none
Client cannot update GPO

    Question

  • Hello, I have one problem in my AD forest, clients cannot update group policy

    I have 2 domians in separet LANs

    root.local (dc1,dc2: DNS,AD)- LAN_AD

    child.root.local  (dc1, dc2: DNS, AD)- LAN_child_AD

    Client.child.root.local - LAN_child

    Port for domin are open from Client --> DC in LAN_child_AD:

     - so i can add Client to AD and its load all policy,

    - I can ping form Client DNS, DC,

    - I can nslookup for chidl.root.local and root.local

    - I can authroize Users form root.local in Client.child.root.local

    - I can access \\dc01(2)\sysvol\domain\ form client station

    But when I'm  trying gpupdate /force or sync on Client.root.local I get error, gpresult /h : 1 error found and nothing descript, I's get confuse is my domain is configure wrong mayby FW policy block gpupdate foir diffrent LANs

    When client and DC are the same LAn all works



    Friday, June 17, 2016 6:07 AM

Answers

  • Hi Michal,

    Thanks for your post.

    I suggest you check if there is event ID 1058.

    If yes, the problem may be caused by the following:

    1. incorrect ACL’s on Sysvol on the DC
    2. filter drivers (antivirus or backup apps) that keep locks on the target objects in Sysvol
    3. network issues that prevent the client from accessing Sysvol on the DC
    4. inorrect security settings on the DC the client is accessing Sysvol on
    5. DNS resolution issues
    6. DFS problems

    To resolved the problem, you could follow the instruction of the article below.

    What are Userenv 1030 and 1058 events?

    https://blogs.technet.microsoft.com/instan/2009/07/13/what-are-userenv-1030-and-1058-events/

    In addition, is the OS Windows Server 2012 R2?

    If yes, here is a hotfix may be helpful to you to fix the problem.

    The specified server cannot perform the requested operation" error occurs when GPO backup is unsuccessful and dynamic updates are disabled in Windows Server 2012 R2

    https://support.microsoft.com/en-us/kb/3060682

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 20, 2016 5:46 AM
    Moderator

All replies

  • > But when I'm  trying gpupdate /force or sync on Client.root.local I get
    > error
     
    The error text could be helpful - what do you thing on that? :-)
     
    --
    Greetings/Grüße, Martin -
    Mal ein gutes Buch über GPOs lesen? -
    Good or bad GPOs? My blog - http://evilgpo.blogspot.com
    And if IT bothers me? Coke bottle design refreshment -
     
    Friday, June 17, 2016 11:55 AM
  • - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
      <EventID>1030</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>1</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2016-06-17T18:20:05.775021100Z" />
      <EventRecordID>4832</EventRecordID>
      <Correlation ActivityID="{1888AB1E-44D8-4D5C-BEAF-A65EAB9E4E2F}" />
      <Execution ProcessID="912" ThreadID="812" />
      <Channel>System</Channel>
      <Computer>srv1.test.domain.local</Computer>
      <Security UserID="S-1-5-21-2984853576-1842308630-932985053-500" />
      </System>
    - <EventData>
      <Data Name="SupportInfo1">1</Data>
      <Data Name="SupportInfo2">2950</Data>
      <Data Name="ProcessingMode">0</Data>
      <Data Name="ProcessingTimeInMilliseconds">42359</Data>
      <Data Name="ErrorCode">58</Data>
      <Data Name="ErrorDescription">The specified server cannot perform the requested operation.</Data>
      <Data Name="DCName">\\DC01.test.domain.local</Data>
      </EventData>
      </Event>

    The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.


    I did DCDiag ..all test complet on domain controller, DFS is replicated, srv serords are all ok ...all it answers. I thinki is about vlans configuration
    Saturday, June 18, 2016 7:50 AM
  • Hi Michal,

    Thanks for your post.

    I suggest you check if there is event ID 1058.

    If yes, the problem may be caused by the following:

    1. incorrect ACL’s on Sysvol on the DC
    2. filter drivers (antivirus or backup apps) that keep locks on the target objects in Sysvol
    3. network issues that prevent the client from accessing Sysvol on the DC
    4. inorrect security settings on the DC the client is accessing Sysvol on
    5. DNS resolution issues
    6. DFS problems

    To resolved the problem, you could follow the instruction of the article below.

    What are Userenv 1030 and 1058 events?

    https://blogs.technet.microsoft.com/instan/2009/07/13/what-are-userenv-1030-and-1058-events/

    In addition, is the OS Windows Server 2012 R2?

    If yes, here is a hotfix may be helpful to you to fix the problem.

    The specified server cannot perform the requested operation" error occurs when GPO backup is unsuccessful and dynamic updates are disabled in Windows Server 2012 R2

    https://support.microsoft.com/en-us/kb/3060682

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 20, 2016 5:46 AM
    Moderator
  • Ok, I found it, issue was for connection do Main domain controllers, now is ok
    Monday, July 4, 2016 4:26 PM
  • Hi Michal,

    Thanks for your respondence.

    If the reply above has resolved your problem, please mark it as answer as
    it would be helpful to anyone who encounters the similar issue.

    Thank you.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, July 5, 2016 1:11 AM
    Moderator