gpupdate /force client don't receive policy

Ziyad Tbeni 81 Reputation points
2022-08-16T17:51:05.72+00:00

first i have DFSR Event ID 4012 MaxOfflineTimeInDays (replication issue)
i try fix this issue using (How to force authoritative and non-authoritative synchronization for DFSR-replicated sysvol replication)

https://learn.microsoft.com/en-US/troubleshoot/windows-server/group-policy/force-authoritative-non-authoritative-synchronization

The problem solving process succeeded

but when using gpupdate /force in win10 (client) displays an error message

Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \company.com\sysvol\company.com\Policies{0567324A-F81D-45D5-8BAA-BE1CF484DA84}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved.
This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
User Policy update has completed successfully.
The following warnings were encountered during user policy processing:
Windows failed to apply the Group Policy Drive Maps settings.
Group Policy Drive Maps settings might have its own log file. Please click on the "More information" link. To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

when i checked GUID have found maybe 4 policy have problem

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,364 questions
Microsoft System Center
Microsoft System Center
A suite of Microsoft systems management products that offer solutions for managing datacenter resources, private clouds, and client devices.
816 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,049 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,801 questions
0 comments No comments
{count} votes

Accepted answer
  1. JimmySalian-2011 41,916 Reputation points
    2022-08-16T20:00:26.767+00:00

    Hi Ziyad,

    Can you please check the status of the DFSR by running this command and providing the output

    dfsrmig.exe /getglobalstate
    If the result shows: 3 (ELIMINATED) ,it means DFSR

    Also the DC Health status will be good to know before we proceed with investigation.

    Dcdiag /v >c:\dcdiag1.log
    Repadmin /showrepl >C:\repl.txt
    Repadmin /syncall /APeD

    As a test can you create a new Win10 GPO with some settings and apply on the device, proceed to run the GPUpdate /force on the client and check whether this GPO has been applied succesfully. If it does apply it means replication and DFSR is working and the original GPO is corrupted or having read permissions issue.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Ziyad Tbeni 81 Reputation points
    2022-08-17T18:49:46.467+00:00

    I checked dfsr migrate ( successfully),,
    and repadmin /replasummary ( no fails),,,
    and repadmin /syncall /Adep ( no error)
    and I checked dfs logs ( no logs with error, and the file sysvol and netlogin are normal shared between the primary domain and additional).
    and I test with win10 (client) to gpupdate maybe succeed and maybe not, display the same error

    ( Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \company.com\sysvol\company.com\Policies{0567324A-F81D-45D5-8BAA-BE1CF484DA84}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. )

    and I want to ask you what you mean by permission issue.?

    0 comments No comments