none
Server 2012 R2 StarterGPOs not installing

    Question

  • I've encountered a peculiar problem with a fresh Windows Server 2012 R2 domain configuration where when I load up the Group Policy Management Console and click "Create Starter GPOs Folder", the folder is created in Sysvol with all 10 starter GPOs inside it... however none show up in the console.

    I've deleted the folder and recreated it again from GPMC but the same thing happens, so the good thing is it's a repeatable problem, but alas it's a problem I would rather not be having at all :)

    Has anyone else come across this or has any suggestions how to fix it?


    MrGoodBytes

    Monday, May 02, 2016 10:50 AM

Answers

All replies

  • Hi,

    Thanks for your post.

    I notice that you have already posted a thread in our forum before. Since Starter GPOs Templates not shown up in GPMC, I would like to suggest you try to export the Starter GPOs from a working Server (Same Operation System) and then import to this problematic Server to have a test.

    Import and Export Starter GPOs

    https://technet.microsoft.com/en-us/library/cc732150(v=ws.11).aspx

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 03, 2016 4:13 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, May 05, 2016 8:55 AM
    Moderator
  • Hi, no the responses haven't been particularly helpful. I've not had a chance to setup another Active Directory forest in isolation to copy the Starter GPOs.

    I posted here looking for some guidance on finding the root cause rather than a simple workaround which may or may not work. The issue I face here is not something I've encountered before nor is it something that should happen, so my concern is that it is a symptom of some greater problem yet to be uncovered. I would much rather spend the time doing some root cause analysis than just getting the Starter GPOs to show up and moving on.

    Can you suggest any logs or events which could be helpful here? Where does GPMC import/copy the starter GPOs from? How does GPMC know what Starter GPOs are installed? -if it just reads that folder then there could be something wrong with that console; but then they do not show up for other consoles either which suggests that may read these policies based on references stored somewhere in the Active Directory database.

    As I can create and delete new Starter GPOs without any issue I'm convinced there is something wrong with or relating to the inbuilt ones exclusively and I would very much like to know what it is.

    Regards,


    MrGoodBytes

    Thursday, May 05, 2016 9:28 AM
  • Hi,

    Thanks for your reply.

    To narrow down the issue, you could refer to the following suggestions:

    1. Please try to restart the server to have a test.

    2. To determine whether the issue is related to GPMC console or not, please try to reset the MMC console settings to default. (Delete MMC cache. Open MMC console again, click on file and select options. Select disk cleanup tab and delete Files

    3. Check the behavior on a computer/server that has RSAT installed.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 06, 2016 2:44 AM
    Moderator
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 09, 2016 8:06 AM
    Moderator
  • > Console and click "Create Starter GPOs Folder", the folder is created in
    > Sysvol with all 10 starter GPOs inside it... however none show up in the
    > console.
     
    On my test domain, it created the folder but did not populate it.
    Basically, Starter GPOs are deprecated and replaced by the GPO export
    feature in Security Compliance Manager:
     
     
    Monday, May 09, 2016 10:57 AM
  • Update:

    1. Restarting the server made no change

    2. Clearing MMC cache also had no change

    3. RSAT also had no change.

    I build a new Windows Server 2012 R2 server from the same image, promoted it into a Domain Controller (on its own domain) and had the same issue.

    I did the same again but using the iso from Microsoft and the Starter GPOs loaded into the console as they should.

    Interestingly, I exported the Starter GPOs using the "Save as Cab" option and tried to import them into GPMC on a Domain Controller having the issue and I got the error message "The selected file is not a valid Starter GPO CAB." I was also unable to restore a backup of the Starter GPOs, but I think this is due to the Unique ID not matching up.

    I was however able to create a new GPO from the Starter GPO on the working DC, export it and import the settings into as new GPO on the other DC.

    This is all very puzzling....

    The difference between the two installations is the DC not working was build with updates sideloaded (including WMF 5).


    MrGoodBytes

    Monday, May 09, 2016 1:34 PM
  • Hi,

    It seems that the issue is related to the problematic Windows Server 2012 R2 image. Where did you get this image? Have you tried repairing the system using SFC and DISM tool?

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 10, 2016 7:56 AM
    Moderator
  • The Windows Server 2012 R2 image was downloaded from the MS Partner Portal. The slipstreamed updates came from WSUS.

    I have tried both SFC and DISM. SFC reports no problems. DISM always says "The restore operation completed successfully. The component store corruption was repaired." but it always says that and I'm skeptical that it actually does anything. There is no clear indication in the DISM log of component corruption being repaired that I can see.

    I wonder if perhaps some of the updates which were slipstreamed shouldn't have been.


    MrGoodBytes

    Tuesday, May 10, 2016 12:02 PM
  • Hi,

    Since using the iso from Microsoft did work, you could let it apply the same updates from WSUS to have a test.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 11, 2016 6:43 AM
    Moderator