GPO not working

Andreas 1,301 Reputation points
2022-05-09T11:21:19.087+00:00

Hi,

We have 2 machines, they have the same applications, and are on the same network segment.
One on these machines with noticed that we dont get the GPO assigned. Also I guess it is related, but some other error messages from LSA when I reboot the machine.
I am able to login to the machine, but no GPO is applied like for example disk mapping.

  • Have tried to rejoin the domain, change ip, change hostname
  • Have tried to reset the SPN
  • No firewall
  • Tried several other users, with local admin
  • There is no problem with DNS, and also repadmin shows ok.
  • The machine object is replicated between our dc`s

Here are some of the error messages, I guess they are related. But not sure what is causing the problem.
The first image referes to credential manager, but there are no stored passwords if I go and look.

200269-1.png
200228-2.png
200279-3.png

Thanks for any reply.

/R
Andy

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,047 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Pavel yannara Mirochnitchenko 12,411 Reputation points MVP
    2022-05-09T16:52:11.11+00:00

    Probably Gpupdate /force will display you some errors. You should disjoin and rejoin the computer to domain. Make sure you know local admin password of the machine or create new one. It would be best to delete the AD computer account and let the rejoin process to create new one. Remember then to transfer new account to production OU.

    0 comments No comments

  2. Andreas 1,301 Reputation points
    2022-05-10T04:45:53.133+00:00

    Hi @Pavel yannara Mirochnitchenko

    Thanks for reply.

    gpupdate /force screenshot below. It complains about a spesific GPO, but if I remove that GPO, it just complain about the next one, and so on...
    I already have tried to rejoin, and also delete the AD object, but same problem :(

    Any other suggestions ?

    200488-4.png

    /R
    Andy

    0 comments No comments

  3. Pavel yannara Mirochnitchenko 12,411 Reputation points MVP
    2022-05-10T05:30:56.537+00:00

    Are you exactly sure that this is only one computer problem? I had the same behavior with all computers and it was DCs replication issue around sysvol.

    0 comments No comments

  4. Andreas 1,301 Reputation points
    2022-05-10T07:56:20.107+00:00

    Hi,

    Yes no problem located with other machines. Do you want me to provide some dcdiag, repadmin information ?

    /R
    Andy

    0 comments No comments

  5. Limitless Technology 39,506 Reputation points
    2022-05-11T07:36:05.063+00:00

    Hi Andreas-9700,

    Usually, you will find that this issue is caused by one of the list below::

    1. SYSVOL replication is broken and the GPO's contents in SYSVOL are not replicated to every DC. If this issue is only affecting one PC, then it's unlikely to be this.
    2. The GPO is truly corrupt in SYSVOL and missing one or more key files. I would imagine as above.
    3. The client can't resolve the DFS path to SYSVOL. I've seen this caused by disabling the "TCP/IP NetBIOS Helper" service, so I would check that. This is quite likely in my experience.
    4. If it's per-computer policy that is generating this message, it could be a network stack timing issue as the machine starts up. You can tweak the client's policy at Computer Configuration\Admin Templates\System\Group Policy\Specify startup policy processing wait time.

    Also, just note, the Default Domain Policy can be "restored". Microsoft provides the DCGPOFix.exe tool (http://technet.microsoft.com/en-us/library/hh875588.aspx) that lets you reset the DDP and DDCP GPOs to their default settings, if these GPOs are truly corrupt. In the case of these tools, you would have to recreate any settings that you had in these GPOs.


    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments