UAG DA: Failed running PS script RRS feed

  • Question

  • UAG sp1 PS script fails continuously with followed error:

    Executing Reset local GPO for MYDOMAIN\UAG DirectAccess: AppServers (MYSERVER.MYDOMAIN.local) ...
    failed.  Unable to open the Group Policy object (GPO) on the specified computer. Make sure that the specified GPO is valid and accessible, and then try your request again.

    Account has domain admis rights, all DC's are reachable, GPO's are created but not finished - I think..

    Any ideas, whats wrong?


    Thursday, April 14, 2011 7:16 AM


  • Problem solved, but dunno why...

    I changed "localhost" ¨from PS script to "MYDASERVER" and it works...

    • Marked as answer by a_Amigo_ Wednesday, April 20, 2011 8:27 AM
    Wednesday, April 20, 2011 7:51 AM

All replies

  • Hi


    Let's start to check wether if the GPO is operational or not. I the GPO is orphan or corrupted, yes, it will be impossible to open it. Can you generate an HTML report of your GPO from the GPMC console, are you able to backup it?


    Have a nice day.

    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    Thursday, April 14, 2011 12:54 PM
  • I recommend you try it again now that it's been a few hours. It is very common to have to wait between 5 and 15 minutes for replication before the script will finish successfully. It seems that the GPOs will get created right away, and you might even see them populated across all of your DCs, but for some reason being able to then go ahead and open them to dump the configurations inside takes longer.

    I had one instance where we had to wait almost 2 hours. We tried everything we could think of in-between, and then all of a sudden it just worked. It was simply the time it took for AD to "work itself out". :)

    Thursday, April 14, 2011 1:01 PM
  • Thanks for answers!!

    I have been trying to run this PS script several times in last 3 days now... So I don't thing that issue is in replication latency or network traffic. I've tried to change settings in DA wizard, tried to run staright from PS console, tried even uninstall UAG and installed back - nope..

    Thursday, April 14, 2011 5:32 PM
  • Have you tried deleting the GPOs and starting over? Once the GPOs are created, the script/wizard will continue trying to work with the existing GPOs, it never clears them out completely. I would delete all 3 GPOs, then let it sit for a while (half hour maybe) to make sure they're cleared out in your entire environment, and then try pushing it again.

    Since you're using SP1 you could also specify a different location for the GPOs during the wizard, to make sure your new push isn't conflicting with anything still being replicated with the old ones.

    Thursday, April 14, 2011 5:42 PM
  • Thanks for answering!

    Yes, I have deleted GPO's after every failure. I've tried once make empty GPO's and pointed wizard to use them - nope...

    I have managed to do this correctly several times in my test environment, but not now in production..

    Thursday, April 14, 2011 6:56 PM
  • Does it always fail on the "AppServers" GPO specifically? Can you see in the script output if it is successfully making its way through the Client and Gateway GPOs? If so, I would check your settings in Step 4 of the DA config wizards. If you're attempting to do any end-to-end authentication and encryption, try disabling it and then applying the settings. Could be something configured in there that it doesn't like.
    Thursday, April 14, 2011 9:11 PM
  • Thanks for answer!

    On step 4 in wizard is empty, I haven't even opened it.. And yes, it allways ends to this "AppServers" line.

    I have tried to do wizard as "empty" as possible just to get results...

    Monday, April 18, 2011 8:07 AM
  • Problem solved, but dunno why...

    I changed "localhost" ¨from PS script to "MYDASERVER" and it works...

    • Marked as answer by a_Amigo_ Wednesday, April 20, 2011 8:27 AM
    Wednesday, April 20, 2011 7:51 AM