Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, June 9, 2020 5:34 AM
Hi All,
I've configured a vpn network using the always on vpn tutorial. I am able to connect to the VPN just fine, and connected manually. From there I built the VPN profile powershell script from microsoft's guide (I can't post the link because my account still hasn't been verified). uninstalled the manual vpn, reran the script, and the vpn now automatically connects (cool!).
However, I ran into a weird hiccup when trying to apply a new group policy. I set up a group policy to map a shared folder (\server_name\shared_folder) to a network drive. If I'm connected to the corporate network, I can run gpupdate /force from the command line and it completes successfully. The network drive shows up, the correct folders are available, works great! However, if I then connect to an outside network and to my VPN, I lose my connection to the drive. If I delete the drive, and try to add it back, again via gpupdate /force, I get the following error:
"The processing of Group Policy failed. Windows attempted to read the file \data.company.com\SysVol\data.company.com\Policies\5C63434B-E0EB-44A7-B386-57843E0DA65C}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results."
If I connect to my corporate network and manually connect to the vpn (click "connect) I get the same error. But, when I connect back to the corporate network without any VPN connection, function is restored, and I can add the drive by executing gpupdate /force.
Going into the event viewer, I can see that the gpupdate has failed with an event ID of 1058 (and curiously, an error code of 0 and an error description of "the operation completed successfully"). I tried seeing if I've got some issue where I can't reach my domain controller, but an nslookup of my domain controller by name returns the correct IP, nltest /dsgetdc:data.company.com shows I'm connected to the correct DC and gives the proper IP.
So I'm stumped... almost across the finish line on setting up my vpn, just need to figure out why I can't get this network drive to work. Any advice is greatly appreciated!
All replies (6)
Wednesday, June 10, 2020 12:31 AM
Hi,
Thanks for sharing here!
To know the issue more clearly, it would be helpful to collect the following information.
1,When you connect to the VPN, can you access the shared folders successfully?
2,Can you access the GPT file in the sysvol folder?
If both 1,2 was good, i would recommend GPRESULT /H GPReport.html , if you want to get more details about the gpo process , you can consider enabling the GPSVC log.
For your reference: https://blogs.technet.microsoft.com/askds/2015/04/17/a-treatise-on-group-policy-troubleshootingnow-with-gpsvc-log-analysis/
Best Regards,
Fan
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Wednesday, June 10, 2020 5:45 AM
Hi Fan,
Thanks for the response. I can see the GPT file in the sysvol folder and can access shared folders (I was having a problem accessing when the group policy failed when I assigned the drive as the next available letter, but when I started assigning it as a static letter I could connect fine).
I set up the log and ran gpupdate /force. The log is too large to copy paste in and I'm not allowed to attach a file. Let me know if you'd like me to send it to you some other way. What I can see way down the list (it's 2626 lines long) is this info on the failed group policy:
GPSVC(8c48.7cf4) 23:29:50:353 ProcessGPO(User): Searching <cn={5C63434B-E0EB-44A7-B386-57843E0DA65C},cn=policies,cn=system,DC=data,DC=company_name,DC=com>
GPSVC(8c48.7cf4) 23:29:50:353 ProcessGPO(User): User has access to this GPO.
GPSVC(8c48.7cf4) 23:29:50:353 ProcessGPO(User): Found common name of: <{5C63434B-E0EB-44A7-B386-57843E0DA65C}>
GPSVC(8c48.7cf4) 23:29:50:354 ProcessGPO(User): GPO passes the filter check.
GPSVC(8c48.7cf4) 23:29:50:354 ProcessGPO(User): Found functionality version of: 2
GPSVC(8c48.7cf4) 23:29:50:354 ProcessGPO(User): Found file system path of: <\data.company_name.com\SysVol\data.company_name.com\Policies\5C63434B-E0EB-44A7-B386-57843E0DA65C}>
GPSVC(8c48.7cf4) 23:29:50:554 ProcessGPO(User): Couldn't find the group policy template file <\data.company_name.com\SysVol\data.company_name.com\Policies\5C63434B-E0EB-44A7-B386-57843E0DA65C}\gpt.ini>, error = 0x4f1. DC: computer.data.company_name.com
GPSVC(8c48.7cf4) 23:29:50:555 ProcessGPO(User): ==============================
GPSVC(8c48.7cf4) 23:29:50:556 EvalList: ProcessGPO failed
GPSVC(8c48.7cf4) 23:29:50:557 GetGPOInfo: EvaluateDeferredGPOs failed. Exiting
Not sure what to make of this, but it seems like I am missing some sort of template? I didn't start with any type of template (just enabled drive mapping from the preferences menu). Not sure if this has anything to do with it or not. Let me know if there are other lines from the log file or additional info you'd like to see.
Thanks!
Tom
Friday, June 12, 2020 3:27 AM
Hi,
Thanks for posting here!
The process only showing the computer can't find the GPT .More information are need to be collect.
It is not recommended to share more logs here!
If there is no progress, I would suggest you contact Microsoft Customer Services and Support to get an efficient solution:
https://support.microsoft.com/en-in/hub/4343728/support-for-business
Best Regards,
Fan
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Friday, June 12, 2020 4:19 AM
Just following up on my answer below. Also one thing in your response I'm unclear on... do you mean can I access the GPT file when logged into my server, or can I access it remotely from my VPN client computer?
Friday, June 12, 2020 4:25 AM
One last update, when trying to access the shared folder, results are inconsistent. Tonight while trying to access the drive (drive V:\ I received the message the system cannot contact a domain controller to service the authentication request. Please try again later.
Seems, though, that I am connected to my DC... nltest results upon failure to connect to drive:
nltest /dnsgetdc:data.company.com
List of DCs in pseudo-random order taking into account SRV priorities and weights:
Non-Site specific:
cbdc.data.company.com 192.168.1.215 192.168.1.60 192.168.1.210
The command completed successfully
Still stuck. Would really appreciate some direction!
Friday, June 12, 2020 5:21 AM
Hi,
Before apply the GPO, I would recommend you confirm the network is working well with the network team.May be try to capture a traffic package by using the network monitor.
Best Regards,
Fan
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact [email protected]