The processing of Group Policy failed: One way to fix it

Group Policy Replication Errors - How to Fix

All of a sudden one of your workstations seems to not be able to update its own group policy objects. It appears that the workstation has failed the trust relationship.

For Example

C:\Users\Biff>gpupdate /force
Updating Policy...

 User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were encountered:

 The processing of Group Policy failed. Windows attempted to read the file \\homeslice.net\SysVol\homeslice.net\Policies\{2B44EB00-32DD-42E3-8C83-9B6C6CA6D
6D6}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

 To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

How to Fix

To fix:  on the domain controllers of your windows domain, perform these steps:
1) Check network connectivity to all domain controllers, turn off IPV6 if neccessary, perform nslookup of each DC and make sure each can be found by their IPV4 addresses
2) Check time settings of each DC, if running a virtualilzed environment, make sure all VM hosts are connected to NTP and are able to reach pool.ntp.org

repadmin /syncall
to perform a syncronization...

repadmin /replsummary

... output from repadmin /replsummary
Destination DSA     largest delta    fails/total %%   error
 PDC1                       :22s    0 /  12    0
 BDC1                01h:41m:12s    9 /  16   56  (2148074274) The target principal name is incorrect.
 BDC2                01h:53m:53s    9 /  16   56  (2148074274) The target principal name is incorrect.
 VMS-DC1           58d.02h:35m:57s    9 /   9  100  (5) Access is denied.

If you see the following message "The target principal name is incorrect." Then you may need to reset your machine passwords on your domain controllers.  First step is to disable and turn off KDC.
On the domain controller, disable the Kerberos Key Distribution Center service (KDC).
the reboot, after rebooting, use the netdom command to reset the password, then renable to KDC, then reboot.

netdom resetpwd /server:server_name /userd:domain_name\administrator /passwordd:administrator_password

for example: ( for a DC called DC1 on a domain called homeslice, where the Administrator password was Sn00pD0g&Cat  You will need to quote your password in double quotes, if you have non alpha in it.
on a cmd.exe dos prompt:

netdom resetpwd /server:DC1 /userd:homeslice\administrator /passwordd:"Sn00pD0g&Cat"
output looks like: 

The machine account password for the local machine has been successfully reset.
The command completed successfully.


Comments

Post a Comment

Popular posts from this blog

Microsoft Visio 2010 Premium Product Keys

Image
Visio KMS client key from Microsoft You can use these with AutoKMS tool such as Office Toolkit 2.4.9 (office 2010/2013) which will re-arm them once every 180 days. So you are always in the grace period.  At the bottom of this page are keys for Visio 2019.  If you are here to figure out how to get a free copy of Visio activated on your computer, without paying Microsoft for it, then God or Allah will judge you later for your sins. Your soul will be sent to the underworld to be tormented by Satan for these sins. Please pay for your software! Visio Standard 2010 767HD-QGMWX-8QTDB-9G3R2-KHFGJ Visio Professional 2010 7MCW8-VRQVK-G677T-PDJCM-Q8TCP Visio Premium 2010 D9DWC-HPYVV-JGF4P-BTWQB-WX8BJ Keys from our Russian friends. you can only install with these keys, you cannot activate. ========================================================================= Visio Premium 2010: ========================================================================= C383V-HPHMC-Y6KWM-B
Read more

Mercedes Benz Diesel CDI EGR Emulator Circuit Diagrams

Image
Mercedes EGR Emulator Circuits for Electric Wahler EGR on Diesel Engine For any car fitted with a MAF you can't just block the  EGR valve  as the MAF detects the reduced airflow when the valve operates. If it fails to report this reduction the ECU throws a code, turns on the MIL light and engages Limp Home mode. The  EGR valve  is operated in varying degrees whenever the engine is in cruise mode. A circuit has to be designed that reduces the MAF output voltage whenever the  EGR valve  is called to actuate. Having seen a mod on another forum I decided to give it a go and installed it last night. The circuit is really simple. The  EGR valve  transducer is fed with constant 12v which is proportionately shunted to Gnd to create the potential to activate the transducer, to engage the EGR solenoid and allow hot gasses into the intage via the  EGR valve  in varying degrees. The MAF is in the cold air intake. the EGR gasses enter further downstream. the MAF then monitors the red
Read more

Fix: The Diagnostic Service Host service failed to start due to the following error. [ solved, no kidding ]

Image
Lots of these Messages about the Diagnostic Service Host in the System Log On Windows 7/10 Machines Attached to A Domain The Diagnostic Service Host service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.  The good news is that you can fix it using active directory group policy or the Local Security Policy and just adding a few things to the Local Policies.  Same fix applies to both Windows 7 and Windows 10.  To Fix this using any Policy, you must be running a Professional or Enterprise version of Windows. If you have Home Edition, sorry. Here's How to Fix It You see this in your system logs repeatedly, and its dragging down your computer and making it run slow. 
Read more