Dan~ Posted September 7, 2017 Share Posted September 7, 2017 Got an odd one here, we have some machines at a certain site which is unable to get group policy, upon forcing it we get Quote User policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description. Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description. To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results. When I check the event log I get event ID 1006 and error code 82. Any ideas? it looks like I've clicked every website in the world about it but none of it seems relevant. Server 2012 R2 DC Thanks Link to comment Share on other sites More sharing options...
techbeck Posted September 7, 2017 Share Posted September 7, 2017 Normally when I see this, a quick removal/rejoining to the domain fixes it. Link to comment Share on other sites More sharing options...
Dan~ Posted September 7, 2017 Author Share Posted September 7, 2017 (edited) We have tried that but same results DC1 is in UK and works fine DC2 is not in UK and is having the same issues I've done a repadmin on both dc's is all successful, if I do just a dcdiag on dc2 I get the following errors Quote Starting test: SystemLog An error event occurred. EventID: 0x0000272C Time Generated: 09/07/2017 12:21:40 Event String: DCOM was unable to communicate with the computer IPHIDDEN using any of the configured protocols; requested by PID 31e4 (C:\Windows\system32\dcdiag.exe). not sure if that matters too much? Edited September 7, 2017 by Dan~ mistake Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 7, 2017 Veteran Share Posted September 7, 2017 You are having D.C. Replication failures. Please look at your D.C. Event logs for further details. Likely causes are dns databases out of sync. Sites and services not setup correctly. Replication service failure. Network issues. You will probably find that the sysvol share is no longer there on the D.C. Reporting errors. No sysvol no gpos. It will come back once replication has been repaired, do not manually recreate it. Mando 1 Share Link to comment Share on other sites More sharing options...
Dan~ Posted September 7, 2017 Author Share Posted September 7, 2017 (edited) when I do a repadmin /showrepl everything is reporting as fine. That message in my last message has now since, but still unable to create a new secedit db on a users machine - Affecting around 20 computers Any idea where to start? From the users machine i can go to \\domain and get to the sysvol files no problem at all Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 7, 2017 Veteran Share Posted September 7, 2017 Is the dcdiag good too? Link to comment Share on other sites More sharing options...
Dan~ Posted September 7, 2017 Author Share Posted September 7, 2017 Yes it passed all of them (helps if I ran cmd as administrator) Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 7, 2017 Veteran Share Posted September 7, 2017 Reboot the computer check its event logs after restart. If security and system event logs show no error after reboot try the gpupdate /force. Also \\domain\sysvol isn't a valid test in your case. \\dchostname\sysvol is Link to comment Share on other sites More sharing options...
Dan~ Posted September 7, 2017 Author Share Posted September 7, 2017 We've tried that but it looks like this has been going on for months just no one ever noticed Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 7, 2017 Veteran Share Posted September 7, 2017 If you wish I can look at to get a better idea. TeamViewer is fine. Pm information. Otherwise I recommend a call to Microsoft. I would need access to your logs, config, and tools in your environment. Link to comment Share on other sites More sharing options...
Dan~ Posted March 26, 2018 Author Share Posted March 26, 2018 Thought i’d update this. it was because we were linking a gpo from one domain to another and the correct ports weren’t open Brandon H 1 Share Link to comment Share on other sites More sharing options...
Brandon H Supervisor Posted March 27, 2018 Supervisor Share Posted March 27, 2018 that'll do it; definitely can't forget to check ports if going between domains glad you god it sorted Dan Link to comment Share on other sites More sharing options...
Recommended Posts