Results 1 to 18 of 18

Thread: GPO's stopped applying??

  1. #1
    Join Date
    Jun 2011
    Location
    Mississippi
    Posts
    3,848

    Default GPO's stopped applying??

    Our GPO's have been working fine for years. Two days ago, something happened (not sure what) but 3 of them stopped working. When I run gpresult /r the GPO does not show up at all. I have read every tech article I can find and everything is set correctly. I'm not using loopback on any GPO or in gpedit.msc. I can ping both DC's by name and ip. The only GPO that shows up is the Default Domain Policy. I have restarted the box once and done gpupdate /force countless times. What am I missing?? This is on a server 2012 R2 machine and we are using is as a terminal server.Hurry b/c I don't have much hair left!!

    Thanks
    Trey
    I take an PLB in the shower with me. Can't ever be too safe.

    Whats it like to live w/o the Internet? Not bad, I get photos of your mom thought the mail....

    "I'd like to know more about this. Someone give cottontop a bump of coke."
    Sportin' Woodies

  2. #2
    Join Date
    Aug 2004
    Location
    Camden SC
    Posts
    3,189

    Default

    I don't even have a smidgen of a clue as to what you are talking about.

    Hope that helps...

  3. #3
    Join Date
    Jun 2011
    Location
    Mississippi
    Posts
    3,848

    Default

    Quote Originally Posted by Drylok View Post
    I don't even have a smidgen of a clue as to what you are talking about.

    Hope that helps...
    at this point I'm starting to wonder if I do. I've been working with this stuff for years and I'm stumped.
    I take an PLB in the shower with me. Can't ever be too safe.

    Whats it like to live w/o the Internet? Not bad, I get photos of your mom thought the mail....

    "I'd like to know more about this. Someone give cottontop a bump of coke."
    Sportin' Woodies

  4. #4
    Join Date
    Mar 2002
    Location
    'Down in the Holler', SC
    Posts
    14,556

    Default

    Wish I could help, but I normally break my stuff. I also have no idea as to what you're talking about.

    Good luck.
    .
    Foothills Golden Retriever Rescue
    .
    "Keep your powder dry, Boys!"
    ~ George Washington

    "If I understood everything I said I'd be a genius." ~ 'Unknown'

  5. #5
    Join Date
    Nov 2009
    Posts
    4,759

    Default

    Turn it off and turn it back on.

    Hope this helps.

  6. #6
    Join Date
    Dec 2009
    Posts
    5,127

    Default

    have you done a dcdiag to see if there is anything up there? is the GPO applied to mulitple servers? is it working on others? Is it assigned to a user/group, or workstation object/group?
    Last edited by everlast; 06-17-2016 at 10:10 AM.
    “If ye love wealth better than liberty, the tranquility of servitude better than the animating contest of freedom, go home from us in peace. We ask not your counsels or arms. Crouch down and lick the hands which feed you. May your chains set lightly upon you, and may posterity forget that ye were our countrymen.”
    -Samuel Adams

  7. #7
    Join Date
    Dec 2009
    Posts
    5,127

    Default

    also, try "enforced" if you dont have it already.
    “If ye love wealth better than liberty, the tranquility of servitude better than the animating contest of freedom, go home from us in peace. We ask not your counsels or arms. Crouch down and lick the hands which feed you. May your chains set lightly upon you, and may posterity forget that ye were our countrymen.”
    -Samuel Adams

  8. #8
    Join Date
    Dec 2006
    Location
    Lowcountry
    Posts
    940

    Default

    Ctrl + Alt + Delete

  9. #9
    Join Date
    Aug 2009
    Location
    PeeDee
    Posts
    8,582

    Default

    Did you virtualize your DC's and have you done a restore of any of them within the last 90 days? We had an issue recently where we had to do a DC restore on a virtualized machine. The machine ID is not the same as before the restore. Therefore, the server tombstoned after 90 days. Try running the repadmin tool. There's a repadmin /replsum option I believe. That should give you some good info from the replication side.

  10. #10
    Join Date
    Jan 2010
    Location
    Greenville, SC
    Posts
    4,990

    Default


  11. #11
    Join Date
    Jun 2011
    Location
    Mississippi
    Posts
    3,848

    Default

    Quote Originally Posted by everlast View Post
    have you done a dcdiag to see if there is anything up there? is the GPO applied to mulitple servers? is it working on others? Is it assigned to a user/group, or workstation object/group?
    Sorry for the delayed response. I was out of the office for a week. The gpo is applied to the user. It basically removes a lot of functions so the end user can't mess anything up on the terminal server. It gets applied correctly to our old TS but something changed, week before last, that caused this box (server 2012 r2) to stop applying them. It will apply the default domain policy but none of the others.
    I take an PLB in the shower with me. Can't ever be too safe.

    Whats it like to live w/o the Internet? Not bad, I get photos of your mom thought the mail....

    "I'd like to know more about this. Someone give cottontop a bump of coke."
    Sportin' Woodies

  12. #12
    Join Date
    Jun 2011
    Location
    Mississippi
    Posts
    3,848

    Default

    Quote Originally Posted by XHailGC View Post
    Did you virtualize your DC's and have you done a restore of any of them within the last 90 days? We had an issue recently where we had to do a DC restore on a virtualized machine. The machine ID is not the same as before the restore. Therefore, the server tombstoned after 90 days. Try running the repadmin tool. There's a repadmin /replsum option I believe. That should give you some good info from the replication side.
    No virtualization and no restore.
    I take an PLB in the shower with me. Can't ever be too safe.

    Whats it like to live w/o the Internet? Not bad, I get photos of your mom thought the mail....

    "I'd like to know more about this. Someone give cottontop a bump of coke."
    Sportin' Woodies

  13. #13
    Join Date
    Jun 2011
    Location
    Mississippi
    Posts
    3,848

    Default

    Quote Originally Posted by everlast View Post
    also, try "enforced" if you dont have it already.
    I've tried that and it doesn't change anything on this machine.
    I take an PLB in the shower with me. Can't ever be too safe.

    Whats it like to live w/o the Internet? Not bad, I get photos of your mom thought the mail....

    "I'd like to know more about this. Someone give cottontop a bump of coke."
    Sportin' Woodies

  14. #14
    Join Date
    Sep 2001
    Location
    South Carolina
    Posts
    3,154

    Default

    Obviously something did change, do you have auditing enabled and can track the changes to AD?

    Without snapshot/virtual or restore from day before change you are on a hard road my man. With auditing at least you could see if someone else changed something or are you the only admin?
    Quote Originally Posted by Mergie Master View Post
    I played my butt horn on a wooden pew once. No one seemed to appreciate it, especially my mom who took me outside and put the fear of God in me. To this day I still look over my shoulder to see if she's around before I fart.

  15. #15
    Join Date
    Jun 2011
    Location
    Mississippi
    Posts
    3,848

    Default

    It was a windows update that caused the issue. Ahhhh. Removed the update and it worked fine.

    I will post which patch it was. It will bring a 2012 r2 rdc down.
    Last edited by sftull; 06-29-2016 at 05:44 PM.
    I take an PLB in the shower with me. Can't ever be too safe.

    Whats it like to live w/o the Internet? Not bad, I get photos of your mom thought the mail....

    "I'd like to know more about this. Someone give cottontop a bump of coke."
    Sportin' Woodies

  16. #16
    Join Date
    Jun 2011
    Location
    Mississippi
    Posts
    3,848

    Default

    I'm the only admn
    I take an PLB in the shower with me. Can't ever be too safe.

    Whats it like to live w/o the Internet? Not bad, I get photos of your mom thought the mail....

    "I'd like to know more about this. Someone give cottontop a bump of coke."
    Sportin' Woodies

  17. #17
    Join Date
    Sep 2001
    Location
    South Carolina
    Posts
    3,154

    Default

    Sweet. They have certainly been known to do that over the years. The obvious best way is to disable autoupdate and only push updates to a test enviorment first but I know not many even enterprise shops enable you to do that. That's why I run ESX and 2012 VM's with AD at my house... excellent test enviorment and if the world goes to shit all I have to do is kill it and recreate and create 4 real accounts and any test accounts I need.
    Quote Originally Posted by Mergie Master View Post
    I played my butt horn on a wooden pew once. No one seemed to appreciate it, especially my mom who took me outside and put the fear of God in me. To this day I still look over my shoulder to see if she's around before I fart.

  18. #18
    Join Date
    Sep 2001
    Location
    South Carolina
    Posts
    3,154

    Default

    BTW sftull what functional level are those DC's at?
    Quote Originally Posted by Mergie Master View Post
    I played my butt horn on a wooden pew once. No one seemed to appreciate it, especially my mom who took me outside and put the fear of God in me. To this day I still look over my shoulder to see if she's around before I fart.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •