none
Forefront Client Security Policy will not deploy

    질문

  • What I'm trying to do is just deploy a policy from the "Policy Mangement" tab in FCS.  When I choose the OU I want to deploy to, and click the "deploy" button, I get the following error:

    The policy cannot be deployed.

    Further details:

    Unable to create a Group Policy link.

    Unable to create a Group Policy link.   (yes, this does repeat twice for some reason)

    Let me begin by saying that I was able to do this back in mid-December when I tried it last.

    Nothing domain controller-wise has changed since then

    We are running SP1 on FCS

    I am logging in as the Domain Administrator

    Any ideas?  I really need to get this working properly

    2012년 2월 29일 수요일 오후 7:40

답변

  • I've seen similar case and it was related to a DNS resolution issue. Could you try to edit the hosts file on the FCS server and add an entry for your DNS server ? Otherwise, have tried to create a GPO, link it to your OU then deploy the FCS policy to this existant GPO ?

    Bechir Gharbi | http://myitforum.com/myitforumwp/community/members/bgharbi/ | Time zone : GMT+1

    2012년 3월 2일 금요일 오전 10:23
  • Now can anyone explain why the other way doesn't currently work even though it did in the past?

    All that I know is that's a bug which can appear for some people (and you're one of the lucky) when there is a DNS resolution issue and because of that we suggest to add the DNS server into the hosts file or deploying the policy to an existant GPO.

    Bechir Gharbi | http://myitforum.com/myitforumwp/community/members/bgharbi/ | Time zone : GMT+1



    2012년 3월 3일 토요일 오전 8:01

모든 응답

  • Hi,

    Thank you for your post.

    Please perform steps below on FCS server to troubleshooting:
    1. Try to use GPMC to create a new policy and link the policy to that OU.
    2. Add your <domain--DC IP> record to your server local host file, then test to deploy policy in FCS UI. Here is  the similar thread.

    If there are more inquiries on this issue, please feel free to let us know.

    Regards


    Rick Tan

    TechNet Community Support


    2012년 3월 1일 목요일 오전 3:04
  • 1. Yes I am able to create and link a policy to the same OU that I'm trying to deploy the policy to

    2. Yes, I have done this as a troubleshooting step just to be sure.

    Still, the issue persists

    2012년 3월 1일 목요일 오후 8:05
  • I've seen similar case and it was related to a DNS resolution issue. Could you try to edit the hosts file on the FCS server and add an entry for your DNS server ? Otherwise, have tried to create a GPO, link it to your OU then deploy the FCS policy to this existant GPO ?

    Bechir Gharbi | http://myitforum.com/myitforumwp/community/members/bgharbi/ | Time zone : GMT+1

    2012년 3월 2일 금요일 오전 10:23
  • I've seen similar case and it was related to a DNS resolution issue. Could you try to edit the hosts file on the FCS server and add an entry for your DNS server ? Otherwise, have tried to create a GPO, link it to your OU then deploy the FCS policy to this existant GPO ?

    Bechir Gharbi | http://myitforum.com/myitforumwp/community/members/bgharbi/ | Time zone : GMT+1

    That last part "deploy the FCS policy to this existant GPO" -- that acutally works, thank you! 

    Now can anyone explain why the other way doesn't currently work even though it did in the past?  We have a few thousand GPO's in our environment, and doing it this way would actually force me to change some of the naming structure on my FCS GPO's to keep things organized...  i.e. I would rather deploy via OU at this point.

    2012년 3월 2일 금요일 오후 3:56
  • Now can anyone explain why the other way doesn't currently work even though it did in the past?

    All that I know is that's a bug which can appear for some people (and you're one of the lucky) when there is a DNS resolution issue and because of that we suggest to add the DNS server into the hosts file or deploying the policy to an existant GPO.

    Bechir Gharbi | http://myitforum.com/myitforumwp/community/members/bgharbi/ | Time zone : GMT+1



    2012년 3월 3일 토요일 오전 8:01
  • Hi Mwilliam4, as the others have said this is likely a name resolution issue. However, troubleshooting this is a rather complex procedure (enabling FCS tracing, getting a network capture, etc.), i would recommend opening a case with our support team, you can do that at this link:

    https://support.microsoft.com/oas/default.aspx?&gprid=12632&&st=1&wfxredirect=1&sd=gn

    thanks,

    Faron


    Faron Faulk [MSFT]

    2012년 4월 24일 화요일 오후 6:19