Re: IPSEC Policy question
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 12/18/04
- Next message: Bruce Sanderson: "Re: Null NetworkName registry value and XP SP2"
- Previous message: Steven L Umbach: "Re: Assigned software not installing on all PC's in OU"
- In reply to: Brandon McHenry: "Re: IPSEC Policy question"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 17 Dec 2004 19:11:52 -0600
Make sure you refresh the security policy on the domain controller when done
and then reboot the computers you want to ipsec policy to apply to. I have
difficulty one time getting ipsec policy to apply to domain computers and a
reboot was required to get it to work. Beyond that make sure that the Group
Policy has been applied to the computer. The support tool gpresult can show
what computer Group Policies have applied to a computer and the last time
the policy was applied. It will also show the location of the computer in
the domain so that you can check that it shows as having an account in the
right OU. It is also helpful define another setting or two in the GPO to see
if those settings apply which can help troubleshoot if your problem is with
the ipsec policy or the GPO itself being applied. For Windows 2000 you can
use netdiag as in " netdiag /test:ipsec " to see what ipsec policy, if any,
is being applied to a computer. " netdiag /test:ipsec /debug " will give
much more detailed info about an ipsec policy. For XP Pro, use the mmc
snapin for the two ipsec options to see what ipsec policy has been applied
to it. Group Policy problems can often be caused by dns misconfiguration
[see link below for more info] in the domain or something as simple as
policy not propagating yet. --- Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 -- AD
dns FAQ.
"Brandon McHenry" <BrandonMcHenry@discussions.microsoft.com> wrote in
message news:FB60481F-C53D-4E4B-970B-3F33988D1D4C@microsoft.com...
>
> Well I put the computer object in the correct OU but it still isn't
> working.
> So I started all over and remade everything to make sure it was done
> correctly and it still isn't working. I can get it to work on the local
> policy, just can't get it to work on the GPO. Any ideas?
>
> By the way that link to that article comes up with no article found for
> me.
- Next message: Bruce Sanderson: "Re: Null NetworkName registry value and XP SP2"
- Previous message: Steven L Umbach: "Re: Assigned software not installing on all PC's in OU"
- In reply to: Brandon McHenry: "Re: IPSEC Policy question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
