This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
This issue started infrequently and has gotten to the point where it is happening all the time now. When you go to create a new policy whether file hash, publisher or a windows installer rule after clicking on create, it'll wait a couple of seconds then pop the error. I've tried on each of our DCs with the same result. The only reference I can find online seems to be specific to an xml file for CyberArk. Any help or direction would be appreciated.
Thanks
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hello Donny Brown,
Thank you for posting in Microsoft Community forum.
Please check if any applocker entry has wrong or unnecessary symbols, numbers or letters, etc.
Here is a similar thread.
xml validation error due to pattern constraint failure (microsoft.com)
I hope the information above is helpful.
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
Thank you for your response, Daisy, I've gone through the rules as best as I could - we have over 2000 of them and everything looks ok to me. I did create a new 2016 system off the network, made it a DC and imported the exported ruleset and didn't get any errors so I'm not thinking that it is the existing rules. Over the past 3-4 months we have found that repeated attempts will eventually lead to success. When the error first started, it was very infrequent and now is happening about 99% of the time. Would you happen to have any other ideas or strategies to determine where the issue is?
Thank you,
Donny
Hello Donny Brown,
Good day!
Did you set all the Applocker within only one GPO?
If so, you can try to create a new GPO and set Applocker policy in the new GPO and check if it helps.
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
Thank you Daisy - we actually tried this last week and it worked. It looks like the legacy AppLocker GPO just needed "refreshed". We're going to let this new one soak for a bit and then will replace the default domain policy.
Thank you again for your help.
Donny
Hello Donny Brown,
Good day!
Thank you for your update and sharing.
I am so glad that you can set Applocker policy in new GPO.
Have a nice day!
Best Regards,
Daisy Zhou
