Re: Intermittant GPO failure to apply
- From: v-chayan@xxxxxxxxxxxxxxxxxxxx ("Charles Yang [MSFT]")
- Date: Fri, 02 Sep 2005 00:17:20 GMT
HI Nick,
Thanks for updates.
The default setting of these GPO is "not defined" for all the policy below:
Network Client digitally sign communications (always)
Network Client digitally sign communications (if server agrees)
Network Server digitally sign communications (always)
Network Server digitally sign communications (if client agrees)
In addition, have you tried my steps in previous reply, I will also post
here:
As you referred, you have enabled the roaming profiles and folder
redirection on SBS domain. Also in your userenv log we found it still refer
to the same problem in ntuser.pol, by default this files will be recreate
when logon the domain again, it seems the files is corrupt and the registry
is not correct.
Please temporally delete that files or rename the files to see if the issue
can be clear. If you using roaming profiles, please check it on the server.
More info:
269378 Differences in the User Profiles in Windows
http://support.microsoft.com/?id=269378
Hope the above information helpful.
Best regards,
Charles Yang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "NickC" <NoSpam@xxxxxxxxxxxxxx>
| References: <#0yb8FPlFHA.1608@xxxxxxxxxxxxxxxxxxxx>
<qk#JxlllFHA.3472@xxxxxxxxxxxxxxxxxxxxx>
<u$KSRhnlFHA.1412@xxxxxxxxxxxxxxxxxxxx>
<lF03VAwlFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
<eyM9CI1lFHA.1948@xxxxxxxxxxxxxxxxxxxx>
<3NgMzq8lFHA.3120@xxxxxxxxxxxxxxxxxxxxx>
<bdNyKYNmFHA.940@xxxxxxxxxxxxxxxxxxxxx>
<OUgO7kOmFHA.1232@xxxxxxxxxxxxxxxxxxxx>
<LEzjLcVmFHA.944@xxxxxxxxxxxxxxxxxxxxx>
<eInxpswpFHA.2904@xxxxxxxxxxxxxxxxxxxx>
<frb2Q85pFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
<#SZQAPZqFHA.3540@xxxxxxxxxxxxxxxxxxxx>
<yK#Vz$dqFHA.3800@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Intermittant GPO failure to apply
| Date: Thu, 1 Sep 2005 20:21:32 +0100
| Lines: 465
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Message-ID: <#ba#kpyrFHA.260@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: host81-130-59-23.in-addr.btopenworld.com 81.130.59.23
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:150019
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Charles,
|
| As the SMB signing doesn't seem to make any difference I would like to
set
| them back to their defaults. Could you tell me what the default settings
| were for the 'Default Domain Policy' and 'Default Domain Controllers
Policy'
| GPOs for:
| Network Client digitally sign communications (always)
| Network Client digitally sign communications (if server agrees)
| Network Server digitally sign communications (always)
| Network Server digitally sign communications (if client agrees)
|
| Thanks,
| Nick
|
| ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:yK%23Vz$dqFHA.3800@xxxxxxxxxxxxxxxxxxxxxxxx
| > Hi Nick,
| >
| > Thanks for updates.
| >
| > I will waiting for your results, as I mentioned we could not
troubleshoot
| > the root cause of this problem via newsgroup, it might be a complex
| > problem, as I referred many factors might blocked the GPO updates,
| > firewall
| > anti-virus software or SMB signing.
| >
| > Sorry for inconvenience, and thanks for your efforts.
| >
| >
| >
| > Best regards,
| >
| > Charles Yang (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| > =====================================================
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from your issue.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| > --------------------
| > | From: "NickC" <NoSpam@xxxxxxxxxxxxxx>
| > | References: <#0yb8FPlFHA.1608@xxxxxxxxxxxxxxxxxxxx>
| > <qk#JxlllFHA.3472@xxxxxxxxxxxxxxxxxxxxx>
| > <u$KSRhnlFHA.1412@xxxxxxxxxxxxxxxxxxxx>
| > <lF03VAwlFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
| > <eyM9CI1lFHA.1948@xxxxxxxxxxxxxxxxxxxx>
| > <3NgMzq8lFHA.3120@xxxxxxxxxxxxxxxxxxxxx>
| > <bdNyKYNmFHA.940@xxxxxxxxxxxxxxxxxxxxx>
| > <OUgO7kOmFHA.1232@xxxxxxxxxxxxxxxxxxxx>
| > <LEzjLcVmFHA.944@xxxxxxxxxxxxxxxxxxxxx>
| > <eInxpswpFHA.2904@xxxxxxxxxxxxxxxxxxxx>
| > <frb2Q85pFHA.1208@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: Intermittant GPO failure to apply
| > | Date: Thu, 25 Aug 2005 17:40:34 +0100
| > | Lines: 305
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <#SZQAPZqFHA.3540@xxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: 194.164.85.19
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147801
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hi Charles,
| > |
| > | Disabling the rename administrator account GPO and others didn't seem
to
| > | help so have now re-enabled them.
| > |
| > | All SMB signing GPO settings are now set to disabled so will wait and
| > see
| > | what effect that has (must remember to reboot the server a few times).
| > |
| > | Workstations do indeed have Trend Micro CSM for SMB remotely installed
| > and
| > | updating from the SBS server. Problem is these workstations are all
| > live
| > so
| > | I cannot safely leave virus checking disabled. Do you have any more
| > | information about this possible Trend Micro problem?
| > |
| > | UPHClean is installed and reports the following error but I can't see
| > how
| > to
| > | identify which application is actually causing this:
| > | The following handles opened in user profile hive
| > <DOMAINNAME>\<username>
| > | (S-1-5-21-3513629081-3873135916-3088626867-1364) are preventing the
| > profile
| > | from unloading:
| > | svchost.exe (888)
| > | HKCU (0x3a0)
| > |
| > |
| > | Regards,
| > | Nick
| > |
| > |
| > |
| > | Hi,
| > |
| > | Thanks for updates.
| > |
| > | From the information you gave to me, we can not identify the root
cause,
| > | have you try my suggestion in my last reply, I would like to paste
them
| > | again:
| > |
| > |
| > | FYI:
| > |
| > | What I means about Trend is to disable it on the client computer if
you
| > | have also deploy it on client computer, as I know there is some
problem
| > on
| > | this software if you deploy it on client computer.
| > |
| > | As this is an intermittent issue, so it might need some time to
| > | troubleshoot. in my previous reply, I suggest you disable all the SMB
| > | signing on both client computer and server, please also make sure
that
| > you
| > | have disable all the SMB signing on the group policy. You can refer
to
| > the
| > | article below to disable it.
| > |
| > | Please refer to the following link to disable the SMB signing to see
if
| > the
| > | slow network access issue will be resolved:
| > | http://www.smallbizserver.net/Default.aspx?tabid=98
| > |
| > | I appreciate your effort on this issue.
| > |
| > |
| > |
| > | Best regards,
| > |
| > | Charles Yang (MSFT)
| > |
| > |
| > | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in
message
| > | news:frb2Q85pFHA.1208@xxxxxxxxxxxxxxxxxxxxxxxx
| > | > Hi,
| > | >
| > | > Thanks for updates.
| > | >
| > | > From the information you gave to me, we can not identify the root
| > cause,
| > | > have you try my suggestion in my last reply, I would like to paste
| > them
| > | > again:
| > | >
| > | >
| > | > FYI:
| > | >
| > | > What I means about Trend is to disable it on the client computer if
| > you
| > | > have also deploy it on client computer, as I know there is some
| > problem
| > on
| > | > this software if you deploy it on client computer.
| > | >
| > | > As this is an intermittent issue, so it might need some time to
| > | > troubleshoot. in my previous reply, I suggest you disable all the
SMB
| > | > signing on both client computer and server, please also make sure
that
| > you
| > | > have disable all the SMB signing on the group policy. You can refer
to
| > the
| > | > article below to disable it.
| > | >
| > | > Please refer to the following link to disable the SMB signing to
see
| > if
| > | > the
| > | > slow network access issue will be resolved:
| > | > http://www.smallbizserver.net/Default.aspx?tabid=98
| > | >
| > | > I appreciate your effort on this issue.
| > | >
| > | >
| > | >
| > | > Best regards,
| > | >
| > | > Charles Yang (MSFT)
| > | >
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > ======================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
| > issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
| > check
| > | > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although
| > we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > | > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | > ======================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | >
| > | >
| > | > =====================================================
| > | > When responding to posts, please "Reply to Group" via your
newsreader
| > so
| > | > that others may learn and benefit from your issue.
| > | > =====================================================
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | >
| > | > --------------------
| > | > | From: "NickC" <NoSpam@xxxxxxxxxxxxxx>
| > | > | References: <#0yb8FPlFHA.1608@xxxxxxxxxxxxxxxxxxxx>
| > | > <qk#JxlllFHA.3472@xxxxxxxxxxxxxxxxxxxxx>
| > | > <u$KSRhnlFHA.1412@xxxxxxxxxxxxxxxxxxxx>
| > | > <lF03VAwlFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
| > | > <eyM9CI1lFHA.1948@xxxxxxxxxxxxxxxxxxxx>
| > | > <3NgMzq8lFHA.3120@xxxxxxxxxxxxxxxxxxxxx>
| > | > <bdNyKYNmFHA.940@xxxxxxxxxxxxxxxxxxxxx>
| > | > <OUgO7kOmFHA.1232@xxxxxxxxxxxxxxxxxxxx>
| > | > <LEzjLcVmFHA.944@xxxxxxxxxxxxxxxxxxxxx>
| > | > | Subject: Re: Intermittant GPO failure to apply
| > | > | Date: Mon, 22 Aug 2005 12:17:58 +0100
| > | > | Lines: 120
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.3790.1830
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | > | X-RFC2646: Format=Flowed; Original
| > | > | Message-ID: <eInxpswpFHA.2904@xxxxxxxxxxxxxxxxxxxx>
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: mail.stkittsnevisregistry.net 194.164.85.19
| > | > | Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.server.sbs:146589
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | Hi Charles,
| > | > |
| > | > |
| > | > |
| > | > | UPHClean now installed and logging the following errors:
| > | > |
| > | > |
| > | > |
| > | > | Event Type: Information
| > | > |
| > | > | Event Source: UPHClean
| > | > |
| > | > | Event Category: None
| > | > |
| > | > | Event ID: 1501
| > | > |
| > | > | Date: 18/08/2005
| > | > |
| > | > | Time: 16:32:11
| > | > |
| > | > | User: <DOMAINNAME>\<username>
| > | > |
| > | > | Computer: <DOMAINNAME>5
| > | > |
| > | > | Description:
| > | > |
| > | > |
| > | > |
| > | > | The following handles opened in user profile hive
| > | > <DOMAINNAME>\<username>
| > | > | (S-1-5-21-3513629081-3873135916-3088626867-1364) are preventing
the
| > | > profile
| > | > | from unloading:
| > | > |
| > | > |
| > | > |
| > | > | svchost.exe (888)
| > | > |
| > | > | HKCU (0x3a0)
| > | > |
| > | > |
| > | > |
| > | > |
| > | > |
| > | > |
| > | > | How can I tell what application is causing this?
| > | > |
| > | > | Thanks,
| > | > | Nick
| > | > |
| > | > |
| > | > | ""Charles Yang [MSFT]"" <v-chayan@xxxxxxxxxxxxxxxxxxxx> wrote in
| > message
| > | > | news:LEzjLcVmFHA.944@xxxxxxxxxxxxxxxxxxxxxxxx
| > | > | > HI NICK,
| > | > | >
| > | > | > Thanks for quickly updates.
| > | > | >
| > | > | > After researching the error 1517, I found it might relate to
group
| > | > policy
| > | > | > is not update, you can refer to my suggestion below:
| > | > | >
| > | > | > Many system and service processes do work on behalf of users.
| > When
| > | > the
| > | > | > work is done the system or service process is responsible for
| > | > releasing
| > | > | > handles it has to the user profile hive. If this is not done
by
| > the
| > | > | > service as the user logs off the profile cannot be unloaded.
| > | > | >
| > | > | > This problem in code can be caused by improper coding either in
| > | > Microsoft
| > | > | > software or 3rd party software (e.g. printer drivers, virus
| > scanner
| > | > | > service, etc). With the information provided by the system
there
| > is
| > | > no
| > | > | > way
| > | > | > to find out what software needs to be corrected to allow
profiles
| > to
| > | > | > unload.
| > | > | >
| > | > | > Why we use UPHCLEAN
| > | > | > ====================
| > | > | > In the past these issues have been fixed by code changes to
| > release
| > | > the
| > | > | > registry handle. The disadvantage of this approach is that in
| > many
| > | > cases
| > | > | > multiple issues (different code paths) are causing the profiles
to
| > not
| > | > | > unload. Unless all problem code paths are fixed profiles do not
| > | > unload.
| > | > | >
| > | > | > The concept of UPHClean is to deal with these the same way the
| > | > operating
| > | > | > system deals with other resource issues: when a task is done
| > resources
| > | > | > (memory, handles, etc) are automatically reclaimed. UPHClean
| > | > | > accomplishesthis simply by monitoring for users to log off and
| > | > verifying
| > | > | > that unused resources are reclaimed. If they are not it
reclaims
| > the
| > | > | > resource and logsits action. This approach is superior as it
| > works
| > | > for
| > | > | > any
| > | > | > known reason that profiles do not unload and also will keep
| > working
| > to
| > | > | > address new unknown issues.
| > | > | >
| > | > | > Another advantage to UPHClean is that no computer restart is
| > required
| > | > to
| > | > | > install it or remove it (except on Windows NT 4). You can
install
| > and
| > | > | > remove UPHClean to find out whether it helps with a profile
unload
| > | > problem
| > | > | > or not. You can do this without having to worry about what
| > hotfix,
| > | > | > service
| > | > | > pack, feature pack, etc has been installed. Set it and forget
is
| > the
| > | > goal
| > | > | > ofUPHClean.
| > | > | >
| > | > | > By default UPHClean takes action to allow profiles to unload.
You
| > can
| > | > | > choose to have UPHClean only report what processes it finds
| > preventing
| > | > | > profiles from unloading. To do this, install UPHClean and use
the
| > | > | > registry
| > | > | > editor to set:
| > | > | >
| > | > | >
| > HKLM\System\CurrentControlSet\Services\UPHClean\Parameters\REPORT_ONLY
| > | > to
| > | > | > 1
| > | > | >
| > | > | > 837115 Troubleshooting profile unload issues
| > | > | > http://support.microsoft.com/?id=837115
| > | > | >
| > | > | > If possible please perform my steps above and paste any
progress
| > to
| > | > | > newsgroup, thanks for your effort in this issue.
| > | > | >
| > | > | >
| > | > | >
| > | > | > Best regards,
| > | > | >
| > | > | > Charles Yang (MSFT)
| > | > | >
| > | > | > Microsoft CSS Online Newsgroup Support
| > | > | >
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|
.
- Follow-Ups:
- Re: Intermittant GPO failure to apply
- From: NickC
- Re: Intermittant GPO failure to apply
- References:
- Re: Intermittant GPO failure to apply
- From: NickC
- Re: Intermittant GPO failure to apply
- Prev by Date: Re: Setting up Remote Desktop on SBS 03
- Next by Date: Re: ftp uploading file
- Previous by thread: Re: Intermittant GPO failure to apply
- Next by thread: Re: Intermittant GPO failure to apply
- Index(es):
Relevant Pages
|
Loading
