none
INFO: The user "Domain\user" does not have RSOP data

    Question

  • I got this Error in Eventvwr in one Member server(2003 R2 SP2).

    Event Type:        Error

    Event Source:    Userenv

    Event Category:                None

    Event ID:              1054

    Date:                     05/06/11

    Time:                     12:18:23 PM

    User:                     NT AUTHORITY\SYSTEM

    Computer:          FS001.Contoso.com

    Description:

    Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

     

    When I run gpresult I get this error

    "INFO: The user "Domain\user" does not have RSOP data".

    When i run rsop.msc I can see all computer policies is getting applied But I cannot see any user setting.

    I tried netdiag /test:DNS. Out put I got all passed.

    I can ping the DC(2003 Std SP2). The DNS Setting also perfect.(I do not want to disjoin and rejoin this server to doamin)

    Any help is greatly appriciated.

     

     



    Monday, June 6, 2011 9:24 AM

Answers

  • The issue seems to be some network issue..

    Add this twol keys in registry and logoff if possible restart. The issue should get resolved.

    You might have to add the "Windows" and "System" folders

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
    "GroupPolicyMinTransferRate"=dword:00000000

    Windows Registry Editor Version 5.00
    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
    "GroupPolicyMinTransferRate"=dword:00000000

     

    Check

    http://www.eventid.net/display.asp?eventid=1053&eventno=1584&source=Userenv&phase=1

    • Marked as answer by answernick Tuesday, June 7, 2011 7:53 AM
    Tuesday, June 7, 2011 7:11 AM

All replies

  • Make sure user policies are not disable or there is only settings configured in computer configuration.

    Make sure member server points local DNS server only not any public or ISP's dns addres.

    Refer the below article.

    http://support.microsoft.com/kb/324174

    http://social.technet.microsoft.com/Forums/en/winserverGP/thread/6a0c9a0e-3dee-4b00-8ad7-45f5f9b9ce76

     

     

    Regards


    Awinish Vishwakarma| CHECK MY BLOG 

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Monday, June 6, 2011 9:58 AM
    Moderator
  • Hello,

    please post an unedited ipconfig /all from the DC/DNS servers and the problem machine. Any of them multihomed? Was there a crash/reinstall before this started?


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, June 6, 2011 10:26 AM
  • Hi ...Thanks Guys

    The DNS configuration in that member server is perfect. The user config is not disabled . The server is up for last 15 days.

    The machine is multihomed but its nic2 is disabled.

    I can access the sysvol share as well. The User I am trying is have domain admin rights.

     

    One More info whenever I am trying rsop.msc I am getting this message "Rsop loggins was never enabled or data is corrupt".Then I close this error message. Then I can see in the"Resultant Set of policy processing...."

    Doamin\doaminadmin  (Access Denied).


    I have deleted the domainadmin profile from the member server.

     

    The Userenv log :::

     

    USERENV(1e14.147c) 11:12:46:989 ProcessGPOs:
    USERENV(1e14.147c) 11:12:46:989 EnterCriticalPolicySectionEx: Entering with timeout 600000 and flags 0x0
    USERENV(1e14.147c) 11:12:46:989 EnterCriticalPolicySectionEx: User critical section has been claimed.  Handle = 0x348
    USERENV(1e14.147c) 11:12:46:989 EnterCriticalPolicySectionEx: Leaving successfully.
    USERENV(1e14.147c) 11:12:46:989 ProcessGPOs:  Machine role is 2.
    USERENV(1e14.147c) 11:12:47:599 PingComputer: PingBufferSize set as 2048
    USERENV(1e14.147c) 11:12:47:771 PingComputer: Adapter speed 1000000000 bps
    USERENV(1e14.147c) 11:12:52:977 PingComputer:  First send 0x196d900a failed with 11010
    USERENV(1e14.147c) 11:12:58:481 PingComputer:  First send 0x196d900a failed with 11010
    USERENV(1e14.147c) 11:13:03:984 PingComputer:  First send 0x196d900a failed with 11010
    USERENV(1e14.147c) 11:13:03:984 PingComputer:  No data available
    USERENV(1e14.147c) 11:13:04:109 PingComputer: PingBufferSize set as 2048
    USERENV(1e14.147c) 11:13:04:109 PingComputer: Adapter speed 1000000000 bps
    USERENV(1720.1280) 11:13:08:034 LibMain: Process Name:  C:\WINDOWS\system32\cscript.exe
    USERENV(1f6c.19d8) 11:13:08:847 LibMain: Process Name:  C:\WINDOWS\system32\cscript.exe
    USERENV(1e14.147c) 11:13:09:488 PingComputer:  First send 0x196d900a failed with 11010
    USERENV(1e14.147c) 11:13:14:991 PingComputer:  First send 0x196d900a failed with 11010
    USERENV(1e14.147c) 11:13:20:495 PingComputer:  First send 0x196d900a failed with 11010
    USERENV(1e14.147c) 11:13:20:495 PingComputer:  No data available
    USERENV(1e14.147c) 11:13:20:526 ProcessGPOs: DSGetDCName failed with 59.
    USERENV(1e14.147c) 11:13:20:776 ProcessGPOs: No WMI logging done in this policy cycle.
    USERENV(1e14.147c) 11:13:20:776 ProcessGPOs: Processing failed with error 59.
    USERENV(1e14.147c) 11:13:20:776 LeaveCriticalPolicySection: Critical section 0x348 has been released.
    USERENV(1e14.147c) 11:13:20:776 ProcessGPOs: User Group Policy has been applied.
    USERENV(1e14.147c) 11:13:20:776 ProcessGPOs: Leaving with 0.
    USERENV(1e14.147c) 11:13:20:776 ApplyGroupPolicy: Leaving successfully.
    USERENV(1e14.1bec) 11:13:20:776 GPOThread:  Next refresh will happen in 112 minutes
    USERENV(6a8.1f64) 11:13:20:964 LibMain: Process Name:  C:\WINDOWS\system32\userinit.exe
    USERENV(1e14.6b4) 11:13:21:652 IsSyncForegroundPolicyRefresh: Synchronous, Reason: policy set to SYNC
    USERENV(1c78.1f94) 11:13:21:824 LibMain: Process Name:  C:\WINDOWS\system32\userinit.exe
    USERENV(183c.1af4) 11:13:22:918 LibMain: Process Name:  C:\WINDOWS\Explorer.EXE
    USERENV(183c.1af4) 11:13:23:121 GetProfileType:  Profile already loaded.
    USERENV(183c.1af4) 11:13:23:121 GetProfileType: ProfileFlags is 0
    USERENV(183c.1af4) 11:13:23:121 GetProfileType:  Profile already loaded.
    USERENV(183c.1af4) 11:13:23:121 GetProfileType: ProfileFlags is 0
    USERENV(183c.d9c) 11:13:23:371 GetProfileType:  Profile already loaded.
    USERENV(183c.d9c) 11:13:23:528 GetProfileType: ProfileFlags is 0
    USERENV(814.1c7c) 11:13:24:091 LibMain: Process Name:  C:\WINDOWS\system32\mobsync.exe
    USERENV(16dc.fe8) 11:13:26:045 LibMain: Process Name:  C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    USERENV(19f0.c18) 11:13:26:123 LibMain: Process Name:  C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    USERENV(b24.1b28) 11:13:27:265 LibMain: Process Name:  C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe
    USERENV(1fb8.15ac) 11:13:32:721 LibMain: Process Name:  C:\WINDOWS\system32\mshta.exe
    USERENV(5a8.15b8) 11:13:36:161 LibMain: Process Name:  C:\WINDOWS\system32\userinit.exe

    Monday, June 6, 2011 10:38 AM
  • Hello,

    was that domain upgraded from Windows 2000 to newer version?

    Did you run adprep /domainprep /gpprep ?

    Please see also: http://technet.microsoft.com/en-us/library/cc775785(WS.10).aspx


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, June 6, 2011 10:53 AM
  • Yes this domain was upgraded 3 years back. This issue i am facing from today.. 

    This issue is for one machine only. I have checked other servers in the same ou. Those are ok.

    Monday, June 6, 2011 11:32 AM
  • Is the member server is running with latest SP & Patches & did you follow the link posted above?

     

    Regards


    Awinish Vishwakarma| CHECK MY BLOG 

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

     

    Monday, June 6, 2011 11:36 AM
    Moderator
  • Yes is has all latest patches. OS 2003 R2 Sp2.

    I checked both the links but My scenario is different. Because all computer policies are getting applied correctly

     

    Monday, June 6, 2011 11:43 AM
  • Have you ever logged into this server using this particular user account? For testing purpose, try logon to this server using this account and run RSOP again.


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
    This posting is provided AS IS with no warranties,and confers no rights.
    • Proposed as answer by Curufin Thursday, May 23, 2013 7:42 PM
    Monday, June 6, 2011 11:44 AM
    Moderator
  • I would agree with Santhosh and to add another option, try running RSOP against the machine with a different account and try using th user account on a different machine.  This should help you narrow down if the user or the machine is the issue.

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, June 6, 2011 12:21 PM
    Moderator
  • Hi ,

     

    I have tried with two domain admin account. it is same for both the users.

     

    I have tried those two account in another server it is ok over there.

    Monday, June 6, 2011 12:34 PM
  • Did you logon to this server locally using the same account?


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
    This posting is provided AS IS with no warranties,and confers no rights.
    Tuesday, June 7, 2011 1:00 AM
    Moderator
  • Is it possible o disjoin the server from the domain & rejoin it back& one more thing is the account used by you for running RSOP.MSC is also member of local administrator group, if not try to make it member of local administrator group, log off & relogin.

    http://minasi.com/forum/topic.asp?TOPIC_ID=5772

    http://technet.microsoft.com/en-us/library/cc775785%28WS.10%29.aspx

     

    Regards


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, June 7, 2011 3:14 AM
    Moderator
  • The issue seems to be some network issue..

    Add this twol keys in registry and logoff if possible restart. The issue should get resolved.

    You might have to add the "Windows" and "System" folders

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
    "GroupPolicyMinTransferRate"=dword:00000000

    Windows Registry Editor Version 5.00
    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
    "GroupPolicyMinTransferRate"=dword:00000000

     

    Check

    http://www.eventid.net/display.asp?eventid=1053&eventno=1584&source=Userenv&phase=1

    • Marked as answer by answernick Tuesday, June 7, 2011 7:53 AM
    Tuesday, June 7, 2011 7:11 AM
  • Hello

     

    I have a domain network of 50+ computers with 2 domains (win2008 R2 & win2008. all work ok.

    Only one user with Windows 7 prof. 64 bit is having this issue.

    When i run the gpresult /r i get the error message :

    "the user does not have rsop data".

     @Tanmoy Manik i tried to add this at the registry but i have only the

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
    "GroupPolicyMinTransferRate"=dword:00000000

    and i dont know if i added this correct.

    The
    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]

    i dont have it at all.

     

    Any suggestions?

     

    thx

     

     

     

    Friday, August 26, 2011 12:13 PM
  • Hello,

    did you follow test all other suggestions made in this thread? If yes what was the outcome on each of them, if questions where asked?


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Friday, August 26, 2011 12:22 PM
  • Hello

    from one of the 2 DC's the log of the ipconfig /all


    Windows IP Configuration

       Host Name . . . . . . . . . . . . : Arahide
       Primary Dns Suffix  . . . . . . . : goldenfoods.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : goldenfoods.local

    Ethernet adapter Local Area Connection 2:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #2
       Physical Address. . . . . . . . . : 00-0C-29-C4-77-F2
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.10.4(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 0.0.0.0
       DNS Servers . . . . . . . . . . . : 192.168.10.4
                                           192.168.10.7
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
       Physical Address. . . . . . . . . : 00-0C-29-C4-77-E8
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.1.224(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.1
       DNS Servers . . . . . . . . . . . : 192.168.1.224
                                           192.168.1.227
       Primary WINS Server . . . . . . . : 192.168.1.224
       Secondary WINS Server . . . . . . : 192.168.1.227
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{5097FF92-A056-4684-A682-60CC271F1474}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 02-00-54-55-4E-01
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : isatap.{0C215F94-DC2A-4D7F-9FFF-67221E841534}
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    from the problematic workstation:


    Windows IP Configuration

       Host Name . . . . . . . . . . . . : VGRIGORIU
       Primary Dns Suffix  . . . . . . . : goldenfoods.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : goldenfoods.local

    Wireless LAN adapter Wireless Network Connection 2:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
       Physical Address. . . . . . . . . : 70-1A-04-4D-26-E8
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Bluetooth Network Connection:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
       Physical Address. . . . . . . . . : 0C-60-76-99-25-8F
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : goldenfoods.local
       Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
       Physical Address. . . . . . . . . : 00-24-E8-E1-28-99
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wireless Network Connection:

       Connection-specific DNS Suffix  . : goldenfoods.local
       Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
       Physical Address. . . . . . . . . : 70-1A-04-4D-26-E8
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.1.28(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Friday, 26 August, 2011 13:59:30
       Lease Expires . . . . . . . . . . : Sunday, 28 August, 2011 13:59:31
       Default Gateway . . . . . . . . . : 192.168.1.1
       DHCP Server . . . . . . . . . . . : 192.168.1.224
       DNS Servers . . . . . . . . . . . : 192.168.1.224
                                           192.168.1.227
       Primary WINS Server . . . . . . . : 192.168.1.224
       Secondary WINS Server . . . . . . : 192.168.1.227
       NetBIOS over Tcpip. . . . . . . . : Enabled

    for me also the user in not disabled, and the DC's server are working fine at the rest of the machines.

    Singel thing i didnt manage to do is the registry thing mentioned here.

    As i said to my previous post at

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
    "GroupPolicyMinTransferRate"=dword:00000000

    and i dont know if i added this correct.

    The
    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]

    i dont have it at all.

    thx in advance

     

    Friday, August 26, 2011 12:37 PM
  • Hello,

    Arahide is multi-homed which is not recommended for DCs, so please first remove this setup and cleanup DNS, then run ipconfig /flushdns and ipconfig /registerdns and restart the netlogon service.

    Why is this configuration, which mostly is the reason for problems?

    http://support.microsoft.com/kb/157025

    http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Friday, August 26, 2011 12:43 PM
  • Hello

    Arahide has 2 NIC's because i have 2 LAN's.

    The second LAN has a persistance route to a specific IP in order to backup every night through there.

    Why is this a probem since to my other computers is working fine with no problems.

    ipconfig /flushdns and ipconfig /registerdns should i run to the DC's or to the user?

    thx

    Friday, August 26, 2011 1:07 PM
  • Hello,

    LANs should NOT be connected with a server, this may work for lot's of machines but at some point you run into trouble. With your setup the DC has 2 ip addresses registered in DNS zones and this will result in problems you see now, as clients are not able to resolve the correct DC ip address from each site of the LAN. Again this may work very often but then it will result in problems you see now.

    Networks should be divided with VLANs(manageable switches) or routers not with the DC. Please see also Ace Fekay's article about, where the detailed steps are included how the DC MUST be configured to avoid problems. But in your case you are not able to prevent one NIC from registering in DNS as one of the used subnets will not be able to resolve the names correct anymore.

    So please redesign your network:

    Internet > router WANport > router LANport > switch > one subnet

                                           > router second LANport > other subnet


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Friday, August 26, 2011 1:17 PM
  • Hello

    My network is designed as:

    LAN 1:

    Internet > router WANport > router LANport > switch > one subnet -> NIC 1 fot eh 1st DC and NIC 2 from the 2nd DC.

    The > router second LANport > other subnet -> NIC2 of each DC is only between the server machines 7 in total.

    Is there a way to restrict the second IP 192.168.10.4 from the DNS and WINS?

     

    thx

    Friday, August 26, 2011 1:40 PM
  • Hello,

    according to your description the subnets are separated already. So remove each other subnets DC NIC from it and run ipconfig /flushdns and ipconfig /registerdns  and restart the netlogon service on the DCs.

    The router handles the routing, that's the job of the router, just use it as DG in each subnet on the DC and there is no need to use the second NICs in the other subnet.

     


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Friday, August 26, 2011 1:45 PM
  • Hello All

    @Meinolf Weber you might be correct with what you said about the DC being multi-homed but i have found the problem.

    The probelm was that at the DC at the Active Directoy Users and Computers i had a special OU for that specific user and that OU had the sign "\". THat was the problem.

    Before it was: "VG D:\"

    I renamed it to: "VG" and all worked fine.

    Thx for the advice on the multi-hommed though.

     

    Thursday, September 8, 2011 11:51 AM
  • Good suggestion!.  I had the same error while running gpresult for a user on a Win7 PC.  After logging in once on the machine as the user in question, the problem went away.  I guess something was not initialised for this user.
    Thursday, May 23, 2013 7:41 PM
  • I have just been searching through many threads on this topic and they weren't leading me anywhere.  They did get me to thinking and I did find my specific problem.  Hope this helps:

    On an Enterprise Domain, many users will belong to several security groups and many of those groups are nested.  "Token Bloat".  The main reason I didn't think of this sooner was, because of token issues, our standard computer builds contain the below settings already.  My recent problem came from introducing a Vendor Configured system to the Domain.  It did not have the settings and was fixed when applied.

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters]

    "MaxPacketSize"=dword:00000001

    "MaxTokenSize"=dword:0000ffff

    Also important to note, not only does the local machine need the settings, but any server being authenticated against also needs them.  If your security token is large (doesn't have to be Max) it could be complete on the local machine, but when passed to a server without the settings, it will get truncated (randomly) and the security bit you require (GPO in this case) would be missing.  It's very difficult to troubleshoot as some bits exist in the token, so some services work and others don't.  It just depends what gets truncated out and it could be different every time.

    I would start with those settings as they cannot hurt.

    Wednesday, November 13, 2013 9:44 PM
  • Change your account password acording to policy complexity rules. Log off and log on and try gpresult or gpurdate one more time.

    Kind Regards!

    Friday, December 26, 2014 11:47 AM
  • Just discovered that a corrupt user profile can also cause this gpresult error.

    In my case, it was only showing no group members for one user.  Other users logged into the same machine were ok.

    We did remove / re-add the PC back to the domain though.  Could also be related.

    Wednesday, July 29, 2015 4:02 AM
  • Got the same massage as i checked the local polies on one machine.

    It worked fine on an other so at first I added the mentioned Regkey;

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
    "GroupPolicyMinTransferRate"=dword:00000000

    and the ran Gpresult /R

    which created an Rsop data session for the User.

    After that the gpupdate /force worked just fine!

    JHope this helps

    Wednesday, September 6, 2017 8:12 AM