs so I
Click to expand...
see the processing events in the event log. All events
are stating that the gpo is processing.
 
P

pgill

I set the registry setting and checked the winlogon.log
file on two servers; one that works, and the one that
doesn't. The first couple lines are different in each log:
The one that works = "Make Local Copy Of
\\domain\sysvol..."

The one that doesn't work = "No template is defined in
GPO \\domain\sysvol\..."

Peter
 
T

Tim Springston \(MSFT\)

Hi Peter-

That sounds like the SYSVOL contents on the DC having problems are
incorrect. That means a problem with FRS on that machine.

FRS issues can get pretty unwieldy to troubleshoot through the newsgroups,
but here are a few helpful things to consider. If we can help along the
way, please feel free to post.

-Check the File Replication Service event log for errors. If you find them,
seach the Knowledge Base for articles on them or post to the newsgroup.

-Make sure your DCs are SP4. If they are not, make sure they are at least
SP3 with the post-SP3 NTFRS rollup:

811217 Improvements in the Post-Service Pack 3 Release of Ntfrs.exe
http://support.microsoft.com/?id=811217

-If the contents on the problem DC's SYSVOL directory are missing or
damaged, consider 're-sourcing' the SYSVOL on it from one of it's replica
partners (depending on what errors you see in the event log):

290762 FRS: Using the BurFlags Registry Key to Reinitialize File Replication
http://support.microsoft.com/?id=290762
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Auditing GPO Win2000 1
Logon locally for DC 1
Implement DCGPO to only a select few DCs in my domain? 2
Enabling an audit policy on my DC's 2
DC GPO - password policy not enforced 6
Auditing policy change within the domain...help 1
Default Domain Controller GPO Question 3
GPO is linked but didnt affect 1

Top