none
Autheticated users not being applied

    Frage

  • Server 2012 R2 STD - DC

    My clients, Win 10 & Server 2102R2, are appearing as non authenticated users. This just started happening. I have the domain policy below. What do I to reset or get it working on the client systems. The clients show up as public network. not good.


    John Lenz

    Dienstag, 15. Mai 2018 19:14

Antworten

Alle Antworten

  • Hi,

    >>My clients, Win 10 & Server 2102R2, are appearing as non authenticated users.

    Could you please provide some screenshots of the issue?  The Default Domain Policy should be applied to all domain clients by default.

    >>The clients show up as public network. not good.

    Also, I would suggest you verify the current IP configuration of clients and collect Group Policy Result in Group Policy Management console to see whether the policy applied.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Mittwoch, 16. Mai 2018 05:38
  • Thanks for your help. Let me set the stage. I run a small tech company and have a small Server 2102 R2 environment. Training is limited and I keep everything as simple as possible. 

    If you want some information, send me the command script or PowerShell script to execute. I will copy, paste & execute and give you the results.

    I am giving you OneDrive access to 2 gpresult of Win10 pro clients that are domain systems. WSUS gave me I the indication of the problem. All of my 20 systems (including servers) are not present in WSUS. They are not authenticated. They were working up to ~ 2 weeks ago. No issues indicated on the DC. LoongSFI004 reports unauthenticated in NIC and LongSFI001 in profile domain on NIC.

     Tell what you need to help get this fixed.

    results html:

    https://1drv.ms/f/s!AmoQ3UGkAIVBhalsv8W21mxrskJeow 


    John Lenz

    Mittwoch, 16. Mai 2018 17:48
  • Hi,

    According to the results, the Default domain policy was not applied to the clients due to WMI Filter.

    To apply the GPO to all clients, you may need un-link the WMI filter or correct the filter.

    

    If you have anything unclear, please feel free to let us know.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Donnerstag, 17. Mai 2018 02:07
  • OK,

     I need the commands to find the WMI filter, make it the correct one based upon server2102 R2 template and re-apply

    Where is WMI and what are the commands, PowerShell scripts I need to execute to fix this? Thanks


    John Lenz

    Donnerstag, 17. Mai 2018 17:26
  • Hi,

    We could find it by Group Policy Management Console. We could edit it or unlink it from GPO.


    For your reference:

    https://social.technet.microsoft.com/wiki/contents/articles/31701.windows-sample-wmi-filter-strings.aspx

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Freitag, 18. Mai 2018 02:23
  • I am out this weekend and will try early next week and report back to you. Thanks

    John Lenz

    Freitag, 18. Mai 2018 15:26
  • Hi,

    Thanks for let me know the current progress.

    If you need further help, please feel free to let me know.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Sonntag, 20. Mai 2018 02:02
  • William,

    Getting closer. See below, there are no WMI filters in GPM  yet the GPResult on the systems above shows one. What is the WMI that is standard with server 2012R2 AD and how do I install it?


    John Lenz

    Montag, 21. Mai 2018 17:17
  • Hi,

    WMI filters should be listed in the Group Policy Management Console, so I assume that there has more than one DC in the environment, am I right?

    If I’m right, the replication between DCs may has some issue and you may see the WMI filters on other DCs.

    In order to narrow down the issue, I would suggest you verify the DCs health by run command “dcdiag /q

    If you have anything unclear, please feel free to let me know.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Dienstag, 22. Mai 2018 02:33
  • No, only one DC. I ran DCDIAG /q in elevated CMD window. Went right to next line {done}. I then ran DCDIAG and all steps passed fine.

    This System was running perfectly fine until it no longer authenticated anything. Why?

    Here is my Physical structure

    Server 1:

    Server2012 R2 STD

     - DC

     - DNS

     - DHCP

     - WSUS

    Server 2:

    Server2012R2 DataCenter

     - VM1; Certificate server

     - VM2: VPN server

     - VM3; SharePoint Server

     - VM4; SQLServer

     - VM5; Exchange Server


    John Lenz

    Dienstag, 22. Mai 2018 19:22
  • Is the time synced properly on Server 2 and the clients to the PDC?

    (is the PDC the primary time source?)

    Dienstag, 22. Mai 2018 19:59
  • PDC is time server. All servers & clients on same time

    John Lenz

    Dienstag, 22. Mai 2018 20:35
  • Hi,

    May I ask whether you have changed the policy settings of Default Domain Policy and Default Domain Controllers Policy?

    I would suggest you perform a backup of the two GPOs, then try to reset the two GPOs to default to see if it helps.

    If the default GPOs were changed, we could create a new GPO and use the backup files to restore it or configure it manually.

    Detailed steps as below:

    1. Right click the Default Domain Policy and Default Domain Controllers Policy, then click Back Up.
    2. Specific a location to store the backup files.
    3. Open an elevated command prompt window, run command “dcgpofix /ignoreschema /target:longsoho.local”.
    4. Run command “gpupdate /force” on a test client or reboot the client.
    5. Verify the current applied settings by run command “gpresult /h result.html” in an elevated command prompt window.

    For your reference: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/dcgpofix

    If you have anything unclear, please feel free to let me know.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Mittwoch, 23. Mai 2018 14:05
  • It did not take? I did back up GPO's


    John Lenz

    • Als Antwort markiert JohnLenz Samstag, 26. Mai 2018 17:40
    Mittwoch, 23. Mai 2018 21:32
  • I re-tried with target "BOTH" and it took. Then did a GPUpdate /force on system LongSFI001. Here is the result

    Does this mean its I fixed. I need authenticated to get WSUS back working.

    Thanks


    John Lenz

    Donnerstag, 24. Mai 2018 21:42
  • Hi,

    I would apologize for the delayed reply.

    >>I re-tried with target "BOTH" and it took.

    BOTH also working for us, however, in the steps above, the target option should be domain, both or DC, not our domain name.

    >>Does this mean its I fixed. I need authenticated to get WSUS back working.

    Yes, it's fixed.

    In order to let WSUS working, I would suggest you create a new GPO instead of using default domain policy, then configure related settings in it.

    For your reference:

    https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wsus

    If you have anything unclear, please feel free to let me know.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Montag, 28. Mai 2018 01:25