[gptalk] Re: GP not applied
- From: "Gray Troutman" <jgraytroutman@xxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Thu, 24 Aug 2006 17:28:57 -0500
I've solved the problem, at least temporarily, by changing the domain name
back to what it originally was. I found some information at Microsoft that
leads me to believe there are some conflicts that come up between the AD and
the GP when you make a name change. They have some tools to deal with it,
but it looks like they are only usable if your in a 2003-only environment.
I'm going to do some more research and see what I can find. I guess the
best part about something like this is that it is certainly a learning
experience.
Thanks for all the help, I've added a couple of troubleshooting tools to my
repertoire at least.
On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:
Could be. As per Doug's note, does the path shown in the userenv.log file
look right? <
\\cmhwm.org\SysVol\cmhwm.org\Policies\{BE30A467-35C2-43BF-84EF-0EE7DA67F51C}\gpt.ini
>
What did you rename? The domain or the DC?
------------------------------
*From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Gray Troutman
*Sent:* Thursday, August 24, 2006 1:11 PM
*To:* gptalk@xxxxxxxxxxxxx
*Subject:* [gptalk] Re: GP not applied
I only have the one DC, could the error be caused by the rename?
On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx > wrote:
>
> Ok. One thing I see in the userenv log is a lot of inconsistency in
> GPOs between AD & SYSVOL. Version number mismatches and inability to read
> the sysvol portion of a GPO. I am guessing that whatever DCs your user's are
> hitting are not replicating correctly. How many DCs do you have? I would run
> gpotool.exe (from SUpport Tools ) against your domain's GPOs and see
> what errors show up.
>
> Darren
>
> ------------------------------
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> *On Behalf Of *Gray Troutman
> *Sent:* Thursday, August 24, 2006 12:50 PM
>
> *To: *gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: GP not applied
>
> Okay, here are userenv.log and gpedit.log. I'm looking at them as
> well, but please let me know what you see. As I've said before, I'm new to
> all this GPO stuff. I was really happy when it was working over here, I'd
> just like to know why it's not working now that I've moved the server.
>
>
>
> On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:
> >
> > You might try enabling verbose userenv logging on one of those
> > problem users, and then post the results here.
> >
> >
> >
> > ------------------------------
> > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> > *On Behalf Of *Gray Troutman
> > *Sent:* Thursday, August 24, 2006 12:17 PM
> > *To:* gptalk@xxxxxxxxxxxxx
> > *Subject:* [gptalk] Re: GP not applied
> >
> > I had other test users (1-5) and they worked in the lab and are not
> > now. Here's a strange one, if I log in as someone who is just a domain
> > admin, the GPOs apply correctly. If I log in as a newly created user,
> > nothing works. If I make that user a domain admin, nothing works.
> >
> > On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:
> > >
> > > So, are you saying that you had a DC on an isolated subnet and now
> > > its on your production network, and a client on that network that is part
of
> > > that DC's domain is not getting user policy as expected? If so, then make
> > > sure that the GPOs you're trying to deliver are linked in such a way that
> > > the user test6 will process them. The fact that a domain admin account
gets
> > > the policies tells me that the policies may not be linked to a place in
your
> > > AD tree that test6 will get them.
> > >
> > > Darren
> > >
> > > ------------------------------
> > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> > > *On Behalf Of *Gray Troutman
> > > *Sent:* Thursday, August 24, 2006 11:41 AM
> > > *To:* gptalk@xxxxxxxxxxxxx
> > > *Subject: *[gptalk] GP not applied
> > >
> > >
> > > Hey folks,
> > > Well, I just moved the DC from the lab to the network and it no
> > > longer applies the GPOs. I can join the domain and log in with no
problem,
> > > but the policies are not applied. If I run gpresult, I get "INFO: The
user
> > > "CMHWM\test6" does not have RSOP data."
> > >
> > > Two things: One, I changed the domain server name. Two, I get the
> > > policies if I log in as a domain admin, but not as a user.
> > >
> > > Any ideas what I screwed up here?
> > >
> > > Thanks,
> > > Gray
> > >
> > >
> >
> >
>
- Follow-Ups:
- [gptalk] Re: GP not applied
- From: Darren Mar-Elia
- References:
- [gptalk] Re: GP not applied
- From: Gray Troutman
- [gptalk] Re: GP not applied
- From: Darren Mar-Elia
Other related posts:
- » [gptalk] GP not applied
- » [gptalk] Re: GP not applied
- » [gptalk] Re: GP not applied
- » [gptalk] Re: GP not applied
- » [gptalk] Re: GP not applied
- » [gptalk] Re: GP not applied
- » [gptalk] Re: GP not applied
- » [gptalk] Re: GP not applied
- » [gptalk] Re: GP not applied
- » [gptalk] Re: GP not applied
- » [gptalk] Re: GP not applied
- » [gptalk] Re: GP not applied
- » [gptalk] Re: GP not applied
- » [gptalk] Re: GP not applied
Could be. As per Doug's note, does the path shown in the userenv.log file look right? < \\cmhwm.org\SysVol\cmhwm.org\Policies\{BE30A467-35C2-43BF-84EF-0EE7DA67F51C}\gpt.ini >
What did you rename? The domain or the DC?
------------------------------ *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On Behalf Of *Gray Troutman *Sent:* Thursday, August 24, 2006 1:11 PM
*To:* gptalk@xxxxxxxxxxxxx *Subject:* [gptalk] Re: GP not applied
I only have the one DC, could the error be caused by the rename?
On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx > wrote: > > Ok. One thing I see in the userenv log is a lot of inconsistency in > GPOs between AD & SYSVOL. Version number mismatches and inability to read > the sysvol portion of a GPO. I am guessing that whatever DCs your user's are > hitting are not replicating correctly. How many DCs do you have? I would run > gpotool.exe (from SUpport Tools ) against your domain's GPOs and see > what errors show up. > > Darren > > ------------------------------ > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > *On Behalf Of *Gray Troutman > *Sent:* Thursday, August 24, 2006 12:50 PM > > *To: *gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: GP not applied > > Okay, here are userenv.log and gpedit.log. I'm looking at them as > well, but please let me know what you see. As I've said before, I'm new to > all this GPO stuff. I was really happy when it was working over here, I'd > just like to know why it's not working now that I've moved the server. > > > > On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx> wrote: > > > > You might try enabling verbose userenv logging on one of those > > problem users, and then post the results here. > > > > > > > > ------------------------------ > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > > *On Behalf Of *Gray Troutman > > *Sent:* Thursday, August 24, 2006 12:17 PM > > *To:* gptalk@xxxxxxxxxxxxx > > *Subject:* [gptalk] Re: GP not applied > > > > I had other test users (1-5) and they worked in the lab and are not > > now. Here's a strange one, if I log in as someone who is just a domain > > admin, the GPOs apply correctly. If I log in as a newly created user, > > nothing works. If I make that user a domain admin, nothing works. > > > > On 8/24/06, Darren Mar-Elia <darren@xxxxxxxxxx> wrote: > > > > > > So, are you saying that you had a DC on an isolated subnet and now > > > its on your production network, and a client on that network that is part of > > > that DC's domain is not getting user policy as expected? If so, then make > > > sure that the GPOs you're trying to deliver are linked in such a way that > > > the user test6 will process them. The fact that a domain admin account gets > > > the policies tells me that the policies may not be linked to a place in your > > > AD tree that test6 will get them. > > > > > > Darren > > > > > > ------------------------------ > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > > > *On Behalf Of *Gray Troutman > > > *Sent:* Thursday, August 24, 2006 11:41 AM > > > *To:* gptalk@xxxxxxxxxxxxx > > > *Subject: *[gptalk] GP not applied > > > > > > > > > Hey folks, > > > Well, I just moved the DC from the lab to the network and it no > > > longer applies the GPOs. I can join the domain and log in with no problem, > > > but the policies are not applied. If I run gpresult, I get "INFO: The user > > > "CMHWM\test6" does not have RSOP data." > > > > > > Two things: One, I changed the domain server name. Two, I get the > > > policies if I log in as a domain admin, but not as a user. > > > > > > Any ideas what I screwed up here? > > > > > > Thanks, > > > Gray > > > > > > > > > > >
- [gptalk] Re: GP not applied
- From: Darren Mar-Elia
- [gptalk] Re: GP not applied
- From: Gray Troutman
- [gptalk] Re: GP not applied
- From: Darren Mar-Elia