I had some problems with the application of GPOs on a Windows server 2016, I got this error on the Windows log (Event Log Group policy):
gpresult:
Registry failed due to the error listed below.
Unspecified error
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between
I've enabled the logs for Group policy, to do that just changed\create a reg key(GPSvcDebugLevel) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics]
“GPSvcDebugLevel”=dword:00030002
I found these errors:
GPSVC(104.7638) 05:14:51:342 ProcessGPORegistryPolicy: Directory (D:\ProgramData\Microsoft\GroupPolicy\Users\S-1-5-21-3112070178-1138935389-355353746-1156) doesn't exist and hence creating it
GPSVC(104.7638) 05:14:51:343 CheckAndCreateSubFolders: failed to CreateDirectory for path D:\ProgramData\Microsoft\GroupPolicy\Users\S-1-5-21-3112070178-1138935389-355353746-1156 with error: 5.
GPSVC(104.7638) 05:14:51:343 SetSecureDirectory: failed to CheckAndCreateSubFolders for path D:\ProgramData\Microsoft\GroupPolicy\Users\S-1-5-21-3112070178-1138935389-355353746-1156 with error: 5.
For some reason the GPO was trying to create a folder in a non-existent path, I checked and the right path is D:\ProgramData\Microsoft\Group Policy\ with space between Group and Policy. The solution The solution I found was to create a GroupPolicy folder and copy the files.
Steps for Solution:
1. Create a folder GroupPolicy inside D:\ProgramData\Microsoft\
2. Copy the files D:\ProgramData\Microsoft\Group Policy\ to D:\ProgramData\Microsoft\GroupPolicy\
3. Create a task scheduler to copy the files every hour using robocopy.
I don't know what the root cause of the issue is, but as the environment was a Standalone server with Domain Controller and RDS services on the same server.
There are no computers members within the domain.
Nenhum comentário:
Postar um comentário