Re: Group Policy not applying
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 08/10/04
- Next message: Joe Mowry: "Need Help on Difficult GPO Requirement"
- Previous message: Steven L Umbach: "Re: GPO won't apply to one computer"
- In reply to: Curt Shaffer: "Group Policy not applying"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 10 Aug 2004 04:09:08 GMT
Run netdiag on one of your domain computers to see if it shows any problems with
failed tests/warnings/errors relating to dns, dc discovery, kerberos, domain
membership/secure channel, etc. Also run gpresult on domain member as it will tell
the last time computer and user policy was applied and from what GPO's.It is highly
unusual to have domain controllers in a dmz [vpn might be a better solution] . If you
are using ipsec to secure communications through the firewall to the domain
controllers, that can cause problems as domain members can not use ipsec negotiation
for ESP/AH policies that involve communications with domain controllers. Anyhow see
the link below on what ports are required for AD to work through a firewall and pay
attention to the part about RPC and the challenges it makes and workarounds. It may
also help to view firewall logs for traffic dropped to and from domain controllers
and domain members. Looking in Event Viewer on all computers involved would also be
helpful. --- Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B179442
"Curt Shaffer" <curt@chilitech.net> wrote in message
news:cf99m102g18@enews1.newsguy.com...
> I was given the task to implement SUS server on our network. I installed the
> server with SP1 and all went well. However I went over to the gpeditor and
> made the necessary changes and forced a refresh of the policy. It seems that
> the computers ignored the setting. I then tried to add some other random
> setting changes via GPO and they did not take either. Some of the previous
> policies are still working though. I turned on debugging on the workstation
> and I am getting the error: "Windows cannot obtain the domain controller
> name for you computer network. Return Value (59). It seems to be a DNS
> issue. I found a couple of suggestions on Google but nothing helped. There
> is a firewall between our workstations and Domain Controllers. We did this
> because we have people that need to access them from outside our company. I
> don't know if that is why this is happening and if so why do some policies
> work? Any suggestions/explanations?
>
> Thanks
>
> Curt
>
>
- Next message: Joe Mowry: "Need Help on Difficult GPO Requirement"
- Previous message: Steven L Umbach: "Re: GPO won't apply to one computer"
- In reply to: Curt Shaffer: "Group Policy not applying"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
