Group Policy not applying

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

I was given the task to implement SUS server on our network. I installed the
server with SP1 and all went well. However I went over to the gpeditor and
made the necessary changes and forced a refresh of the policy. It seems that
the computers ignored the setting. I then tried to add some other random
setting changes via GPO and they did not take either. Some of the previous
policies are still working though. I turned on debugging on the workstation
and I am getting the error: "Windows cannot obtain the domain controller
name for you computer network. Return Value (59). It seems to be a DNS
issue. I found a couple of suggestions on Google but nothing helped. There
is a firewall between our workstations and Domain Controllers. We did this
because we have people that need to access them from outside our company. I
don't know if that is why this is happening and if so why do some policies
work? Any suggestions/explanations?

Thanks

Curt
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Curt-
The first and most obvious thing I can think of is that you'll need ICMP
enabled between your clients and their DCs for GP processing to work--or
you'll need to disable slow link detection on the clients. This is described
in an FAQ I've written on my website. Go to www.gpoguy.com/faqs.htm and
search on ICMP.

--
Darren Mar-Elia
MS-MVP-Windows Management
http://www.gpoguy.com



"Curt Shaffer" <curt@chilitech.net> wrote in message
news:cf99m102g18@enews1.newsguy.com...
>I was given the task to implement SUS server on our network. I installed
>the server with SP1 and all went well. However I went over to the gpeditor
>and made the necessary changes and forced a refresh of the policy. It seems
>that the computers ignored the setting. I then tried to add some other
>random setting changes via GPO and they did not take either. Some of the
>previous policies are still working though. I turned on debugging on the
>workstation and I am getting the error: "Windows cannot obtain the domain
>controller name for you computer network. Return Value (59). It seems to be
>a DNS issue. I found a couple of suggestions on Google but nothing helped.
>There is a firewall between our workstations and Domain Controllers. We did
>this because we have people that need to access them from outside our
>company. I don't know if that is why this is happening and if so why do
>some policies work? Any suggestions/explanations?
>
> Thanks
>
> Curt
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Run netdiag on one of your domain computers to see if it shows any problems with
failed tests/warnings/errors relating to dns, dc discovery, kerberos, domain
membership/secure channel, etc. Also run gpresult on domain member as it will tell
the last time computer and user policy was applied and from what GPO's.It is highly
unusual to have domain controllers in a dmz [vpn might be a better solution] . If you
are using ipsec to secure communications through the firewall to the domain
controllers, that can cause problems as domain members can not use ipsec negotiation
for ESP/AH policies that involve communications with domain controllers. Anyhow see
the link below on what ports are required for AD to work through a firewall and pay
attention to the part about RPC and the challenges it makes and workarounds. It may
also help to view firewall logs for traffic dropped to and from domain controllers
and domain members. Looking in Event Viewer on all computers involved would also be
helpful. --- Steve

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B179442

"Curt Shaffer" <curt@chilitech.net> wrote in message
news:cf99m102g18@enews1.newsguy.com...
> I was given the task to implement SUS server on our network. I installed the
> server with SP1 and all went well. However I went over to the gpeditor and
> made the necessary changes and forced a refresh of the policy. It seems that
> the computers ignored the setting. I then tried to add some other random
> setting changes via GPO and they did not take either. Some of the previous
> policies are still working though. I turned on debugging on the workstation
> and I am getting the error: "Windows cannot obtain the domain controller
> name for you computer network. Return Value (59). It seems to be a DNS
> issue. I found a couple of suggestions on Google but nothing helped. There
> is a firewall between our workstations and Domain Controllers. We did this
> because we have people that need to access them from outside our company. I
> don't know if that is why this is happening and if so why do some policies
> work? Any suggestions/explanations?
>
> Thanks
>
> Curt
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom