none
Group Policy Background Refresh not running on some machines

    Question

  • Hi,

    We are facing an issue on one of our domains where machines are not all running group policy refreshes at its default interval. I am not seeing the 1501 events logged in the system log, I occasionally see a 1503 on these machines.

    We have a scheduled task that triggers when 1501 is written to the event log and on a large number this works fine. I have a bunch (350+ currently) that are not working as expected. They are in a bunch of our different offices across different countries, yet they all have the same problem.

    If I run a manual gpupdate on these machines, it refreshes group policy and it also logs the 1501 event into the system event log which in turn triggers our scheduled task to fire.

    There are no errors in the Group Policy event log, GP fires when you boot up & when a user logs in. It doesn't matter what user is currently logged in, GP doesnt refresh. We are using the default interval (60min +- 30min).We haven't changed it in any policy and i've also checked that the registry keys dont exist on affected machines.

    I have turned on the GPSvcDebugLogging and reviewed its log, I cant find anything in there. Data is written to that ~within the normal GP refresh interval and there are no errors or warnings that I can find. However we still dont get the event 1501 entry into the system event log, according to Microsoft, the informational entry is: The Group Policy settings for the user were processed successfully. There were no changes detected since the last successful processing of Group Policy.

    All of our clients are Windows 7 Enterprise, with the latest updates released running 1 month behind. Users all have a variety of software installed, unlikely that 2 machines are identical but I doubt that its an external piece of software causing the issue, I would expect its likely to be something internal to windows. We are running a 2008 R2 DFL & FFL, domain controllers in each office, ~50 GPO's but varies as some are dependent on group membership however there are no errors when reviewing a result report. DCDiag doesn't report any domain errors, sites and services etc is all configured correctly. DNS is working fine. I cant see any errors on the DC's either.

    Has anyone seen this issue before? I need to find other things to investigate to fix this issue, has anyone come across this before, has a fix or can suggest some things I can look into, so I can look at solving this.

    Thanks

    Monday, April 18, 2016 1:04 AM

Answers

All replies

  • Hi,

    First of all, please make sure that no GPO is configured to disable background refresh of Group Policy. If you enable this policy, the system waits until the current user logs off the system before updating the computer and user policies.

    >> but I doubt that its an external piece of software causing the issue

    If you suspect some application caused the issue, I would suggest you use process monitor tool on clients and DCs to try capturing some information. Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. You could download it from: https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx

    In my experience, you could use a script of gpupdate / force command to run on the computers as a workaround.

    Regards,

    Wendy

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 18, 2016 5:46 AM
    Moderator
  • Hi Wendy

    Correct no GPs are configured to disable or change the background refresh, nor is the key manually set in the registries of these machines.

    I dont suspect an application at this stage. We have a software library that contains in the thousands of different pieces of software we use in the organization but machines are across different departments so are not likely to contain the same software.

    The workaround is one thing, but in a domain of 5k machines, having them do a gpupdate /force on a scheduled task or something because there isn't a definitive list of machines that are broken is not really a workaround.

    This may lead to us opening a support ticket with Microsoft if no one else has any other ideas.

    I would really like to understand more about how the GPSvc works, if its a timer based approach or some event that isn't firing etc. Also if it has any better logs than the GPSvcDebugLog etc. So far from what I've been able to find its somewhat of a black box that just does its thing. So if anyone can shed any light on how it actually works, what external factors feed into it etc and if it has better logging i'd like to look into that too.

    Thanks

    Tuesday, April 19, 2016 10:37 PM
  • Hi,
    Maybe, you could take a look the following article regarding a treatise on Group Policy troubleshooting with GPSVC Log Analysis:
    https://blogs.technet.microsoft.com/askds/2015/04/17/a-treatise-on-group-policy-troubleshootingnow-with-gpsvc-log-analysis/

    Regards,
    Wendy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 22, 2016 1:34 AM
    Moderator