locked
Problemas para aplicar GPOs RRS feed

  • Pergunta

  • Boa tarde!

    Estou com problemas para aplicar GPOs no meu ambiente. Quando crio novas GPOs as mesmas não aplicam. Quando dou um gpupdate /force nas estações, em alguns casos é retornado o erro abaixo:

    Não foi possível atualizar a política de computador com êxito. Os seguintes erros foram encontrados:
    A Política de Grupo não foi processada. O Windows tentou ler o arquivo \\unimed.local\SysVol\unimed.local\Policies\{401AFB91-FF9C-495A-9859-3B55C3717FB9}\gpt.ini de um controlador de domínio e não obteve êxito. As configurações de Política de Grupo não podem ser aplicadas até esse evento ser resolvido. Esse talvez seja um problema passageiro e a causa pode ser um ou mais destes fatores:
    a) Resolução de Nome/Conexão em Rede com o controlador de domínio atual.
    b) Latência do Serviço de Replicação de Arquivos (um arquivo criado em outro controlador de domínio não foi replicado no controlador de domínio atual).
    c) O cliente do sistema de arquivos distribuído (DFS) foi desabilitado.
    Não foi possível atualizar a política de usuário com êxito. Os seguintes erros foram encontrados:
    A Política de Grupo não foi processada. O Windows tentou ler o arquivo \\unimed.local\SysVol\unimed.local\Policies\{10EDF9C1-82CC-40B6-A48F-3A535A9D9D22}\gpt.ini de um controlador de domínio e não obteve êxito. As configurações de Política de Grupo não podem ser aplicadas até esse evento ser resolvido. Esse talvez seja um problema passageiro e a causa pode ser um ou mais destes fatores:
    a) Resolução de Nome/Conexão em Rede com o controlador de domínio atual.
    b) Latência do Serviço de Replicação de Arquivos (um arquivo criado em outro controlador de domínio não foi replicado no controlador de domínio atual).
    c) O cliente do sistema de arquivos distribuído (DFS) foi desabilitado.

    Para diagnosticar a falha, revise o log de eventos ou execute GPRESULT /H GPReport.html da linha de comando para acessar as informações sobre resultados da Política de Grupo.

    Executei no servidor de AD o comando DCDIAG, segue abaixo resultado, em negrito o único erro encontrado.

    Directory Server Diagnosis
    Performing initial setup:
       Trying to find home server...
       Home Server = SRV-W-AD-01
       * Identified AD Forest.
       Done gathering initial info.
    Doing initial required tests
       Testing server: Primeiro-site-padrao\SRV-W-AD-01
          Starting test: Connectivity
             ......................... SRV-W-AD-01 passed test Connectivity
    Doing primary tests
       Testing server: Primeiro-site-padrao\SRV-W-AD-01
          Starting test: Advertising
             ......................... SRV-W-AD-01 passed test Advertising
          Starting test: FrsEvent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
             ......................... SRV-W-AD-01 passed test FrsEvent
          Starting test: DFSREvent
             ......................... SRV-W-AD-01 passed test DFSREvent
          Starting test: SysVolCheck
             ......................... SRV-W-AD-01 passed test SysVolCheck
          Starting test: KccEvent
             ......................... SRV-W-AD-01 passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... SRV-W-AD-01 passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... SRV-W-AD-01 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... SRV-W-AD-01 passed test NCSecDesc
          Starting test: NetLogons
             ......................... SRV-W-AD-01 passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... SRV-W-AD-01 passed test ObjectsReplicated
          Starting test: Replications
             ......................... SRV-W-AD-01 passed test Replications
          Starting test: RidManager
             ......................... SRV-W-AD-01 passed test RidManager
          Starting test: Services
             ......................... SRV-W-AD-01 passed test Services
          Starting test: SystemLog
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/07/2016   17:50:13
                Event String:
                Driver Brother DCP-8157DN Printer required for printer Brother Gerên
    cia is unknown. Contact the administrator to install the driver before you log i
    n again.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/07/2016   17:50:13
                Event String:
                Driver HP DeskJet 710C required for printer !!ti007!HP DeskJet 710C
    is unknown. Contact the administrator to install the driver before you log in ag
    ain.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/07/2016   17:50:14
                Event String:
                Driver CutePDF Writer required for printer CutePDF Writer is unknown
    . Contact the administrator to install the driver before you log in again.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/07/2016   17:50:14
                Event String:
                Driver Brother DCP-8157DN Printer required for printer Brother Finan
    ceiro is unknown. Contact the administrator to install the driver before you log
     in again.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/07/2016   17:50:18
                Event String:
                Driver Microsoft Print To PDF required for printer Microsoft Print t
    o PDF is unknown. Contact the administrator to install the driver before you log
     in again.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/07/2016   17:50:21
                Event String:
                Driver Send to Microsoft OneNote 15 Driver required for printer Send
     To OneNote 2013 is unknown. Contact the administrator to install the driver bef
    ore you log in again.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/07/2016   18:11:52
                Event String:
                Driver HP DeskJet 710C required for printer !!ti007!HP DeskJet 710C
    is unknown. Contact the administrator to install the driver before you log in ag
    ain.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/07/2016   18:11:53
                Event String:
                Driver Microsoft Print To PDF required for printer Microsoft Print t
    o PDF is unknown. Contact the administrator to install the driver before you log
     in again.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/07/2016   18:11:53
                Event String:
                Driver Brother DCP-8157DN Printer required for printer Brother Gerên
    cia is unknown. Contact the administrator to install the driver before you log i
    n again.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/07/2016   18:11:56
                Event String:
                Driver Brother DCP-8157DN Printer required for printer Brother Finan
    ceiro is unknown. Contact the administrator to install the driver before you log
     in again.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/07/2016   18:11:56
                Event String:
                Driver CutePDF Writer required for printer CutePDF Writer is unknown
    . Contact the administrator to install the driver before you log in again.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/07/2016   18:11:57
                Event String:
                Driver Send to Microsoft OneNote 15 Driver required for printer Send
     To OneNote 2013 is unknown. Contact the administrator to install the driver bef
    ore you log in again.
             ......................... SRV-W-AD-01 failed test SystemLog
          Starting test: VerifyReferences
             ......................... SRV-W-AD-01 passed test VerifyReferences

       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation
       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation
       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
       Running partition tests on : unimed
          Starting test: CheckSDRefDom
             ......................... unimed passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... unimed passed test CrossRefValidation
       Running enterprise tests on : unimed.local
          Starting test: LocatorCheck
             ......................... unimed.local passed test LocatorCheck
          Starting test: Intersite
             ......................... unimed.local passed test Intersite

    Alguém pode me ajudar a resolver estes problemas no meu ambiente?

    Atenciosamente,

    Rodrigo

    quarta-feira, 7 de dezembro de 2016 20:19

Todas as Respostas

  • Olá,

    Da uma olhada se o relógio e data do servidor e estação estão corretos também, se não sincroniza eles;

    Da uma olhada também nas permissões NTFS no caminho que está sendo buscado a GPO;

    Da uma olhada nesse link aqui também:

    http://enterpriseit.co/microsoft-active-directory/processing-group-policy-failed-windows-attempted-read-file-sysvol-policies/

    Verifica também se nao está com algum problema de resolução de nomes DNS;

    Verifica também a integridade da SYSVOL se ela está replicando para o outro AD se você tiver 2;

    Olhando melhor ali o erro do FRS parece ser replicação mesmo, confere esse link aqui tem vários eventos e formas de corrigir.

    https://msdn.microsoft.com/en-us/library/bb727056.aspx?f=255&MSPPError=-2147217396




    • Editado Edson Canani quarta-feira, 7 de dezembro de 2016 20:55
    quarta-feira, 7 de dezembro de 2016 20:35
  • Bom dia Edson,

    Cara, o mais estranho, não sei se tem a ver. Rodei o dcdiag no segundo DC e não aparece esse erro. Veja abaixo:

    Directory Server Diagnosis
    Performing initial setup:
       Trying to find home server...
       Home Server = SRV-W-AD-02
       * Identified AD Forest.
       Done gathering initial info.
    Doing initial required tests
       Testing server: Primeiro-site-padrao\SRV-W-AD-02
          Starting test: Connectivity
             ......................... SRV-W-AD-02 passed test Connectivity
    Doing primary tests
       Testing server: Primeiro-site-padrao\SRV-W-AD-02
          Starting test: Advertising
             ......................... SRV-W-AD-02 passed test Advertising
          Starting test: FrsEvent
             ......................... SRV-W-AD-02 passed test FrsEvent
          Starting test: DFSREvent
             ......................... SRV-W-AD-02 passed test DFSREvent
          Starting test: SysVolCheck
             ......................... SRV-W-AD-02 passed test SysVolCheck
          Starting test: KccEvent
             ......................... SRV-W-AD-02 passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... SRV-W-AD-02 passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... SRV-W-AD-02 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... SRV-W-AD-02 passed test NCSecDesc
          Starting test: NetLogons
             ......................... SRV-W-AD-02 passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... SRV-W-AD-02 passed test ObjectsReplicated
          Starting test: Replications
             ......................... SRV-W-AD-02 passed test Replications
          Starting test: RidManager
             ......................... SRV-W-AD-02 passed test RidManager
          Starting test: Services
             ......................... SRV-W-AD-02 passed test Services
          Starting test: SystemLog
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/08/2016   08:51:23
                Event String:
                Driver Brother DCP-8157DN Printer required for printer Brother Gerên
    cia is unknown. Contact the administrator to install the driver before you log i
    n again.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/08/2016   08:51:23
                Event String:
                Driver Microsoft Print To PDF required for printer Microsoft Print t
    o PDF is unknown. Contact the administrator to install the driver before you log
     in again.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/08/2016   08:51:24
                Event String:
                Driver Brother DCP-8157DN Printer required for printer Brother Finan
    ceiro is unknown. Contact the administrator to install the driver before you log
     in again.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/08/2016   08:51:24
                Event String:
                Driver HP DeskJet 710C required for printer !!ti007!HP DeskJet 710C
    is unknown. Contact the administrator to install the driver before you log in ag
    ain.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/08/2016   08:51:24
                Event String:
                Driver CutePDF Writer required for printer CutePDF Writer is unknown
    . Contact the administrator to install the driver before you log in again.
             An error event occurred.  EventID: 0x00000457
                Time Generated: 12/08/2016   08:51:25
                Event String:
                Driver Send to Microsoft OneNote 15 Driver required for printer Send
     To OneNote 2013 is unknown. Contact the administrator to install the driver bef
    ore you log in again.
             ......................... SRV-W-AD-02 failed test SystemLog
          Starting test: VerifyReferences
             ......................... SRV-W-AD-02 passed test VerifyReferences

       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation
       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation
       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
       Running partition tests on : unimed
          Starting test: CheckSDRefDom
             ......................... unimed passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... unimed passed test CrossRefValidation

       Running enterprise tests on : unimed.local
          Starting test: LocatorCheck
             ......................... unimed.local passed test LocatorCheck
          Starting test: Intersite
             ......................... unimed.local passed test Intersite

    Como não fui eu que montei esse AD fui dar uma olhada no nível do domínio e verifiquei que está no Windows Server 2003. Não sei se isso também é um problema já que meus DCs são Windows Server 2012. Já pensei em criar um terceiro DC e transferir os FSMO pra ele e abandonar esse meu DC com problema, ficar com o segundo e terceiro). Sei lá...

    Obrigado!

    quinta-feira, 8 de dezembro de 2016 11:12