none
"Updating the IPAM GPO failed" during initial IPAM setup

    Question

  • Today I wanted to try the IP Address Management feature in Windows Server 8 beta, but I could bring my domain-joined servers into the IPAM Server Inventory.

    I tried to follow the steps in this Blogg to set up IPAM.

    The only server I can see in my inventory is the DC but if I try to switch it to "managed" I get a strange "No operation operation for ... failed" error:

    Updating IPAM GPO failed Message Box

    This happens after I already created the GPOs using Invoke-IpamGpoProvisioning and the DC's Group Policy Management Console shows the GPOs:

    GPManagement

    Any Ideas how I can add the servers to the inventory and/or how I can fix the GPO issue?

    Saturday, April 14, 2012 8:24 PM

Answers

  • Hi Tom,

    Thanks for posting here.

    Is this IPAM server using DC(test215.conet.de) as Preferred DNS server? Is there any connectivity problem between them ?

    Try to recheck the current settings with following the steps in the guide below and see if the IPAM server can obtain these policies form corresponding domain controller :

    Test Lab Guide: Demonstrate IP Address Management (IPAM) in Windows Server "8" Beta

    http://www.microsoft.com/download/en/details.aspx?id=29020

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Proposed as answer by Tiger Li Wednesday, April 18, 2012 2:52 AM
    • Marked as answer by Tiger Li Thursday, April 19, 2012 10:18 AM
    Monday, April 16, 2012 8:02 AM

All replies

  • Nice to see that people actually read my blog :)

    Check under the Application and Services Logs > Microsoft > Windows > IPAM and see if you find any other errors / event that might have occured. 

    Try running a gpupdate /force before you try to change the computers from unmanaged to managed. See if that helps, also double check that the settings in the GPOs are correct (with the right groups and computers ) 

    But if you are having some trouble with the automatic provisioning using the GPO, try using the manual approach, http://webcache.googleusercontent.com/search?q=cache:4vqEcnDuiswJ:download.microsoft.com/download/F/6/9/F69BE7E8-3E99-4A4A-B189-8AFADABC6216/Understand%2520and%2520Troubleshoot%2520IP%2520Address%2520Management%2520(IPAM)%2520in%2520Windows%2520Server%25208%2520Beta.docx+&cd=1&hl=no&ct=clnk&gl=no

    Regards,
    Marius 

    Saturday, April 14, 2012 9:24 PM
  • A gpupdate /force does not change anything.

    I just realized that the machine I installed IPAM on is stuck in the "PUBLIC" network location and not in "DOMAIN" network location where it should be (from my point of view...). Maybe the more restrictive firewall settings are responsible for the non-working IPAM. I'll check that and post an update later.

    BTW @m_sandbu thanks for the quick reply...

    Saturday, April 14, 2012 9:38 PM
  • Hi Tom,

    Thanks for posting here.

    Is this IPAM server using DC(test215.conet.de) as Preferred DNS server? Is there any connectivity problem between them ?

    Try to recheck the current settings with following the steps in the guide below and see if the IPAM server can obtain these policies form corresponding domain controller :

    Test Lab Guide: Demonstrate IP Address Management (IPAM) in Windows Server "8" Beta

    http://www.microsoft.com/download/en/details.aspx?id=29020

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Proposed as answer by Tiger Li Wednesday, April 18, 2012 2:52 AM
    • Marked as answer by Tiger Li Thursday, April 19, 2012 10:18 AM
    Monday, April 16, 2012 8:02 AM
  • Hi Tiger Li,

    thanks for your hints!

    Yes, there might have been a connectivity problem between the IPAM server and the DC. And yes, the DC is the preferred DNS.

    I rechecked the settings with the steps in the Guide, and I got stuck at the following steps:

    - Configure settings for the IPAMGPO_DHCP GPO

    ...

    1. In Group Policy Management Editor, expand Computer Configuration>Policies>Windows Settings>Security Settings>Windows Firewall with Advanced Security>Windows Firewall with Advanced Security – LDAP://…>Inbound Rules.
    2. Right-click Inbound Rules, and then click New Rule.
    3. In the New Inbound Rule Wizard, click Predefined, and select DHCP Server Management from the drop-down list. Click Next.

     

    Well, there seems to be no predefined rule "DHCP Management":

     

    Any idea how to fix that?

    Thursday, April 19, 2012 10:33 PM
  • Hi Tom,

    Thanks for posting here.

    May I know if DHCP service has been installed on this domain controller host ?How did we build and configure this domain controller?

    Actually we'd better do that with following the steps in “Test Lab Guide: Windows Server "8" Beta Base Configuration” guide which is also required in the beginning of this IPAM guide “Steps for Configuring the IPAM Test Lab” ?

    I've tested this in lab and can get this predefined rule with no problem:

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Friday, April 20, 2012 3:31 AM
  • Hi again

    I am comming back to this thread once again to answer Tiger Li's remaining questions.

    • In my lab configuration the DHCP Role was not installed on the DC. The DHCP Role was installed on another host. However, this host was also a Windows Server "8" beta machine within the lab domain.
    • In the meantime I did rebuild the lab and installed the DHCP role on the DC VM as suggested in the test lab guide.
    • First, I still got no access from the IPAM VM. However, after manually adding some rules to the GPOs it now works fine!

    Thanks for your support!

    Tuesday, May 01, 2012 8:28 PM
  • Hi,

    I'd like to clarify a couple things.

    After using the Invoke-IpamGpoProvisioning cmdlet, you do not need to configure any further settings in the IPAM GPOs. See this guide: http://technet.microsoft.com/en-us/library/hh831622.aspx.

    If you view the DHCP GPO on a computer that isn't running DHCP, you won't see the firewall rule named "dhcp management," but it is there. Do not install DHCP on your DC just to get this rule added. You don't need to do this.

    The problem that you had originally was apparently due to a connection issue between the IPAM server and the DC.

    -Greg

    Saturday, October 27, 2012 5:48 PM