Problem
I am using Windows Server 2008 R2 , today, I have modified some settings in one of Group Policy and as usual I have tried the command gpupdate / force to update gpo settings. After some time, I have receive the error “User policy could not be updated successfully” and “Computer policy could not be updated successfully”.
User policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows attempted to read the file TestDomain.localsysvolTestDomain.localPolicies{31B2F340-016D-11D2-945F-00C04FB984F9}gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were encountered:
Fix/Solution:
Browse the Sysvol directory (domainnameSysvol) from StartRun. then you will get below error message. .
Network Error-Windows cannot access domainnamesysvol Check the spelling of the name. Otherwise, there might be a problem with your network. To try to identify and resolve network problems, Error code: 0x800704cf - The network location cannot be reached. For information about network troubleshooting, see Windows Help.
If you got this error message, you are facing the same problem that I faced. Then try to browse the Sysvol directory by Domain Controller name or FQDN (DC1Sysvol) instead of domain name from StartRun. now you can access the sysvol without any problem, so the ultimate cause for this issue is Name Resolution/Network Connectivity problem. The root cause of the Name Resolution will differs for every environment.
In my environment, I have fixed the Name Resolution issue by following below steps:
– Checked Name Resolution by Ping command (Ping YourDomain.local)
– Ping result shows, it is trying to connect wrong IP address instead of IP of current DC, and ensured the wrong IP address is nothing but the IP of my another DC which is not active.
Finally, I have confirmed this is the root cause for my problem, the IP address of inactive DC is cached in DNS entries for the domain name, Now, I started that DC and confirmed everything is working fine now.
Note: Name Resolution/Network Connectivity problem is generic DNS problem, so please try to resolve DNS cache issue as per your own need.
Other Useful References:
– http://support.microsoft.com/kb/934907
– https://social.technet.microsoft.com/Forums/windowsserver/en-US/2a1dae75-90bb-43c3-963e-b5a668f4fd33/gpupdate-returns-event-id-1058-error-code-53
– https://social.technet.microsoft.com/Forums/en-US/d8f2b1a0-17a3-4756-b2de-7ffbd9bf1d92/user-policy-could-not-be-updated-successfully-the-following-errors-were-encountered-please-help-me?forum=winserverGP