[gptalk] Re: GP not applied

  • From: "Gray Troutman" <jgraytroutman@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Thu, 24 Aug 2006 17:28:57 -0500

I've solved the problem, at least temporarily, by changing the domain name
back to what it originally was.  I found some information at Microsoft that
leads me to believe there are some conflicts that come up between the AD and
the GP when you make a name change.  They have some tools to deal with it,
but it looks like they are only usable if your in a 2003-only environment.
I'm going to do some more research and see what I can find.  I guess the
best part about something like this is that it is certainly a learning
experience.

Thanks for all the help, I've added a couple of troubleshooting tools to my
repertoire at least.

On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:

Could be. As per Doug's note, does the path shown in the userenv.log file look right? < \\cmhwm.org\SysVol\cmhwm.org\Policies\{BE30A467-35C2-43BF-84EF-0EE7DA67F51C}\gpt.ini >

What did you rename? The domain or the DC?



 ------------------------------
*From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Gray Troutman
*Sent:* Thursday, August 24, 2006 1:11 PM

*To:* gptalk@xxxxxxxxxxxxx
*Subject:* [gptalk] Re: GP not applied

I only have the one DC, could the error be caused by the rename?



On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx > wrote:
>
>  Ok. One thing I see in the userenv log is a lot of inconsistency in
> GPOs between AD & SYSVOL. Version number mismatches and inability to read
> the sysvol portion of a GPO. I am guessing that whatever DCs your user's are
> hitting are not replicating correctly. How many DCs do you have? I would run
> gpotool.exe (from SUpport Tools ) against your domain's GPOs and see
> what errors show up.
>
> Darren
>
>  ------------------------------
>  *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *Gray Troutman
> *Sent:* Thursday, August 24, 2006 12:50 PM
>
> *To: *gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: GP not applied
>
>  Okay, here are userenv.log and gpedit.log.  I'm looking at them as
> well, but please let me know what you see.  As I've said before, I'm new to
> all this GPO stuff.  I was really happy when it was working over here, I'd
> just like to know why it's not working now that I've moved the server.
>
>
>
> On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:
> >
> >  You might try enabling verbose userenv logging on one of those
> > problem users, and then post the results here.
> >
> >
> >
> >  ------------------------------
> >  *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> > *On Behalf Of *Gray Troutman
> > *Sent:* Thursday, August 24, 2006 12:17 PM
> > *To:* gptalk@xxxxxxxxxxxxx
> > *Subject:* [gptalk] Re: GP not applied
> >
> >  I had other test users (1-5) and they worked in the lab and are not
> > now.  Here's a strange one, if I log in as someone who is just a domain
> > admin, the GPOs apply correctly.  If I log in as a newly created user,
> > nothing works.  If I make that user a domain admin, nothing works.
> >
> > On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:
> > >
> > >  So, are you saying that you had a DC on an isolated subnet and now
> > > its on your production network, and a client on that network that is part 
of
> > > that DC's domain is not getting user policy as expected? If so, then make
> > > sure that the GPOs you're trying to deliver are linked in such a way that
> > > the user test6 will process them. The fact that a domain admin account 
gets
> > > the policies tells me that the policies may not be linked to a place in 
your
> > > AD tree that test6 will get them.
> > >
> > > Darren
> > >
> > >  ------------------------------
> > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> > > *On Behalf Of *Gray Troutman
> > > *Sent:* Thursday, August 24, 2006 11:41 AM
> > > *To:* gptalk@xxxxxxxxxxxxx
> > > *Subject: *[gptalk] GP not applied
> > >
> > >
> > >  Hey folks,
> > > Well, I just moved the DC from the lab to the network and it no
> > > longer applies the GPOs.  I can join the domain and log in with no 
problem,
> > > but the policies are  not applied.  If I run gpresult, I get "INFO: The 
user
> > > "CMHWM\test6" does not have RSOP data."
> > >
> > > Two things:  One, I changed the domain server name.  Two, I get the
> > > policies if I log in as a domain admin, but not as a user.
> > >
> > > Any ideas what I screwed up here?
> > >
> > > Thanks,
> > > Gray
> > >
> > >
> >
> >
>

Other related posts: