Share via

Error deploying GPO using AGPM

Richard Y 486 Reputation points
2024-03-16T13:18:29.4433333+00:00

Hello,

We encountered an error attempting to deploy a GPO via AGPM, with the following message:

Deploy GPO failed
The overall error was: The process cannot access the file because is being used by another process. Excption from HRESULT: 0x80070020

Could someone offer advice or recommendations?

PBDeployGPO

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,635 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,244 questions
0 comments
Accepted answer
  1. Thameur-BOURBITA 32,636 Reputation points
    2024-03-19T23:54:03.4733333+00:00

    Hi @Richard Y

    According to the error message, It is necessary to check the load on the DCs contacted by the AGPM server.

    For your information, the server contacts the domain controllers of the same site. Try to check the performance of these DCs and if the problem persists, I suggest you create a dedicated AD site for AGPM in order to dedicate a domain controller to it.

    Please don't forget to accept helpful answer

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2024-03-16T13:18:29.4466667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It seems that the error message you received indicates that the GPO file is being accessed by another process and the AGPM deployment process cannot access it. This issue occurs when the wizard in GPMC or the Import-GPO cmdlet tries to acquire an exclusive handle to some file of the GPO in the SYSVOL share, but that file is being accessed by another process. To resolve this issue, you can try specifying a different target domain controller (DC) with no or little user access. By default, the target DC used by GPMC or the Import-GPO cmdlet is the primary domain controller (PDC) Flexible Single Master Operation (FSMO) role of the domain. This behavior is by design. You can also check if the AGPM Service is running and start it if it is not.

    References:

    0 comments
  2. Yanhong Liu 5,140 Reputation points Microsoft Vendor
    2024-03-18T05:18:50.18+00:00

    Hello Richard Y ,

    Thank you for posting on the Microsoft Community Forum.

    1. According to your error message prompt, you can try to restart the AGPM service. Sometimes, all you need to do is restart the AGPM service to fix the file locking issue. To do this, you can open the service console (services.msc), find the AGPM service, and click Restart.
    2. Check if there are other users editing the GPO: Check the status of the GPO in the AGPM console and confirm that no other administrator is editing or checking out the GPO. The steps are as follows:

    Open the Microsoft Advanced Group Policy Management (AGPM) console.

    In the console tree, navigate to the forest and domain you're in, and then typically under the Change Control node.

    Expand the Controlled GPOs folder or go directly to the specific GPO you want to check.

    Look at the list of GPOs and there will be a status indication next to each GPO. If a GPO is checked out, its status will usually be displayed as "Checked Out" with the name of the user who checked out the GPO next to it.

    Double-clicking on the GPO to be checked will open the properties window for that GPO. From here, you can view detailed checkout information in the General or Checkout tab, including the user account that checked out the GPO, the checkout time, and the checkout status.

    If you find that another user has checked out the GPO, you will need to contact that user to check in or abandon the checkout so that you can make the required edits or deployments.

    1. At the same time, you can also check the AGPM service port, by default, the AGPM service uses port 4600. Make sure that the port is not occupied by other applications.

    I hope you the information above is helpful.

    If you have any questions or concerns, please do not hesitate to let us know.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments
  3. Richard Y 486 Reputation points
    2024-03-19T23:15:53.8466667+00:00

    Hi @Yanhong Liu

    Thank you for your answer but we still have the same issue. Any other suggestion ?

    0 comments