none
Group Policy not being applied. Out of ideas.

    Question

  • So I'm having a problem with Group Policy just not being applied.

    Well technically it is. If I run Gpresult it's there. It's as if it's being processed. But what I'm asking it to do is just completely being ignored. 

    To be more specific it's a login script that maps drives. It used to work just fine. Now it tells me that the Group Policy ran but no drives get mapped. 

    When I look in my Event Viewer I see a 5719 event which is a "There are currently no logon servers available" error. I see this on many machines. Perhaps it is related. Basically it has something to do with the network not being available at that time. 

    Now I have set "Always wait for the network at computer startup and signon and logon" to enabled and specified a startup processing wait time to 90 seconds. I did this a long time ago when other problems occurred and it helped. But it doesn't do anything with this issue. It's just there.

    I haven't been able to find much help on Google. Most of the Group Policy troubleshooting is too trivial. "Are you sure it's enabled" or "The user is in the right OU". If it was that easy I would have fixed it by now. 


    Not sure what else to try. 

    Tuesday, February 16, 2016 3:13 PM

All replies

  • "There are currently no logon servers available" means that your client cannot contact the domain controller for whatever reason so you have a separate issue there that needs to be investigated by itself. A common cause is the client not having its DNS settings pointing to a domain controller.

    I regularly see failed Group Policy updates along with the above error so once you resolve that issue the Group Policy should apply.

    Tuesday, February 16, 2016 5:07 PM
  • Hi,

    You can set something like this:

    https://technet.microsoft.com/en-us/library/cc958585.aspx

    for running logon scripts synchronously, that is wait for logon scripts to finish before starting the explorer. I recommend you scope this to certain machines for troubleshooting purposes.

    Another thing you can do is put in the script to write events in the event log or an external file, to make sure the script executes correctly.

    You should make use maybe of GP preferences which should be easier to configure.

    https://blogs.technet.microsoft.com/askds/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership/

    Hope this helps.


    http://mariusene.wordpress.com/

    Tuesday, February 16, 2016 5:15 PM
  • Unfortunately all our machines already have their nameservers pointed to Domain Controllers. It would actually be impossible for them to function any other way since we are in our own internal network. If they had an outside nameserver nothing would work for them. And the only internal nameservers are all Domain Controllers. 

    I read somewhere that this could be the issue. But if it is it's another twist because they are already assigned. 
    Tuesday, February 16, 2016 6:17 PM
  • As per your first link it looks very promising. However perhaps it's for a different version. I run Server 2008. And I don't see an option to "Run logon scripts synchronously". Not at User configuration or Computer. I even tried to open Group Policy Manager on the Domain Controller just in case it was my machine. But it still didn't have it. None of the options match it. 

    The second link I think doesn't apply to me because I have a script that assigns user mapping. GP itself doesn't assign any mappings. We have some specific mappings based on username criteria that is easier to do with a script. Perhaps it's time to phase that out. But removing this script because there was a problem with GPO felt wrong. It's a problem I'm going to have to fix eventually. 

    Tuesday, February 16, 2016 6:22 PM
  • Hi,

    Sorry but some things are not clear for me. lets try to see the following:

    1. You apply a GPO to all Windows client computers or any domain member servers?

    2. What is the domain functional level?

    3. On the Domain Controllers did you check the Computer Configuration\Administrative Templates\System\Logon for the 'Run logon scripts synchronously' GPolicy?

    4. Group Policy Preferences can be used to map network drives for users. I am not sure I understood why this is not used. Can you share the script?

    5. Can you post a screenshot or upload to a skydive a GPO report using gpresult /h c:\GPResult.html

    6. After logging on the client try from an admin cmd running gpudate /force and post the output.


    http://mariusene.wordpress.com/

    Tuesday, February 16, 2016 8:20 PM
  • Thank you for your reply.

    I made an imgur of what I see on my Group Policy editor. http://imgur.com/gTbOzcw It's the same whether it's the Domain Controller or a host machine. And it's the same whether its gpedit.msc or Group Policy manager. I still don't see "Run logon scripts synchronously"

    We have a simple .bat script that maps drives. Perhaps I should use GPO instead but this issue of stuff not applying happens to more than just this. So I need to resolve it regardless. Just fixing it by making it go away here doesn't actually solve the problem. Although I do agree its probably a better way to do it.

    my gpresult.html turned out to be rather big. I couldn't take a screenshot because it's several pages long. And I've never used skydive.

    gpupdate /force I use all the time. And the result is almost always the same.

    Here it is.
    http://imgur.com/u4f0exf
    I appreciate your help



    • Edited by matveevn Tuesday, February 16, 2016 8:59 PM
    Tuesday, February 16, 2016 8:59 PM
  • It should be in Computer/User/Administrative templates/System/Scripts not sure why the article is pointing there.

    From the screenshot with gpupdate I see that its pending a restart the machine in order to apply the GPO configuration.

    I still believe the solution in your case is to configure GPP (group policy preferences) but if you chose to use a script, fine.

    1. If you manually execute the script on the client does it map the drives?

    2. OneDrive is cloud storage from MS. Here is a link where you can upload the gpresult results" http://1drv.ms/1QjwphU


    http://mariusene.wordpress.com/

    Tuesday, February 16, 2016 9:20 PM
  • You say " It used to work just fine. Now it tells me that the Group Policy ran but no drives get mapped. "

    So, any changes on the client side? I know some drive mapping doesn't behave the same way as it used to in old XP days. ;-)

    If so, try this on a client:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
     "EnableLinkedConnections"=dword:00000001


    Ha®®y


    • Edited by HarryVerge Tuesday, February 16, 2016 9:27 PM
    Tuesday, February 16, 2016 9:21 PM