none
Cross domain group policy loopback processing issue

    Question

  • Hi everyone.

    I would appreciate if someone could help me in resolving the following issue

    My forest contains 2 domains Dom-A and Dom-B which is having 2 way trust relationship.

    Loopback policy configured and applied to Computer OU on DomainA to Hide local drives on that computer and deploying wallpaper etc. The setup worked for long time but all of sudden it was broken recently.

    Dom-B user logon with Dom-B account into a Dom-A computer not getting loopback GPO however Dom-A user's logon with Dom-A computer getting loopback policy settings.

    DC replication is good and DCDiag DNS test is good. Computers are located in different site and highly restricted. When I try to run GPupdate on one the machine, I am getting below error

    The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:

    a) Name Resolution failure on the current domain controller.

    b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller)..

    Name resolution and Replication is good . I ran Portqry tool with default domains and trust option and found that Port 135, 389, 139, 3268 and 53 are listening.

    Disabling Anti-virus is not helping us to fix the issue

    If anyone has any idea or suggestion kindly let me know.

     

    Wednesday, January 18, 2017 5:07 AM

All replies

  • Hi,

    Did you have turned on firewall between the two domains?

    If yes, please make sure that those ports, which AD DS required, is open on firewall.

    Here is an article below about the ports requirement of AD DS may be helpful to you.

    Active Directory and Active Directory Domain Services Port Requirements

    https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 18, 2017 9:30 AM
    Moderator
  • > The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
     
    Seems Windows cannot access the user account object in Active directory. Did you put some ACLs in place to restrict access?
     
    Friday, January 20, 2017 10:40 AM
  • Hi Jay,

    Appreciate your quick suggestion. The issue is resolved. The root cause what we identified was Name service broken due to the change on DNS service provider side. They made changes to one of their server and put it to the Stealth Mode.

    Friday, January 20, 2017 5:10 PM