none
Computer policy could not be updated successfully. The following eerrors were encountered:

    Question

  • Hi,

    I have windows 2012 r2 server which is my DC. Soon as I create this particular GPO to disable to USB's I get this error message when trying to do a GPupdate. I enabled 'All Removable storage classes: Deny All Access' and then I got the message. Soon as I set this to 'not configured' then that message disappears.

    Computer policy could not be updated successfully. The following errors were encountered:

     

    The processing of Group Policy failed. Windows attempted to read the file \\domain.local\SysVol\domain.local\Policies\{BE34041F-27E6-4A6F-98C0-4A2C150D67A2}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

    a) Name Resolution/Network Connectivity to the current domain controller.

    b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).

    c) The Distributed File System (DFS) client has been disabled.

    User Policy update has completed successfully.

     

    To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

    Anyone had tyhis before ? Andy why its just doing this on this GPO ?

    Wednesday, July 06, 2016 7:47 AM

Answers

  • Hi Ruggs1,

    Don't delete the policy object.

    One more question though: is this issue consistently reproducible? i.e. every time you enable the policy you get the error, and every time you clear the policy, it resolves the error?

    The reason being, I can't see how this particular policy would have any bearing on SYSVOL access under default conditions. By default the SYSVOL location is on the system drive and if the policy was affecting the system drive, clearly this would bring the entire system to a halt.

    The only scenario where I can see this being viably reproducible is if the SYSVOL location has been changed to a separate drive and that drive is classed as both USB and removable (both of which can be checked using diskpart.exe).

    If it's not reliably reproducible then we can put the policy setting aside entirely and focus on other areas such as what Martin's already pointed out.

    Out of curiosity, is this domain controller you're receiving the error on the PDC FSMO role holder? You can check this with the following PowerShell command:

    Get-ADDomain | select PDCEmulator

    Cheers,
    Lain

    Wednesday, July 06, 2016 11:03 PM
  • Hi Ruggs1,

    Thanks for your post.

    As far as I know, do not check Link Enabled could cause the problem too.

    Here is a similar thread below may be helpful to you.

    The processing of Group Policy failed. Windows attempted to read the file

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/c6b3becc-c0e7-4eb9-b235-8d1e7024e1b9/the-processing-of-group-policy-failed-windows-attempted-to-read-the-file?forum=winserverGP

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 08, 2016 3:07 AM
    Moderator

All replies

  • Hi Ruggs1,

    Have you followed the instruction at the end of the error which recommends running "gpresult /h" and inspected the computer group policy processing status section for further information?

    You can also check the Application and "GroupPolicy" (under Applications and Services logs) event logs for further information.

    If you find something therein you're not sure about, post the information back here and we'll see if we can help.

    Cheers,
    Lain

    Wednesday, July 06, 2016 8:02 AM
  • > Windows attempted to read the file
    > \\domain.local\SysVol\domain.local\Policies\{BE34041F-27E6-4A6F-98C0-4A2C150D67A2}\gpt.ini
    > from a domain controller and was not successful. Group Policy settings
    > may not be applied until this event is resolved.
     
    You can safely ignore any of the "possible reasons" this message states.
    Check NTFRS/DFSR Event logs on all domain controllers, then fix Sysvol
    replication.
     
     
    --
    Greetings/Grüße, Martin -
    Mal ein gutes Buch über GPOs lesen? -
    Good or bad GPOs? My blog - http://evilgpo.blogspot.com
    And if IT bothers me? Coke bottle design refreshment -
     
    Wednesday, July 06, 2016 3:08 PM
  • From the group policy report -

    A fast link was detected

    GPO Name Alert
     Domain Policy AD / SYSVOL Version Mismatch

    Wednesday, July 06, 2016 3:58 PM
  • Hi. It seems that the system cannot read the permission file. Dele this GPO and create it again.

    -----------------------------------------------------------------

    Sincerely!

    Khalid Garayev

    * Please don't forget to mark as answer or Vote if it helps!

    Wednesday, July 06, 2016 9:35 PM
  • Hi Ruggs1,

    Don't delete the policy object.

    One more question though: is this issue consistently reproducible? i.e. every time you enable the policy you get the error, and every time you clear the policy, it resolves the error?

    The reason being, I can't see how this particular policy would have any bearing on SYSVOL access under default conditions. By default the SYSVOL location is on the system drive and if the policy was affecting the system drive, clearly this would bring the entire system to a halt.

    The only scenario where I can see this being viably reproducible is if the SYSVOL location has been changed to a separate drive and that drive is classed as both USB and removable (both of which can be checked using diskpart.exe).

    If it's not reliably reproducible then we can put the policy setting aside entirely and focus on other areas such as what Martin's already pointed out.

    Out of curiosity, is this domain controller you're receiving the error on the PDC FSMO role holder? You can check this with the following PowerShell command:

    Get-ADDomain | select PDCEmulator

    Cheers,
    Lain

    Wednesday, July 06, 2016 11:03 PM
  • >   Domain Policy     AD / SYSVOL Version Mismatch
     
    As said above: Fix sysvol replication.
     
    Thursday, July 07, 2016 2:17 PM
  • Hi,

    As Martin updated, have you seen any NTFRS errors in the event logs?. Can you try restart the NTFRS service run (net stop ntfrs && net start ntfrs) and see if you are able to see any error messages?. If you have multiple DCs can you check if you are able to see any JRNL_WRAP_ERRORs?. If so you have to follow the burflag process (https://support.microsoft.com/en-us/kb/290762). Otherwise, please put the errors or warnings from the ntfrs event logs.

    Many thanks,

    Abhilash

    Thursday, July 07, 2016 6:39 PM
  • Hi Ruggs1,

    Thanks for your post.

    As far as I know, do not check Link Enabled could cause the problem too.

    Here is a similar thread below may be helpful to you.

    The processing of Group Policy failed. Windows attempted to read the file

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/c6b3becc-c0e7-4eb9-b235-8d1e7024e1b9/the-processing-of-group-policy-failed-windows-attempted-to-read-the-file?forum=winserverGP

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 08, 2016 3:07 AM
    Moderator
  • https://support.microsoft.com/en-us/kb/2866345

    -----------------------------------------------------------------

    Sincerely!

    Khalid Garayev

    * Please don't forget to mark as answer or Vote if it helps!

    Friday, July 08, 2016 5:06 AM