Remote Group Policy Update - Error 8007071a RRS feed

  • General discussion

  • Hi, I have been messing with the Group Policy Management Editor this week. I have already set up the policy settings that I need for the clients to work on the domain. As you know, I am new to this - so I have made lots of mistakes so far, but I have managed to fix a few!

    Although, this is a new domain - so everything is all set-up ready to update to the clients. But for some reason, that when I was trying to update the OU policies by pressing the "Group Policy Update", after the dialog box comes up. It shows the error.

    Below this image, it tells you that the client it was trying to update has failed with a error code (8007071a) and the description "The remote procedure call was cancelled". So, is there a way to solve this problem?

    • Edited by Benjamin1234 Saturday, June 27, 2015 10:12 PM Image Added
    Saturday, June 27, 2015 10:10 PM

All replies

  • Hi,

    Can you disable your Windows firewall (if enabled) and try again ?

    More information about the port you need to open for GPO https://technet.microsoft.com/en-us/library/jj572986.aspx

    Same if you have any product like Symantec SmartFirewall, you have to open the ports.


    Sunday, June 28, 2015 8:53 PM
  • Tried that, but it doesn't work. :(

    Any upcoming solutions anybody?

    Regards, ~Benjamin Hall

    Sunday, June 28, 2015 9:40 PM
  • I am too lazy to read all of that from the article you've given me. But, I'll try! :P

    Also, how would you open the ports? From the router?

    Regards, ~Benjamin Hall

    Sunday, June 28, 2015 9:43 PM
  • This 2 policy rules you should enable:

    - Remote Scheduled Tasks Management (RPC)

    - Distributed Transaction Coordinator (RPC-EPMAP)

    • Edited by CaptainBeef Wednesday, February 24, 2016 10:55 AM
    Wednesday, February 24, 2016 10:52 AM
  • Thanks, I had the same issue.

    I'm curious, the "Remote Scheduled Tasks Management (RPC)" rule was the one that solved my issue, so what does "Distributed Transaction Coordinator (RPC-EPMAP)" do?

    Also, why would there be a Firewall Rule blocking GPO updates in a Domain in the 1st place?  I would have guessed that the Domain Profile for Advanced Firewall would have the rule for GPupdate to be allowed by default.  Now that I think about it, I have been able to run "GPudate /force" successfully before, so maybe that is different somehow than Group Policy update from them menu in Group Policy Management?  Maybe because it is initiated from the client rather than the DC so the lack of an inbound rule doesn't matter?

    Your thoughts?

    Wednesday, December 21, 2016 4:24 PM
  • I have 2 towers and a laptop in my lab, but only the laptop needed to have this firewall rule enabled after a fresh install and domain join...  weird!!  I will continue to experiment, but would love to hear any thoughts or comments.
    Wednesday, December 21, 2016 4:32 PM
  • there is a technet blog article related to this--it doesn't offer much insight in the way of what those specific firewall group rules do--but it does reinforce the argument that they are required.  It simply connotes that the RPC-EPMAP rule is the management lane for RPC traffic, translation: a sort of out-of-band management for RPC, probably control message traffic that doesn't congest an otherwise dedicated TCP connection and can use UDP.  **Note** The latter details are my speculation--I am no authority and didn't read that anywhere but that's typically how those kinds of protocols work when it comes to discrete management ports.


    Almost at the very bottom--and he actually addresses the specifically identified error that inspired this post originally.



    Saturday, May 19, 2018 5:56 AM
  • I stumbled across this post and feel I need to clarify this because the answers given don't really cut it.

    Performing a Group Policy Update pushed from the domain controller in Group Polcy Management Console creates a scheduled task on the remote machine.  That scheduled task then runs "gpupdate /force".

    The Windows Firewall rules allowing this are "Remote Scheduled Tasks Management (RPC)", "Remote Scheduled Tasks Management (RPC-EPMAP)" and "Windows Management Instrumentation (WMI-In)".  These are not enabled by default because they open you up as an obvious target for abuse by malicious actors.

    You could enable the pre-configured rules but make sure your domain controller(s) as the only remote address(es) (i.e. remote meaning originating machine somewhere on your local network, not a machine somewhere on the internet - never do that :-P) by editing the rule and going to the Scope tab.

    • Edited by zderentis Monday, October 8, 2018 8:07 PM brain fart, missed a spot
    Monday, October 8, 2018 12:04 AM
  • so whats the final solution?? should I enable RPC or not
    Friday, October 19, 2018 9:56 AM