none
Invoke-IPAMGPOProvisioning Failed - System cannot find the file specified RRS feed

  • Question

  • 

    Hello, 

    I am having issues running the "Invoke-IPAMGPOProvisioning cmdlet. I have read several technet articles including: 

    https://social.technet.microsoft.com/Forums/sharepoint/en-US/4f92263f-2545-4268-95b3-9ecfe42f6fc1/action?threadDisplayName=invokeipamgpoprovisioning-failed-to-import-gpo

    https://social.technet.microsoft.com/Forums/sharepoint/en-US/eac88917-e757-4bc7-a600-8fd8cffe79cd/action?threadDisplayName=invokeipamgpoprovisioning-failed-to-import-gpo-the-system-cannot-find-the-file-specified

    Both of which describe my issue to a "T". However, neither really has a resolution except, "read this article to better understand". 

    Having read "that" article no less than a dozen times, I have attempted to run this script on 2 new IPAM Servers that were created from scratch, My account is a DA, as well as a local admin on the IPAM Server. Here is the exact syntax I am using: 

    Invoke-IPAMGPOProvisioning -Domain "myinternaldomain.local" -GPOPrefixName "SamePrefixChosenDuringProvisioningOfServer" -IPAMServerFQDN "MyIPAMserver.mydomain.local" -DomainController "MyInternal2012R2DC"

    I have attempted to run the command with a number of combinations of Delegated Users and Delegated Groups including DA, to no avail.

    Powershell is being run in an elevated manner, both as "Administrator" or as my domain user account which is a DA.

    Exact error encountered: 

    Invoke-IPAMGPOProvisioning : FAiled to import GPO. The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
    At line:1 char:1

    The corresponding Windows Event ID: 2002
    Group Policy Management
    Import of backup failed. Error [The system cannot find the file specified]
    Details-
    Backup
    Directory: The system cannot find the file specified. 

    Instance: C:\Users\MyUsersName\AppData\Local\Temp\ipamprov
    Comment: {What looks to be a GPO GUID}

    What ive seen, If i have this "Instance" directory open during the time the invoke-ipamgpoprovisioning command is executed, I see the directory temporarily appear, and then immediately disappear, then the command fails. It seems as if it is creating the GPO, however, the "ImportGPO" portion kicks off then fails.

    When I initiate the command, my IPAMUG group is created in my local AD, and the IPAM server object is added as a member. So the script has enough privilege to modify AD. 

    The GPO Objects are created, temporarily, then disappear once the Import GPO task fails.  

    Local Domain Background: 

    15 Domain Controllers, running a mixture of 2008R2 and 2012R2
    (Command being run from 2012 R2 IPAM Server, against a 2012 R2 DC

    1 Domain Controller running 2003 SP2

    Local Domain Name: company.local

    NetBIOS Domain Name: my.company.com

    Primary Domain Controller in the network: running windows server 2008 R2

    Any insight, other than "Read this" https://technet.microsoft.com/en-us/library/jj553805(v=wps.630).aspx 

    I have executed this process on other domains in the past, however I feel I may have an underlying Permissions issue or possible domain naming convention issue (local vs netbios  being different)

    Any reason why this wouldnt work while have a 2003 DC in the environment or a PDC that is not 2012R2? I havent see any system/domain requirements that state this, but just checking. 

    Friday, April 15, 2016 2:08 PM

Answers

All replies

  • Hi Cohlmeyer,

    1.When using the following:

    Invoke-IpamGpoProvisioning -Domain contoso.com -GpoPrefixName IPAM1 -DelegatedGpoUser user1 -IpamServerFqdn ipam1.contoso.com

    Please make sure that you use the format  -DelegatedGpoUser  domain\username

    2.If it does not help,you maight want to post your query in GPO forum for further assistance:

    https://social.technet.microsoft.com/Forums/sharepoint/en-US/home?forum=winserverGP

      Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, April 18, 2016 6:31 AM
  • Unfortunately, this is not the answer. As mentioned above, I walked thru the document and the forum suggesting this parameter in the command. No dice...

    In my case, the issue is my NetBios domain name. First off, having a "." in the netbios domain name is unsupported with IPAM in 2012, and as ive found, its unsupported with 100's of other technologies. So I have now expedited by Domain Migration project for this year. 

    Second the netbios name differing from my internal domain name was causing issues with my GPO export and import process, thus the failure. 

    I was able to proceed via the Manual configuration method and will automate the manual process via powershell scripts and scheduled tasks. It takes a bit more work to get to the end result, but still doable. 

    Thanks for the responses. 

    P.S. I forgot my login to the original "Cohlmeyer" account, so I had to create a new tag... Go team. 

    Monday, May 9, 2016 1:03 PM
  • Also, if someone can mark the post above as the answer. It wont let me do it now that i am under a new screen name. 

    thanks

    Monday, May 9, 2016 1:04 PM
  • Unfortunately, this is not the answer. As mentioned above, I walked thru the document and the forum suggesting this parameter in the command. No dice...

    In my case, the issue is my NetBios domain name. First off, having a "." in the netbios domain name is unsupported with IPAM in 2012, and as ive found, its unsupported with 100's of other technologies. So I have now expedited by Domain Migration project for this year. 

    Second the netbios name differing from my internal domain name was causing issues with my GPO export and import process, thus the failure. 

    I was able to proceed via the Manual configuration method and will automate the manual process via powershell scripts and scheduled tasks. It takes a bit more work to get to the end result, but still doable. 

    Thanks for the responses. 

    P.S. I forgot my login to the original "Cohlmeyer" account, so I had to create a new tag... Go team. 

    As an update, a domain migration to a new internal and NetBIOS domain name, allowed me to configure IPAM with GPO provisioning without issue.

    Small victories.

    Wednesday, August 10, 2016 3:15 PM