Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
GPO not applied

Unanswered GPO not applied

  • Friday, February 15, 2013 6:33 PM
     
     
    Sign In to Vote
    0

    Hello,

    I deployed a Policy from the Central Forefront Client Security Server to an OU "Test"

    In Active Directory I see this policy on the OU.

    I do not see any settings applied to the servers within this OU.

    What could be the cause?

    Other policy are applied only the FCS one do not show.

    Anyway to see a failure, error in a log for the non-application of this policy?

    Thanks,

    DOm

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

     

All Replies

  • Friday, February 15, 2013 6:55 PM
     
     
    Sign In to Vote
    0

    Hello,

    From the client event log I got:

    The description for Event ID 5313 from source Microsoft-Windows-GroupPolicy cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    CCP Test GP

    Denied (Security)

    CCP Root GP - Top Level

    Denied (Security)

    CareConnect Root

    Not Applied (Empty)

    FCS-Default Policy-{5650d82e-4286-4833-9116-a924723c61ea}-2

    Not Applied (Empty)

    FCS-CareConnect Citrix Servers-{ceeb0709-81d3-46d7-b3aa-fd243d77e7b9}-2

    Not Applied (Empty)

    <GPO ID="{D404188B-6881-43C9-8DC2-10EA55729817}"><Name>CCP Test GP</Name><Version>-65521</Version><SOM>LDAP://OU=Test,OU=EHRCTX,OU=CareConnect,OU=Windows,OU=Servers,DC=ad</SOM><FSPath>\\ad\sysvol\ad\Policies\{D404188B-6881-43C9-8DC2-10EA55729817}\User</FSPath><Reason>DENIED-SECURITY</Reason></GPO><GPO ID="{66ACBC50-B1FC-487C-96B9-5EC39FEBEC94}"><Name>CCP Root GP - Top Level</Name><Version>-65372</Version><SOM>LDAP://OU=EHRCTX,OU=CareConnect,OU=Windows,OU=MITS Servers,DC=ad</SOM><FSPath>\\ad\SysVol\ad\Policies\{66ACBC50-B1FC-487C-96B9-5EC39FEBEC94}\User</FSPath><Reason>DENIED-SECURITY</Reason></GPO><GPO ID="{2A6161CE-E9E4-4A5A-A6C3-56822E46A46B}"><Name>CareConnect Root</Name><Version>0</Version><SOM>LDAP://OU=CareConnect,OU=Windows,OU=MITS Servers,DC=ad</SOM><FSPath>\\ad\SysVol\ad\Policies\{2A6161CE-E9E4-4A5A-A6C3-56822E46A46B}\User</FSPath><Reason>NOTAPPLIED-EMPTY</Reason></GPO><GPO ID="{46613A6C-F85F-4186-BA8C-CA1EE7EB52F0}"><Name>FCS-Default Policy-{5650d82e-4286-4833-9116-a924723c61ea}-2</Name><Version>0</Version><SOM>LDAP://OU=Windows,OU=MITS Servers,DC=ad</SOM><FSPath>\\ad\SysVol\ad\Policies\{46613A6C-F85F-4186-BA8C-CA1EE7EB52F0}\User</FSPath><Reason>NOTAPPLIED-EMPTY</Reason></GPO><GPO ID="{2EC690DE-9661-47A2-B7BF-69C37F309971}"><Name>FCS-CareConnect Citrix Servers-{ceeb0709-81d3-46d7-b3aa-fd243d77e7b9}-2</Name><Version>0</Version><SOM>LDAP://OU=Test,OU=EHRCTX,OU=CareConnect,OU=Windows,OU=MITS Servers,DC=ad</SOM><FSPath>\\ad\SysVol\ad\Policies\{2EC690DE-9661-47A2-B7BF-69C37F309971}\User</FSPath><Reason>NOTAPPLIED-EMPTY</Reason></GPO>

    The handle is invalid

    Any idea?

    Thanks,

    DOm

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

     
  • Friday, February 15, 2013 8:03 PM
     
     
    Sign In to Vote
    0

    Hello,

    I think it is a setting under Administrative Templates Computer Configuration but I am not sure which one will prevent a GPO to be processed???

    I tried to enabled

    Computer Configuration* Administrative Templates* System * Group Policy * User Group Policy loopback processing mode on one computer to get my GPO applied but it is not applied..(http://seclists.org/basics/2007/Oct/40)

    Any idea?

    Thanks,

    Dom

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager





    • Edited by Felyjos Friday, February 15, 2013 10:09 PM
    •  
     
  • Saturday, February 16, 2013 3:31 PM
     
     
    Sign In to Vote
    0

    Hello,

    The higher top OU has "Block Inheritance" could it be the issue?

    The eployment for Groups works fine but it always fails for OUs with

    FCS-CareConnect Citrix Servers-{ceeb0709-81d3-46d7-b3aa-fd243d77e7b9}-2

    Not Applied (Empty)

    message

    Any idea?

    Thanks,

    Dom

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

     
  • Sunday, February 17, 2013 11:08 PM
     
     
    Sign In to Vote
    1

     

    The description for Event ID 5313 from source Microsoft-Windows-GroupPolicy cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

     


    Looks like the GPO is referring to something that isn't available on your client computer.
     
  • Monday, February 18, 2013 5:16 AM
    Moderator
     
     
    Sign In to Vote
    1

    Hi,

    If only the Forefront Client Security (FCS) Group Policy cannot work normally, please submit a new question to the following forums. In this way, your issue can be fixed effectively.

    Forefront Forums

    http://social.technet.microsoft.com/Forums/en-US/category/forefront

    Regards,

    Arthur Li

    TechNet Community Support

     
  • Tuesday, February 19, 2013 4:36 PM
     
     
    Sign In to Vote
    0

    Hello,

    No several GOPs are not applied, it is not only Forefront Client Security.

    I tried the same policy on a different OU and it is still not applied...

    Thanks,

    Dom

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager



    • Edited by Felyjos Wednesday, February 20, 2013 12:11 AM
    •  
     
  • Wednesday, February 20, 2013 8:09 PM
     
     
    Sign In to Vote
    1
    Am 16.02.2013 16:31, schrieb Felyjos:
    >
    > FCS-CareConnect Citrix Servers-{ceeb0709-81d3-46d7-b3aa-fd243d77e7b9}-2
    >
    > Not Applied (Empty)
    >
     
    So, if you look at that GPO in GPMC Settings tab - what settings are there?
     
    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
     
  • Thursday, February 21, 2013 10:09 PM
     
     
    Sign In to Vote
    0

    These are the settings expected...

    Thanks,
    DOm

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager



    • Edited by Felyjos Thursday, February 21, 2013 10:10 PM
    •  
     
  • Friday, February 22, 2013 2:14 AM
     
     
    Sign In to Vote
    0

    Hello,

    Apparently there are several issues within the OU GPO lists:

    1. FCS Default Policy appears twice, one of them is enforced!!!

    2. Moving the OU up in the tree makes the policy applied.

    Some question:

    Does Forefront Client Security enforced the policy deployed? what is the setting?

    How could we get two policies with the same name, same guid-2 on the same OU?

    Thanks,

    DOm

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

     
  • Friday, February 22, 2013 1:29 PM
     
     
    Sign In to Vote
    1
     
    >
    > Does Forefront Client Security enforced the policy deployed? what is
    > the setting?
    >
     
    Does FCS deal with policies? I don't think so...
     
    > How could we get two policies with the same name, same guid-2 on the
    > same OU?
    >
     
    Check the "Details" tab in GPMC. There you see the GPO "Unique ID" - are
    these the same for both of them? (Names don't matter for GPOs, they are
    just display names and do not need to be unique...)
     
    regards, Martin
     
    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
     
  • Friday, February 22, 2013 6:23 PM
     
     
    Sign In to Vote
    0

    "Does FCS deal with policies? I don't think "

    Yes as we deploy policies from the FCS central Servers to clients. They appears as GPO in Active Directory.

    The "Details" looks the same for both policies...

    Regards,

    Dom

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager


    • Edited by Felyjos Friday, February 22, 2013 6:25 PM
    •  
     
  • Friday, February 22, 2013 6:24 PM
     
     
    Sign In to Vote
    0

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

     
  • Monday, February 25, 2013 8:20 PM
     
     
    Sign In to Vote
    0
     
    > The "Details" looks the same for both policies...
     
    Ah we are talking about a policy LINK only - a GPO can be linked
    multiple times to multiple OUs ;-) No problem in that.
     
    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!