Share via

The processing of Group Policy failed in Active Directory.

Muhammad Farid Rahmatulloh 0 Reputation points
2024-04-24T10:23:30.83+00:00

Hello everyone,

I've installed admx file for MDM Automatic Enrollment gpo on Active Directory for Microsoft Intune Enrollment for Entra Hybrid Joined Device and applied that GPO to OU.

When I want to gpo update using gpupdate /force, it shown :

The processing of Group Policy failed. Windows attempted to read the file \<domain>.com\sysvol<domain>.com\Policies{hidden string}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.

b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).

c) The Distributed File System (DFS) client has been disabled.

I've checked on my server using dfsrmig /getglobalstate, and it state that my server still using FRS instead of DFSR. I assumed this affect on poin C (The Distributed File System (DFS) client has been disabled.)

Is there any way to gpupdate without migrate from FRS to DFSR?

Thank you in advance

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,645 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,202 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. glebgreenspan 2,240 Reputation points
    2024-04-24T12:04:20.2966667+00:00

    Hello Muhammad

    If your Active Directory environment is still using the File Replication Service (FRS) for SYSVOL replication instead of Distributed File System Replication (DFSR), and you are encountering issues with Group Policy processing, there are a few steps you can take to try to resolve the problem without migrating from FRS to DFSR:

    1. Check SYSVOL Replication: Ensure that SYSVOL replication is functioning properly between domain controllers using FRS. You can check the status of SYSVOL replication by running the following command on each domain controller: dfsrmig /getmigrationstate
    2. Force SYSVOL Replication: If there are issues with SYSVOL replication, you can force replication between domain controllers using the following command: repadmin /syncall /AdeP
    3. Verify DNS Settings: Confirm that DNS is properly configured and that all domain controllers are able to resolve each other's names and IP addresses correctly.
    4. Check Network Connectivity: Ensure that there are no network connectivity issues between domain controllers that could be affecting file replication.
    5. Restart FRS Service: Restart the File Replication Service (FRS) on the affected domain controllers to see if it resolves the issue temporarily.
    6. Check Group Policy Permissions: Make sure that the Group Policy Object (GPO) in question has the correct permissions set, allowing the computer and user accounts to read the GPO settings.
    7. Restart Domain Controllers: As a last resort, you can try restarting the domain controllers to see if it resolves the Group Policy processing issue.

    If after following these steps, you are still experiencing the issue with Group Policy processing, it may be necessary to consider migrating from FRS to DFSR. Distributed File System Replication (DFSR) is the recommended replication method for SYSVOL in modern Active Directory environments and offers improved performance and reliability compared to FRS.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.