none
"Updating the IPAM GPO failed" during initial IPAM setup

    Pregunta

  • Today I wanted to try the IP Address Management feature in Windows Server 8 beta, but I could bring my domain-joined servers into the IPAM Server Inventory.

    I tried to follow the steps in this Blogg to set up IPAM.

    The only server I can see in my inventory is the DC but if I try to switch it to "managed" I get a strange "No operation operation for ... failed" error:

    Updating IPAM GPO failed Message Box

    This happens after I already created the GPOs using Invoke-IpamGpoProvisioning and the DC's Group Policy Management Console shows the GPOs:

    GPManagement

    Any Ideas how I can add the servers to the inventory and/or how I can fix the GPO issue?

    sábado, 14 de abril de 2012 20:24

Respuestas

  • Hi Tom,

    Thanks for posting here.

    Is this IPAM server using DC(test215.conet.de) as Preferred DNS server? Is there any connectivity problem between them ?

    Try to recheck the current settings with following the steps in the guide below and see if the IPAM server can obtain these policies form corresponding domain controller :

    Test Lab Guide: Demonstrate IP Address Management (IPAM) in Windows Server "8" Beta

    http://www.microsoft.com/download/en/details.aspx?id=29020

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Propuesto como respuesta Tiger Li miércoles, 18 de abril de 2012 2:52
    • Marcado como respuesta Tiger Li jueves, 19 de abril de 2012 10:18
    lunes, 16 de abril de 2012 8:02

Todas las respuestas

  • Nice to see that people actually read my blog :)

    Check under the Application and Services Logs > Microsoft > Windows > IPAM and see if you find any other errors / event that might have occured. 

    Try running a gpupdate /force before you try to change the computers from unmanaged to managed. See if that helps, also double check that the settings in the GPOs are correct (with the right groups and computers ) 

    But if you are having some trouble with the automatic provisioning using the GPO, try using the manual approach, http://webcache.googleusercontent.com/search?q=cache:4vqEcnDuiswJ:download.microsoft.com/download/F/6/9/F69BE7E8-3E99-4A4A-B189-8AFADABC6216/Understand%2520and%2520Troubleshoot%2520IP%2520Address%2520Management%2520(IPAM)%2520in%2520Windows%2520Server%25208%2520Beta.docx+&cd=1&hl=no&ct=clnk&gl=no

    Regards,
    Marius 

    sábado, 14 de abril de 2012 21:24
  • A gpupdate /force does not change anything.

    I just realized that the machine I installed IPAM on is stuck in the "PUBLIC" network location and not in "DOMAIN" network location where it should be (from my point of view...). Maybe the more restrictive firewall settings are responsible for the non-working IPAM. I'll check that and post an update later.

    BTW @m_sandbu thanks for the quick reply...

    sábado, 14 de abril de 2012 21:38
  • Hi Tom,

    Thanks for posting here.

    Is this IPAM server using DC(test215.conet.de) as Preferred DNS server? Is there any connectivity problem between them ?

    Try to recheck the current settings with following the steps in the guide below and see if the IPAM server can obtain these policies form corresponding domain controller :

    Test Lab Guide: Demonstrate IP Address Management (IPAM) in Windows Server "8" Beta

    http://www.microsoft.com/download/en/details.aspx?id=29020

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Propuesto como respuesta Tiger Li miércoles, 18 de abril de 2012 2:52
    • Marcado como respuesta Tiger Li jueves, 19 de abril de 2012 10:18
    lunes, 16 de abril de 2012 8:02
  • Hi Tiger Li,

    thanks for your hints!

    Yes, there might have been a connectivity problem between the IPAM server and the DC. And yes, the DC is the preferred DNS.

    I rechecked the settings with the steps in the Guide, and I got stuck at the following steps:

    - Configure settings for the IPAMGPO_DHCP GPO

    ...

    1. In Group Policy Management Editor, expand Computer Configuration>Policies>Windows Settings>Security Settings>Windows Firewall with Advanced Security>Windows Firewall with Advanced Security – LDAP://…>Inbound Rules.
    2. Right-click Inbound Rules, and then click New Rule.
    3. In the New Inbound Rule Wizard, click Predefined, and select DHCP Server Management from the drop-down list. Click Next.

     

    Well, there seems to be no predefined rule "DHCP Management":

     

    Any idea how to fix that?

    jueves, 19 de abril de 2012 22:33
  • Hi Tom,

    Thanks for posting here.

    May I know if DHCP service has been installed on this domain controller host ?How did we build and configure this domain controller?

    Actually we'd better do that with following the steps in “Test Lab Guide: Windows Server "8" Beta Base Configuration” guide which is also required in the beginning of this IPAM guide “Steps for Configuring the IPAM Test Lab” ?

    I've tested this in lab and can get this predefined rule with no problem:

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    viernes, 20 de abril de 2012 3:31
  • Hi again

    I am comming back to this thread once again to answer Tiger Li's remaining questions.

    • In my lab configuration the DHCP Role was not installed on the DC. The DHCP Role was installed on another host. However, this host was also a Windows Server "8" beta machine within the lab domain.
    • In the meantime I did rebuild the lab and installed the DHCP role on the DC VM as suggested in the test lab guide.
    • First, I still got no access from the IPAM VM. However, after manually adding some rules to the GPOs it now works fine!

    Thanks for your support!

    martes, 01 de mayo de 2012 20:28
  • Hi,

    I'd like to clarify a couple things.

    After using the Invoke-IpamGpoProvisioning cmdlet, you do not need to configure any further settings in the IPAM GPOs. See this guide: http://technet.microsoft.com/en-us/library/hh831622.aspx.

    If you view the DHCP GPO on a computer that isn't running DHCP, you won't see the firewall rule named "dhcp management," but it is there. Do not install DHCP on your DC just to get this rule added. You don't need to do this.

    The problem that you had originally was apparently due to a connection issue between the IPAM server and the DC.

    -Greg

    sábado, 27 de octubre de 2012 17:48