Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, December 8, 2017 11:31 PM
We have a couple machines that I cannot update manually with gpupdate.exe (gets stuck on "Updating policy..." and never updates). However, GPO's are successfully updated in the background as normal. On a side note... these two machines also have very long sign out times. Not sure if there's any corelation (I don't have any logoff scripts).
Any thoughts?
All replies (20)
Monday, March 26, 2018 5:12 PM ✅Answered
Sorry it took so long to respond. (I was out on medical leave for a while.)
So I found part of the problem. It appears a task called Group Policy Script Application is running (and presumably hanging). If I end the task... Group Policy updates from the command line perfectly. It also solves the issue with extremely long Sign Offs. What I don't know is how to determine which policy is causing this so I can correct it. Can you offer any advice?
Thanks again.
Wednesday, March 28, 2018 6:13 PM ✅Answered
Turns out the issue was a Powershell startup script spec'd in Group Policy that caused issues for two of our workstations. (Not quite sure why all other workstations aren't affected though.) As far as this thread is concerned the cause of the issue as been identified and can now be resolved.
Saturday, December 9, 2017 1:02 AM
Try to disjoin and rejoin domain to test the issue.
Please check if the following group policy was enabled in your environment:
Computer policy > administrative templates > System > Group policy > Turn off background refresh of group policy
If yes, please try to disable it and check if the issue persists.
S.Sengupta,Microsoft MVP Windows and Devices for IT, Windows Insider MVP
Monday, December 11, 2017 3:35 PM
Try to disjoin and rejoin domain to test the issue.
Please check if the following group policy was enabled in your environment:
Thanks for the reply.
Yes... I've tried disconnecting and reconnecting to domain and made sure the GPO you referenced was disabled. I've even tried reinstalling the OS and starting fresh and didn't work.
Tuesday, December 12, 2017 9:28 AM
Hi,
Please upload group policy event log onto OneDrive and share the link here for our research:
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
Also enable user debug log and collect for our research. The log file is located at SystemDrive \Debug.
To enable verbose logging (Userenv.log)
Log on as the local administrator.
Click Start , and then click Run .
In the Open text box, type regedit , and then click OK .
Open the HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/Current Version/Winlogon key, and then click **Edit **on the toolbar.
Click Add Value , and enter the value name UserenvDebugLevel .
Set the Data Type to REG_DWORD, click OK , and then under Value , enter the number 30002 . Set the option button to Hex .
Log off and then log on again.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, December 12, 2017 4:20 PM
Hi,
Please upload group policy event log onto OneDrive and share the link here for our research:
Thank you.
Wednesday, December 13, 2017 8:15 AM
Hi,
There is no error in GP event log.
At this time, considering if the gpupdate.exe under C:\Windows\System32 and related file get corrupted.
You can try to copy one from good computer and replace it here. You are recommend to take ownership of this file first.
If the issue still persists, let's run commands with admin priviledge as below to repair related system files to fix this issue
SFC /SCANNOW
In addition, we can use Process monitor to capture the system events during reproduce this issue, then let's go through the log files and see where gpupdate.exe hang up. You can also saved out the pml files and upload the shared drive for our research.
Process Monitor v3.05
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
How to use, please refer to this article:
Using Process Monitor to capture system events
http://www.sophos.com/en-us/support/knowledgebase/119038.aspx
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, December 14, 2017 1:33 AM
Would you mind letting me know the result of the suggestions? If you need further assistance, feel free to let me know. I will be more than happy to be of assistance.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, December 15, 2017 2:01 AM
Have taken time to check my post? Is there any update?
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, December 15, 2017 4:35 PM
Hi Kate.
I read your post. I tried copying gpupdate.exe but the file is in use on the target workstation and can't be overwritten. However, I was simply able to copy the file to the desktop and run it from there. It does the same thing - hangs.
I'll try the other items as soon as I can. I appreciate your help and will respond soon.
Thanks.
Friday, December 15, 2017 8:58 PM
Had the same issue, UAC caused it.. You can't run the same UAC settings you run on Windows 7, or 8, or 8.1 or Vista.. They require a different setup to actually work correctly on a domain in Windows 10..
Here is what worked for me..
Took me a few days to figure this out, but it fixed by issue..
| User Account Control: Admin Approval Mode for the Built-in Administrator account | Disabled |
| User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop | Disabled |
| User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode | Prompt for consent for non-Windows binaries |
| User Account Control: Behavior of the elevation prompt for standard users | Prompt for credentials |
| User Account Control: Detect application installations and prompt for elevation | Disabled |
| User Account Control: Only elevate executables that are signed and validated | Disabled |
| User Account Control: Only elevate UIAccess applications that are installed in secure locations | Enabled |
| User Account Control: Run all administrators in Admin Approval Mode | Enabled |
| User Account Control: Switch to the secure desktop when prompting for elevation | Enabled |
| User Account Control: Virtualize file and registry write failures to per-user locations | Enabled |
Rob
Monday, December 18, 2017 6:03 AM
Hi Kate.
I read your post. I tried copying gpupdate.exe but the file is in use on the target workstation and can't be overwritten. However, I was simply able to copy the file to the desktop and run it from there. It does the same thing - hangs.
I'll try the other items as soon as I can. I appreciate your help and will respond soon.
Thanks.
Ok, let us know if there is any update.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, December 21, 2017 1:26 AM
Hi,
Is there any update on your issue? Post back once you are available.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, December 21, 2017 5:44 PM
Had the same issue, UAC caused it.. You can't run the same UAC settings you run on Windows 7, or 8, or 8.1 or Vista.. They require a different setup to actually work correctly on a domain in Windows 10..
Thanks for reply Rob. All of our workstations have been running Win10Pro without issues, but only two recently exhibited this behavior. I don't have any special UAC policies set.
Thursday, December 21, 2017 6:03 PM
You can try to copy [gpupdate.exe] from good computer and replace it here. You are recommend to take ownership of this file first.
If the issue still persists, let's run commands with admin priviledge as below to repair related system files to fix this issue
SFC /SCANNOW
In addition, we can use Process monitor to capture the system events during reproduce this issue, then let's go through the log files and see where gpupdate.exe hang up.
Thank you for your patience.
I tried replacing gpupdate.exe, but the file is in use. I did copy gpupdate.exe from a working computer to the desktop with the issue and tried running it from that location. It had the same problem. Still hangs at "Updating policy..."
SFC /SCANNOW found no issues.
Log file for Process Monitor link.
Thanks again very much for your assistance.
Friday, December 22, 2017 7:36 AM
The process seems not what I recommend. Would you please capture the one last at least 30 seconds when the Gpupdate hang?
In addition, I would like you to help test this thing on one Problematic computer:
1. Exit the domain by changing the Network as Workgroup.
2. After restarting the PC, run gpupdate to see if the issue still happens.
Also, I consider if the user profile has some issue on another problematic computer:
1. Create a new domain user profile and login it on this PC.
2. Run GPupdate to check the results.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, December 22, 2017 4:30 PM
Ok. I just ran GPupdate. It hung, and at that point I began capturing events for 30 seconds. Here is the new log file.
I've created two domain user profiles on the troubled PC. Both exhibit the same behavior. Each of those users primarily use other computers where GPupdate does NOT hang when executed from the command prompt.
I'd like to reiterate that group policy DOES eventually update automatically as designed, but I cannot execute a manual update from the command prompt.
Before I proceed with your recommendation of exiting the domain, restarting, and then trying GPupdate again... I'd like to hear your thoughts after reviewing the new log file.
Thanks again.
Monday, December 25, 2017 5:34 AM
Hi,
I noticed that Kaspersky was installed to scan when connecting to server when running GPupdate.
Please test your issue after temporarily uninstall Kaspersky, since sometime, even we stop the service of Kaspersky, the blocked files or process still can not work properly.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, December 20, 2018 4:32 AM
Hi Everlifted,
I do experience the similar situation. When we end the task of the group policy script automation, the gpupdate /force were able to run successfully. what are fix you hv done previously?
Peter
Thursday, December 20, 2018 4:22 PM
what are fix you hv done previously?
I can't remember what type of script I was running that was causing the machines to hang, but basically it was just a process of elimination - unlinking or disabling policies until the policy in question was identified and addressed so that the issue no longer occurred.