none
Group Policies are not being applied on a SITE_ Server 2003 Domain controller issue

    Question

  • Hello,

    I have a problem in one of my AD SITE, having two windows server 2003 domain controllers. None of the group policies are being applied to this SITE.

    1.) On using "Group Policy Modeling Wizard", I am getting below error :

    "Group Policy Infrastructure failed due to the error listed below. The system cannot find the path specified.
    Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available"

    2.) When I type gpresult on DC or client machine I get this error : "INFO: The user "domain\user" does not have RSOP data"

    3.) When I try to open rsop.msc on either DC or any client machine I get the below error :

      "Unable to generate rsop data. In logging mode, likely causes are group policy has never succesfully processed for the computer or user. RSoP logging was never enabled, or data is corrupt. In planning mode, verify that selected domain controller supports RSoP.

      Details:: Invalid Namespace "

    4.) Below is the ipconfig/all result on one of the DC in SITe :

    C:\Documents and Settings\saurabhad>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . :  <DCname>
       Primary Dns Suffix  . . . . . . . : domain.com
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : domain.com

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDI
     VBD Client)
       Physical Address. . . . . . . . . : 00-1A-64-96-37-BD
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 164.xxx.xxx.215
       Subnet Mask . . . . . . . . . . . : 255.255.252.0
       Default Gateway . . . . . . . . . : 164.xxx.xxx.254
       DNS Servers . . . . . . . . . . . : 164.xxx.xxx.17
                                                    164.xxx.xxx.19

    NOTE:  There is one blank policy is applied to the SITE level and because this is blank, there are many alert on the domain controller (event#1030 and event#1058). I am not sure if this blank policy can create some problem or not.


    • Edited by saurabhcap10 Wednesday, February 22, 2012 1:13 PM
    Wednesday, February 22, 2012 12:13 PM

Answers

  •  
    > Its srange.. can a corrupt GPO on SITE level can stop all GPOs to
    > apply.. ?
     
    Yes. There are a - small - number of GPO processing errors that will
    lead to no GPOs at all. It has nothing to to with the site link - if you
    link that corrupt GPO anywhere else (Domain or OU), the result would be
    the same.
     
    sincerely, Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Saturday, February 25, 2012 2:39 PM
  • Problem resolved !! As I mentioned in problem description, there is one blank GPO on site level, this GPO was possibly corrupt. I just unlinked that GPO and it worked :)

    Its srange.. can a corrupt GPO on SITE level can stop all GPOs to apply.. ?

    Wednesday, February 22, 2012 3:12 PM

All replies

  • Hello,

    seems the site DC has some problems with replication to the main site, please upload the following files:

    ipconfig /all >c:\ipconfig.txt [from each DC/DNS Server]
    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
    repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt  ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
    dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)


    As the output will become large, DON'T post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Wednesday, February 22, 2012 12:18 PM
  • Problem resolved !! As I mentioned in problem description, there is one blank GPO on site level, this GPO was possibly corrupt. I just unlinked that GPO and it worked :)

    Its srange.. can a corrupt GPO on SITE level can stop all GPOs to apply.. ?

    Wednesday, February 22, 2012 3:12 PM
  •  
    > Its srange.. can a corrupt GPO on SITE level can stop all GPOs to
    > apply.. ?
     
    Yes. There are a - small - number of GPO processing errors that will
    lead to no GPOs at all. It has nothing to to with the site link - if you
    link that corrupt GPO anywhere else (Domain or OU), the result would be
    the same.
     
    sincerely, Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Saturday, February 25, 2012 2:39 PM