none
Applying GP at Startup (Win 10, Surface Pro 3)

    Question

  • (I know this isn't the Win 10 forum, but the only post I could find close to this indicated this might be the correct place to ask.)

    I'm getting an error trying to apply group policy at startup with Surface Pro 3, the Surface Dock, running Windows 10. Surfaces running Windows 8 work. When I force a GPUpdate after login, it works.

    The Event ID I get in the Event Viewer System Log is a 1058. ErrorCode 65. This doesn't seem totally uncommon.

    In the Group Policy Operational log, the error has an Event ID 7017. The details have the same ErrorCode, 65.

    I set the GPSVC to dump a debug log. I get a bit over 700 lines, but the information at the point of failure is as follows:

    GPSVC(40c.4ec) 12:05:46:774 GetDCNameFromGPTPath: NetDfsGetClientInfo() failed with error=0xa66 for GPT Path=\\<DOMAIN>\sysvol\<DOMAIN>\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini
    GPSVC(40c.4ec) 12:05:46:774 ProcessGPO(Machine): Couldn't find the group policy template file <\\<DOMAIN>\sysvol\<DOMAIN>\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>, error = 0x41. DC: <null>

    I'm not sure where to go there. Would this indicate we're not properly resolving the <DOMAIN> to a server name?

    Thanks!


    Thursday, October 01, 2015 5:22 PM

All replies

  • Hi jace.wiseman,

    Thanks for your post.

    For ErrorCode 65 Network access is denied,  the problem may be related to the group policy settings that Microsoft recommended to harden group policy, and is outlined in MS15-011 and MS15-014. Please follow the article for more details.

    http://blogs.technet.com/b/askpfeplat/archive/2015/02/23/guidance-on-deployment-of-ms15-011-and-ms15-014.aspx

    And based on event1058, 7017 and the bebug log, we can find the client cannot find two GPO or GPO file.

    On DC, open GPMC, find out those two GPOs. Unlink them and test

    On the client, please try to access \\DOMAINNAME\\SYSVOL folder to make sure there is no network issue.

    Examine the DNS settings and network properties on the servers and client computers
    Examine the Server Message Block signing settings on the client computers and member servers
    Make sure that the TCP/IP NetBIOS Helper service is started on all computers
    Make sure that Distributed File System (DFS) is enabled on all computers
    Examine the contents and the permissions of the Sysvol folder

    Best Regards,

    Mary Dong


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, October 02, 2015 8:06 AM
    Moderator
  • So, I've checked a number of these, and still can't get the Surfaces to connect and run Group Policy at startup. Other Windows 10 clients run fine.

    On one other machine, running an Intel I217-LM NIC, I had to set 'Wait for Link' to On to get Group Policy to function properly at startup (We're connected to switches with spanning tree enabled.)  But, the drivers for the Surface dock/NIC do not have this option.  Is there another way way to force it into a similar state?  The "wait for link at startup" and "group policy wait time" GPOs do not make a difference in this case. 

    Tuesday, October 06, 2015 5:40 PM