none
Direct Access Client Settings ACL in GPMC

    Question

  • Hi All,

    For some unknown reason to me, I'm trying to deploy Direct Access. Now when it comes to the GPO objects it creates (which I have only applied to a select OU) the Domain Controller seem to replicate the GPO's fine, but I'm getting an ACL error in the GPMC status window. This only applies to the Client settings and not the Server settings..

    Anyone had this before?

    Ryan

    Wednesday, August 10, 2016 7:49 AM

Answers

  • Have fixed it.

    Looked in event log and could see there is a sharing violation with the Registry.Pol file in Sysvol this wasn't being replicated.

    So I have added a registry key called "System" in HKLM\Software\Policies\Microsoft\Windows and then created a DWORD value that states "GroupPolicyForceCloseSysvolFileHandle" with a Decimal value of 1.  After Restart the GPO are in Sync with each Domain Controller.

    It seems the Registry.Pol file gets locked and cant replicate.

    Thanks

    Ryan

    • Marked as answer by RyanMesser Wednesday, August 10, 2016 2:19 PM
    Wednesday, August 10, 2016 2:19 PM

All replies

  • > I'm getting an ACL error in the GPMC status window.
     
    Would you mind describing "an ACL error" more in detail?
     
    Wednesday, August 10, 2016 11:23 AM
  • Under Sysvol in the GPMC status window, I get ACL is not in sync with the Baseline DC  for all Domain Controllers.

    However Sysvol is replicating. So not sure why GPMC is showing me this.

    Ryan


    • Edited by RyanMesser Wednesday, August 10, 2016 12:36 PM
    Wednesday, August 10, 2016 12:35 PM
  • Have fixed it.

    Looked in event log and could see there is a sharing violation with the Registry.Pol file in Sysvol this wasn't being replicated.

    So I have added a registry key called "System" in HKLM\Software\Policies\Microsoft\Windows and then created a DWORD value that states "GroupPolicyForceCloseSysvolFileHandle" with a Decimal value of 1.  After Restart the GPO are in Sync with each Domain Controller.

    It seems the Registry.Pol file gets locked and cant replicate.

    Thanks

    Ryan

    • Marked as answer by RyanMesser Wednesday, August 10, 2016 2:19 PM
    Wednesday, August 10, 2016 2:19 PM
  • Hi Ryan,
    I am glad that the issue is fixed. And appreciate your update and sharing the method to us. It will be greatly helpful to others who have the same problem.
    Thank you for your effort again.
    Regards,
    Wendy

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 11, 2016 5:50 AM
    Moderator
  • What version of Active Directory does this solution address? Would this work for 2012 R2?
    Tuesday, January 24, 2017 12:03 PM