Group Policy: Failed on Software Installation Package .MSI...
- Good day guys,
I having a encountered software installation being applied on group policy for software package like live communicator 2005 ".msi", I assigned it and install when the users logon but the following Event ID appeared on Event Viewer at Server:
Server Side: Windows Server 2003 SP2
Event ID: 119 - Software Installation - Software installation encountered an unexpected error while reading from the MSI file \\dc0_srv\installers\communicator.msi. The error was not seriou enough to justify halting operation. The following error was encountered. The operation completed successfully.
Client Side: Windows XP Professional SP2
Event ID: 1054 - Userenv - Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occured). Group Policy processing aborted.
Should I install the GPMC Tool for Group Policy for the Server A.D. to correct this one, or should I also install the SP3 on Windows XP? I already find the Event ID which tells me the language issue but not the case.
Anybody have the idea to resolved this one any help?
Thanks in Advance...
Answers
- Good day Nitin,
I already resolved the problem which is the Group Policy cannot take effect on the workstations like software installations, and other Computer Configuration and User Configuration settings of Group Policy which is they block the ICMP or Ping of the Domain Controller anybody cannot ping or do the ICMP way of all workstations Win XP to communicate the Domain Controller which I have done all the research finding out the cause of not doing the Group Policy.
I have a Lab test servers using VMWare I also installed third party tools Sniffer to see what is really happening to see what the workstation will do when contacting domain controller which I found out that the workstations Win XP silently do the ICMP or Ping on the background to communicate the domain controller and also uses only 500kb when executing Group Policy and also which I proved it and show it the one who handle our open source firewall.
Added information Windows XP uses silent ICMP on the background to communicate to the Domain Controller when executing Group Policy, but Windows Vista, Windows 7 using now NLA.
Once again Nitin, thanks for the time and patience it helps me a lot to know the deep information regarding on some workaround, this will be a help to others out there which is another things to be consider and things to remember when implementing Group Policy.
Thanks again and Regards,
Cheers,
All Replies
- Good day guys,
I think anybody cannot give any suggestions or explanation but I rather have the check my server regarding the network speed of my NIC with regards to "Media Sensing" because it is related with the use of Dell PowerEdge 2950 Server with the Gigabit Ethernet and also related to the forum thread below:
"Dell 760 Machines Do Not Apply Policy"
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/e7d66f56-cbc7-4110-979b-a9c19b46c919
This forum thread caught my attention so that why my Group Policy created cannot execute which the implementation of my Software Installation, Folder Redirection via Roaming Profile, logon and logoff script for limit login, etc thru Group Policy.
But anybody can re-confirm that this is the only problem of not executing the Group Policy, is there any reason, suggestions, explanations will be accepted.
Thanks in Advance... - Hi there,
Sorry for the delay in reply. Userenv 1054 Error mentions "Windows cannot obtain the domain controller name for your computer network".
We can start loking at DNS First. Please make sure you have these things in place --
> Client Machine points to the correct DNS and can ping it.
> No Public IP is specified in Alternate DNS on Client Machines.
> We are able to Ping the 'Domain Name' from Clients.
> We can access the Path \\dc0_srv\installers\communicator.msi from Clients and have proper permissions on it.
If all the things i mentiond are correct then you should not have any issues in getting the Installation. I went through the Thread you mentioned and Yes, the problem with Media Sensing and NIC you mentioned can very well be related.
Try out these steps --
> Update the NIC Drivers and make sure you have latest version installed.
> Refer to http://support.microsoft.com/default.aspx/kb/305293/en-us and set the Domain Wide Policy to Disable "Fast Logon Optimization" . By default this is Enabled.
> Define this Policy Setting at Domain Level -- Computer Configuration\Administrative Templates\System\Logon\ Always wait for the network at computer startup and logon
> Reboot the Client and it should take effect.
Let me know if these steps work for you.
cheers
Nitin - Good day Sloth8,
You don't have to sorry its okey with me, you know the 4 possible checking you gave is all success but I just wonder that when I logged for test or the user will logged as for the group policy will take effect the only thing to prove that the group policy take effect on command prompt type the "gpresult" to be able to see the information of group policy, but the user logged "no group policy found...", I just wonder that why this happend, actually I read all the thread here which I tried so many more possibilities but no effect at all, about the media sensing on windows registry the "DisableDHCPMediaSense" on the server this one is okey it is set to "1". The Roaming profile works fine, but the only "Software Installation" and a simple "Not changing wallpaper", "Folder Redirection" or group policy not working fine.
And I also tried to allow the group policy port of port 135, 139, and 445 to our internal open source firewall to make sure that allow from Source to Destination with the following ports mentions, but same there is no effect.
You have a lot of contribution with me I will try one last resort you will give to me this "Fast Logon Optimization", and I will update or download also the updated driver for the LAN Card of the server actually we use here the Dell PowerEdge 2950 not the latest one with "III", 2U Rack Mountable, with 2 NIC with failover.
Additional info. may be you wonder on my other thread I solved this one to clear before I implement this I have test it on my laptop using VMWare I have 2 DNS Server (Primary and Secondary), A.D. Server, Exchange Server, ISA with DHCP Server with RRAS (disabled bec. of ISA Server) and one Windows XP Client which is 6 instance and I have to present it before the actual implementation for presentation and documentation purposes and management requirements, which all works fine on my VMWare Instance.
Thanks for your patience and time also I really appreciate your response...
I will update you regarding this one.
Cheers...(",)...- Edited byradical93 Monday, November 02, 2009 12:48 PMAdditional Information...
- Hi,
Ok so you mean to say that you see the Group Policy hitting the Box through GPRESULT but the Setting does not takes effect. Well you can try to run 'Rsop.msc' at command prompt on the Client Machine and see if the Policy Setting is taking Effect. (You may get error so try adding the User to the Local Administrator Group for testing)
If in case the Policy Setting does not shows in Rsop.msc then you will also see an Explamation Mark on 'User Configuration' and 'Computer Configuration' when you open Rsop.msc. If you go to Properties and Error Information you will see the exact problem. If you find any such Error, please post it here.
I would wait for the Update from you regarding the NIC Update and Fast Logon Optimization Policy.
cheers
Nitin Good day Sloth8,
Thanks for your time, don't be discourage the the result of update NIC and Fast Logon Optimization Policy on Domain Level and I also implement on client using gpedit.msc, but still no effect, "The group policy object not found..." with I type the "gpresult" on client at command prompt..., okey i will try also the "rsop.msc" on client tomorrow to see what is the exact problem.
Any other possible reason why this happen, is there any possibility of some lack of updates but the Windows updates is updated from server down to all workstations.
Thanks again for your time Nitin..., if any other possible way I will appreciate it...
Cheers...(",)...- Hi,
No, Updates cannot be the reason for this. You mentioned that you get "Group Policy Object not found' when you run Gpresult on Client. In this case we need to see what we have in Rsop.msc because the first thing here would be to make sure that the Policy is hitting the Machines or not.
When you run Rsop.msc check the Software Installation Setting and see if it reflects or not. You might have to make the User a part of Local Admin to be able to run Rsop.
One more thing, ar you getting this issue on all the Machines on the Network ?
Also are you still getting this Error on Client
"" Event ID: 1054 - Userenv - Windows cannot obtain the domain controller name for your computer network. ""
If yes then i still doubt DNS is working fine. It is very important for a Client Machine to enumerate the Domain Controllers properly.
Also let me know how may Domain Controllers do you have in the environment. And what is the Replication status (Try 'Repadmin /syncall /e /P' ). Are you getting any FRS issues on any of those.
It is quite possible that e have multiple Domain Controllers and the GPO Changes are only made to one but because of the Replication Issues they did not go to the other Domain Controllers. And when you login on the Client, it authenticates from a DC which does not have the Policy update yet. In such case you will see issues.
Revert back with the info.
cheers
Nitin - Good day sloth8,
Yes for today I will go now to work and I will do your instructions to be able to see the problem, don't worry I will by the way the 1 Master D.C. and 2 member server to D.C.
I will update you today this afternoon time here 5:26am Nov. 4.
Thanks and Regards,
Cheers... Hi,
I dint quite get your last reply. Did you say you are going to promote Member Servers to DC. If yes, i would recommend not to do that right now until this issue is resolved.I'll wait for the reply. Hope to fix it soon :)
cheers
NitinGood day Sloth8,
I have here 3 Domain Controller, 1 is Master DC, the 2 is member server which is use for 1.) Exchange Server, and 2.) File Server. see below:
dc0_srv - Domain Controller
exc_srv - Exchange Server
fsrv_srv - File Server
Hope you find it easy to indentify.
Thanks and Regards,
Cheers...Allright so you have one Domain Controller and 2 Member Servers. Get back with the results soon.
cheers
NitinGood day Nitin,
These are the result below:
1.) repadmin /syncall /e /p
CALLBACK MESSAGE: The following replication is in progress:From: f954e982-af7d-461c-945b-e9f11eff9b78._msdcs.mydomain.com
To : 8473923a-6719-4b77-b092-803329a4ca6f._msdcs.mydomain.com
CALLBACK MESSAGE: The following replication completed successfully:
From: f954e982-af7d-461c-945b-e9f11eff9b78._msdcs.mydomain.com
To : 8473923a-6719-4b77-b092-803329a4ca6f._msdcs.mydomain.com
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.
2.) rsop.msc on client - no result as well as the gpresult "no RSOP data found..." something like that?
Thanks and Regards,
Cheers...(",)...- Hi,
ok so Replication looks fine. What about the Events. Do you see any Error Event under DNS and File Replication Service in Event Viewer. Please post them here, if you have some.
Do you get any error when you run Rsop.msc or it's just that you don't see the Group Policy Setting under the console.
Also i would like you to stop any Firewall and Antivirus and then try to resolve the Domain as well as Domain Controller from the Client Machine. Try Ping Test with Hostnam as well as FQDN.
Also run Nslookup followed by Domain Name and post the result here.
cheers
Nitin Good day Nitin,
The result as follows here below:
1.) File Replication Service:
Date: 9/20/2009 Source: NtFrs
Time: 6:45:09 PM Category: None
Type: Information Event ID: 13516
User: N/A
Computer: DC0_SRVThe File Replication Service is no longer preventing the computer DC0_SRV from becoming a
domain controller. The system volume has been successfully initialized and the Netlogon
service has been notified that the system volume is now ready to be shared as SYSVOL.
Date: 9/20/2009 Source: NtFrs
Time: 6:36:05 PM Category: None
Type: Information Event ID: 13501
User: N/A
Computer: DC0_SRVThe File Replication Service is starting.
Date: 9/20/2009 Source: NtFrs
Time: 6:15:28 PM Category: None
Type: Information Event ID: 13554
User: N/A
Computer: DC0_SRVThe File Replication Service successfully added the connections shown below to the replica set:
"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
"DC1_SRV.mydomain.com"
"DC1_SRV.mydomain.com"
Date: 9/20/2009 Source: NtFrs
Time: 6:15:27 PM Category: None
Type: Information Event ID: 13553
User: N/A
Computer: DC0_SRVThe File Replication Service successfully added this computer to the following replica set:
"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Information related to this event is shown below:
Computer DNS name is "DC0_SRV.mydomain.com"
Replica set member name is "DC0_SRV"
Replica set root path is "d:\windows\sysvol\domain"
Replica staging directory path is "d:\windows\sysvol\staging\domain"
Replica working directory path is "c:\windows\ntfrs\jet"
Date: 9/20/2009 Source: NtFrs
Time: 6:15:27 PM Category: None
Type: Warning Event ID: 13520
User: N/A
Computer: DC0_SRVThe File Replication Service moved the preexisting files in d:\windows\sysvol\domain to d:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.
The File Replication Service may delete the files in d:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog at any time. Files can be saved from deletion by copying them out of d:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. Copying the files into d:\windows\sysvol\domain may lead to name conflicts if the files already exist on some other replicating partner.
In some cases, the File Replication Service may copy a file from d:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog into d:\windows\sysvol\domain instead of replicating the file from some other replicating partner.
Space can be recovered at any time by deleting the files in d:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.
Date: 9/20/2009 Source: NtFrs
Time: 6:15:27 PM Category: None
Type: Warning Event ID: 13565
User: N/A
Computer: DC0_SRVFile Replication Service is initializing the system volume with data from another domain controller. Computer DC0_SRV cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
To check for the SYSVOL share, at the command prompt, type:
net share
When File Replication Service completes the initialization process, the SYSVOL share will appear.
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.
2.) DNS Service:
Date: 9/20/2009 Source: DNS
Time: 6:31:08 PM Category: None
Type: Error Event ID: 4015
User: N/A
Computer: DC0_SRVThe DNS server has encountered a critical error from the Active Directory. Check that the
Active Directory is functioning properly. The extended error debug information (which may
be empty) is "". The event data contains the error.
Date: 9/20/2009 Source: DNS
Time: 6:41:27 PM Category: None
Type: Error Event ID: 2
User: N/A
Computer: DC0_SRVThe DNS server has started.
Date: 9/24/2009 Source: DNS
Time: 2:18:03 PM Category: None
Type: Information Event ID: 5504
User: N/A
Computer: DC0_SRVThe DNS server encountered an invalid domain name in a packet from xxx.xx.xx.xxx. The packet
will be rejected. The event data contains the DNS packet.3.) From Client - Ping Client itself reverse lookup of client IP Address:
C:\ping -a 192.168.0.200
Pinging pc01.mydomain.com [192.168.0.200] with 32 bytes of data:Reply from 192.168.0.200: bytes=32 time<1ms TTL=128
Reply from 192.168.0.200: bytes=32 time<1ms TTL=128
Reply from 192.168.0.200: bytes=32 time<1ms TTL=128
Reply from 192.168.0.200: bytes=32 time<1ms TTL=128Ping statistics for 192.168.0.200:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
4.) From Client - Ping Server from Client reverse lookup of Server IP Address:
C:\ping -a 192.168.0.100Pinging dc0_srv.mydomain.com [192.168.0.100] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.Ping statistics for 192.168.0.100:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),5.) From Client - nslookup result from client
C:\nslookup
Default Server: dc0_srv.mydomain.com
Address: 192.168.0.100
>
Here all the Information that you will able to check if there is something wrong...
Thanks and Regards,
Cheers,...Hi,
Ntfrs is working fine but i noticed that there is a problem with communication. If i am not wrong 192.168.0.100 is the IP Address of Domain Controller. Why are we not able to resolve it. Can we ping this Domain Controller with FQDN and NetBios name from Client. Can we ping the Domain Name (mydomain.com) from client ?
If Gpresult says 'No Data Found' then for sure we have some issues with Group Policy enumeration. You also dint mention if Rsop.msc snap-in opens up or not ? And if it opens up then do you see and Error information (check a yellow exclamation mark on computer and user configuration).
What about the other Group Policies, are they taking effect properly ?Is this happening woth all the Users and Machines ?
cheers
Nitin- Good day Nitin,
I forgot to give you some result on rsop.msc the Computer Configuration and User Configuration did not appear it has a question mark on paper icon that's indicates of the same result with "gpupdate" - group policy not found...
Hope this will complete all the information result will be enough
Any suggestions, and explanations for this final thread?
Thanks and Regards,
Cheers,- Edited byradical93 Friday, November 06, 2009 3:52 AMadded words...
- Good day Nitin,
I already resolved the problem which is the Group Policy cannot take effect on the workstations like software installations, and other Computer Configuration and User Configuration settings of Group Policy which is they block the ICMP or Ping of the Domain Controller anybody cannot ping or do the ICMP way of all workstations Win XP to communicate the Domain Controller which I have done all the research finding out the cause of not doing the Group Policy.
I have a Lab test servers using VMWare I also installed third party tools Sniffer to see what is really happening to see what the workstation will do when contacting domain controller which I found out that the workstations Win XP silently do the ICMP or Ping on the background to communicate the domain controller and also uses only 500kb when executing Group Policy and also which I proved it and show it the one who handle our open source firewall.
Added information Windows XP uses silent ICMP on the background to communicate to the Domain Controller when executing Group Policy, but Windows Vista, Windows 7 using now NLA.
Once again Nitin, thanks for the time and patience it helps me a lot to know the deep information regarding on some workaround, this will be a help to others out there which is another things to be consider and things to remember when implementing Group Policy.
Thanks again and Regards,
Cheers,
