none
Group Policy error

    Question

  • Hello All,

    I have a Domain 2012 R2 with Four sites 8 DCs (2 DC in every location )

    i have a problem in gpupdate /force

    C:\WINDOWS\system32>gpupdate /force
    Updating policy...

    Computer policy could not be updated successfully. The following errors were encountered:

    The processing of Group Policy failed. Windows attempted to read the file \\DOMAIN\sysvol\DomainPolicies\{45daeea5-4e37-45e1-89b5-30455e6f5812}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    a) Name Resolution/Network Connectivity to the current domain controller.
    b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
    c) The Distributed File System (DFS) client has been disabled.
    User Policy update has completed successfully.

    To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

    I checked the system log for errors and i found that error appear as per attached screen shot 

    i searched for the folder that mentioned in error and i didn't find it in any domain controller 

    Please advice

    Friday, March 04, 2016 9:42 PM

Answers

All replies

  • The processing of Group Policy failed. Windows attempted to read the file \\DOMAIN\sysvol\DomainPolicies\{45daeea5-4e37-45e1-89b5-30455e6f5812}\gpt.ini from a domain controller and was not successful.

    To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

    i searched for the folder that mentioned in error and i didn't find it in any domain controller 

    Did you run gpresult /h somefilename.html ?

    The gpresult report, should show the GUID which has the issue, and, it should show the GIUD andm "display name" of all GPOs resolved.

    Compare that report, with your GPOs linked to this machine (check in GPMC), I expect you will find that there is a GPO linked, but that GPO "display name" doesn't appear in the gpresult report.
    This GPO which doesn't appear correctly in the report, is most likely to be the problematic GPO. Note the display name of that GPOUnlink that GPO, and then try the gpupdate again. The error should be gone. The GPO which you unlinked, is damaged or corrupt or has failed replication/create/deletion. You will most likely need to re-create that GPO via a fresh object.


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Friday, March 04, 2016 11:25 PM
  • Hi,

    There can be several possible causes for this Event ID 1058.

    We can try the suggestions in the threads below to troubleshoot this issue:

    Read Only Domain Controller Group Policy errors

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/4863cb73-6b6a-4573-a84c-94047b28879a

    Group Policy failed event 1058

    http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/b83e7af3-ecb1-4509-b281-b9374cc9c874

    Computer policy fails to apply with event id 1058 - computer removed from one domain and added to another

    http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/a5b1f070-c84c-4154-ab02-9e23109922ec

    Have a nice day.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 07, 2016 4:14 AM
    Moderator
  • Your GPO's might have been deleted for some reason. For now, use that GUID string and drill down to see what is the friendly name of that GPO. This can be done using like this:

    import-module grouppolicy
    Get-GPO -Guid "{GUID}"

    Once the name has been found, find its related settings from a document which you have hopefully prepared before, and recreate that GPO. Restoring GPO from a backup is another option if you have that. If that missing GPO is default GPOs {Default domain policy & Default domain controller policy} you have to use dcgpofix command.


    Mahdi Tehrani   |     |   www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.

    Monday, March 07, 2016 11:48 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 10, 2016 8:20 AM
    Moderator