GPO not launching login script successfully on client machines. 3/22/2004 8:23 AM PST

G

GT

We currently have a Windows 2003 domain that was migrated from NT4.0.
This is a single forest single domain environment, with approximately
250 client machines. The client machines are windows 2000 and XP.
A GPO has been created and linked to an OU. I have edited this GPO to
launch a batch file at a users login. I have tested the batch file
locally on a test machine and it works properly, however this batch
file does not run sucessfully on all the client machines via the GPO.
I also have tried a VB script instead and got the same results. I have
used GPRESULT on some of the client machines that the script was
unsucessful in running and it showed that the GPO was being applied.
Also the client machines that could not launch the script were a mix
of win 2000 and XP. I also checked the event viewer logs of the client
machines for errors and found on some of them there were no errors and
others having this error: Windows cannot obtain the domain controller
name for your computer network. (A socket operation was attempted to
an unreachable host. ). Group Policy processing aborted. Event ID:
1054 Source Userenv.
 
D

David Everett [MSFT]

Hi GT,

We have seen where some clients on the same switch will get policy applied
successfully while others do not. This can be occur if the Portfast option
on Cisco switches are enabled. Solution: Disable Portfast on the switch.

Other things to check if you do not have Cisco switches using Portfast:

1. Disable Spanning Tree Algorithm on switches.
202840 A Client Connected to an Ethernet Switch May Receive Several
http://support.microsoft.com/?id=202840

2. Disable Media Sense on the client machines:
239924 How to Disable Media Sense for TCP/IP in Windows
http://support.microsoft.com/?id=239924

3. Update NIC Drivers on clients:
We have seen outdated NIC drivers cause this.

4. DNS misconfiguration:
Make sure the DHCP assigned DNS servers list only your internal DNS servers
and that no ISP DNS servers are passed from the scope option. You can place
the ISP DNS server in the Forwarders tab of all your DNS servers instead.

5. If the DCs have more than one NIC (not teamed) make sure any unused NICs
are Disabled, not just a red x over it with no media connected. If you have
any disabled NICs on the DCs verify the binding order has the primary
adapter at the top of the order. To do this right-click My Network Places >
Properties > Click Advanced in the menu bar and select Advanced Settings.
In the Connections window make sure the primary NIC is at the top of the
order.

Other things worth checking:
Verify the users failing to get logon scripts are on the LAN and not VPN.
Are you getting any errors on the DCs?
Are there any Netlogon or W32time errors or warnings in the System event log
of the workstations?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GPO was working, but not anymore... 5
GPO for user not applied 9
Different logoff script on certain machines 3
Problems with 'startup script' running via GPO. 1
GPO event ID: 1000 1
Script problems via GPO 2
GPO Login Script - Intermittent Problems 1
Auto-Install Function of GPO Not Working for Visio Viewer 2007 1

Top