Hi All, I create a Samba domain and works it's great, the issue that I have is with the GPO's.When applying GPO's then only the computer Policy is applied and not the user GPO. I keep on receiving below error. Has anybody else perhaps been experiencing the same issues? C:\>gpupdate /force Updating Policy... User policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account. Computer Policy update has completed successfully. To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.4 Kind Regards �This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link https://webmail.vodacom.co.za/tc/default.html "
this command >> samba-tool ntacl sysvolreset 2016-04-06 13:34 GMT+03:00 Eben Victor <eben.victor at vcontractor.co.za>:> Hi All, > I create a Samba domain and works it's great, the issue that I have is > with the GPO's.When applying GPO's then only the computer Policy is applied > and not the user GPO. I keep on receiving below error. > Has anybody else perhaps been experiencing the same issues? > > C:\>gpupdate /force > Updating Policy... > > User policy could not be updated successfully. The following errors were > encountered: > > The processing of Group Policy failed. Windows could not determine if the > user and computer accounts are in the same forest. Ensure the user domain > name matches the name of a trusted domain that resides in the same forest > as the computer account. > Computer Policy update has completed successfully. > > To diagnose the failure, review the event log or run GPRESULT /H > GPReport.html from the command line to access information about Group > Policy results.4 > > Kind Regards > “This e-mail is sent on the Terms and Conditions that can be accessed by > Clicking on this link https://webmail.vodacom.co.za/tc/default.html " > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hi, I have 4 DC's and I ran the command on all 4 already, but still nothing. I even added the command as a cron job to see if that might help. ##SELECTION_END## C:\>gpresult /r INFO: The user "domain\user" does not have RSOP data. Regards -----Original Message----- From: barış tombul <bbtombul at gmail.com> To: Eben Victor <eben.victor at vcontractor.co.za> Cc: samba <samba at lists.samba.org> Subject: Re: [Samba] GPO Date: Wed, 6 Apr 2016 14:10:10 +0300 this command >> samba-tool ntacl sysvolreset 2016-04-06 13:34 GMT+03:00 Eben Victor <eben.victor at vcontractor.co.za>:> Hi All, > I create a Samba domain and works it's great, the issue that I have > is with the GPO's.When applying GPO's then only the computer Policy > is applied and not the user GPO. I keep on receiving below error. > Has anybody else perhaps been experiencing the same issues? > > C:\>gpupdate /force > Updating Policy... > > User policy could not be updated successfully. The following errors > were encountered: > > The processing of Group Policy failed. Windows could not determine if > the user and computer accounts are in the same forest. Ensure the > user domain name matches the name of a trusted domain that resides in > the same forest as the computer account. > Computer Policy update has completed successfully. > > To diagnose the failure, review the event log or run GPRESULT /H > GPReport.html from the command line to access information about Group > Policy results.4 > > Kind Regards > “This e-mail is sent on the Terms and Conditions that can be accessed > by Clicking on this link https://webmail.vodacom.co.za/tc/default.htm > l " > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba�This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link https://webmail.vodacom.co.za/tc/default.html "
Any event id for this one? If its event id : 1110. Open CMD box, type ipconfig /all And post the result. I suppect one of the following. 1) pc cloned without sysprep, so multiple pc's with same SID. 2) wrong DNS-Domain suffix 3) wrong DNS-Search suffix Test this by remove you pc from domain, add it again, reboot. Login with the same user. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Eben Victor > Verzonden: woensdag 6 april 2016 13:25 > Aan: bar???? tombul > CC: samba > Onderwerp: Re: [Samba] GPO > > Hi, > I have 4 DC's and I ran the command on all 4 already, but still > nothing. I even added the command as a cron job to see if that might > help. > ##SELECTION_END## > C:\>gpresult /r > INFO: The user "domain\user" does not have RSOP data. > Regards > -----Original Message----- > From: bar???? tombul <bbtombul at gmail.com> > To: Eben Victor <eben.victor at vcontractor.co.za> > Cc: samba <samba at lists.samba.org> > Subject: Re: [Samba] GPO > Date: Wed, 6 Apr 2016 14:10:10 +0300 > this command >> samba-tool ntacl sysvolreset > 2016-04-06 13:34 GMT+03:00 Eben Victor <eben.victor at vcontractor.co.za>: > > Hi All, > > I create a Samba domain and works it's great, the issue that I have > > is with the GPO's.When applying GPO's then only the computer Policy > > is applied and not the user GPO. I keep on receiving below error. > > Has anybody else perhaps been experiencing the same issues? > > > > C:\>gpupdate /force > > Updating Policy... > > > > User policy could not be updated successfully. The following errors > > were encountered: > > > > The processing of Group Policy failed. Windows could not determine if > > the user and computer accounts are in the same forest. Ensure the > > user domain name matches the name of a trusted domain that resides in > > the same forest as the computer account. > > Computer Policy update has completed successfully. > > > > To diagnose the failure, review the event log or run GPRESULT /H > > GPReport.html from the command line to access information about Group > > Policy results.4 > > > > Kind Regards > > ?This e-mail is sent on the Terms and Conditions that can be accessed > > by Clicking on this link https://webmail.vodacom.co.za/tc/default.htm > > l " > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > ?This e-mail is sent on the Terms and Conditions that can be accessed by > Clicking on this link https://webmail.vodacom.co.za/tc/default.html " > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Hi Louis,
See below,
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : EBEN-TEST-PC
Primary Dns Suffix . . . . . . . : domain.corp
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.corp
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.corp
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-0C-29-67-2C-53
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.16.210.130(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 06 April 2016 01:17:33 PM
Lease Expires . . . . . . . . . . : 06 April 2016 03:14:04 PM
Default Gateway . . . . . . . . . : 172.16.210.2
DHCP Server . . . . . . . . . . . : 172.16.210.254
DNS Servers . . . . . . . . . . . : 10.102.219.51
10.102.219.50
10.132.33.48
10.132.33.2
Primary WINS Server . . . . . . . : 172.16.210.2
NetBIOS over Tcpip. . . . . . . . : Enabled
I have already tested disjoin and rejoining the PC, still the same
error. I did a clean installation with new hostname as well.
Also see below Microsoft analyst report
User Logon Info
************
User Name : domain\user
User SID : S-1-5-21-801203796-115225906-466470621-
4513
User Object
DN : CN=user##SELECTION_END##,OU=Users,DC=domain,DC=corp
User Password Last Set : 7/16/2015 3:20:41 PM
UserAccountControl Value : {NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD}
Logon Authentication Method : Kerberos
User Domain : domain.corp
Computer Site : Default-First-Site-Name
Computer Role : Client
Computer Operating System : Windows 7
Computer Domain : domain.corp
Domain Controller : {zafprdc001.domain.corp}
Global Catalog : {zacprdc001.domain.corp}
System Logs:
***********
11/2/2015 10:15:00 AM Warning EBEN-TEST-PC.domain.corp 1014 Microsoft-
Windows-DNS-Client N/A NT AUTHORITY\NETWORK SERVICE Name resolution for
the name _ldap._tcp.dc._msdcs.domain.corp timed out after none of the
configured DNS servers responded.
http://social.technet.microsoft.com/wiki/contents/articles/3336.event-i
d-1014-microsoft-windows-dns-client.aspx
11/2/2015 10:15:02 AM Error EBEN-TEST-PC.domain.corp 5719 NETLOGON N/A
N/A This computer was not able to set up a secure session with a domain
controller in domain domain due to the following: There are currently
no logon servers available to service the logon request. This may lead
to authentication problems. Make sure that this computer is connected
to the network. If the problem persists, please contact your domain
administrator. ADDITIONAL INFO If this computer is a domain
controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain.
Otherwise, this computer sets up the secure session to any domain
controller in the specified domain.
https://support.microsoft.com/en-us/kb/938449
11/2/2015 10:15:11 AM Error EBEN-TEST-PC.domain.corp 1058 Microsoft-
Windows-GroupPolicy N/A NT AUTHORITY\SYSTEM The processing of Group
Policy failed. Windows attempted to read the file
\\domain.corp\SysVol\domain.corp\Policies\{CCD95983-4A18-4AA7-9466-
D95765CC1AD0}\gpt.ini from a domain controller and was not successful.
Group Policy settings may not be applied until this event is resolved.
This issue may be transient and could be caused by one or more of the
following: a) Name Resolution/Network Connectivity to the current
domain controller. b) File Replication Service Latency (a file created
on another domain controller has not replicated to the current domain
controller). c) The Distributed File System (DFS) client has been
disabled.
https://technet.microsoft.com/en-us/library/cc727259(v=ws.10).aspx
11/2/2015 10:15:53 AM Error EBEN-TEST-PC.domain.corp 1110 Microsoft-
Windows-GroupPolicy N/A domain\EBEN-TEST-PC The processing of Group
Policy failed. Windows could not determine if the user and computer
accounts are in the same forest. Ensure the user domain name matches
the name of a trusted domain that resides in the same forest as the
computer account.
https://technet.microsoft.com/en-us/library/cc727342(v=ws.10).aspx
Group policy Logs:
**************
11/2/2015 10:15:11 AM Error EBEN-TEST-PC.domain.corp 7017 Microsoft-
Windows-GroupPolicy N/A NT AUTHORITY\SYSTEM The system calls to access
specified file completed.
\\domain.corp\SysVol\domain.corp\Policies\{CCD95983-4A18-4AA7-9466-
D95765CC1AD0}\gpt.ini The call failed after 827 milliseconds.
11/2/2015 10:15:12 AM Error EBEN-TEST-PC.domain.corp 7000 Microsoft-
Windows-GroupPolicy N/A NT AUTHORITY\SYSTEM Computer boot policy
processing failed for domain\EBEN-TEST-PC$ in 4 seconds.
11/2/2015 10:15:53 AM Error EBEN-TEST-PC.domain.corp 7001 Microsoft-
Windows-GroupPolicy N/A NT AUTHORITY\SYSTEM User logon policy
processing failed for domain\EBEN-TEST-PC in 0 seconds.
11/2/2015 10:16:25 AM Error EBEN-TEST-PC.domain.corp 7005 Microsoft-
Windows-GroupPolicy N/A NT AUTHORITY\SYSTEM Manual processing of policy
failed for user domain\EBEN-TEST-PC in 0 seconds.
Gpresult:
*******
INFO: The user "domain\user" does not have RSOP data.
07/21/2015 02:11:48 AM Error EBEN-TEST-PC.domain 4205
Microsoft-Windows-NlaSvc Gateway Resolution NT
AUTHORITY\NETWORK SERVICE Gateway resolution failed on interface
{581B9AD1-62E8-4689-9338-E2568B7DD014} for 10.23.199.1 with error: 0x43
07/22/2015 02:10:24 AM Error EBEN-TEST-PC.domain 4343
Microsoft-Windows-NlaSvc Ldap Authenticatio NT
AUTHORITY\NETWORK SERVICE LDAP authentication on interface
{581B9AD1-62E8-4689-9338-E2568B7DD014} (10.23.199.220) failed with
error 0x56
LDAP errors:
https://support.microsoft.com/en-us/kb/218185
-----Original Message-----
From: barış tombul <bbtombul at gmail.com>
To: Eben Victor <eben.victor at vcontractor.co.za>
Cc: samba <samba at lists.samba.org>
Subject: Re: [Samba] GPO
Date: Wed, 6 Apr 2016 14:10:10 +0300
this command >> samba-tool ntacl sysvolreset
2016-04-06 13:34 GMT+03:00 Eben Victor <eben.victor at
vcontractor.co.za>:> Hi All,
> I create a Samba domain and works it's great, the issue that I have
> is with the GPO's.When applying GPO's then only the computer Policy
> is applied and not the user GPO. I keep on receiving below error.
> Has anybody else perhaps been experiencing the same issues?
>
> C:\>gpupdate /force
> Updating Policy...
>
> User policy could not be updated successfully. The following errors
> were encountered:
>
> The processing of Group Policy failed. Windows could not determine if
> the user and computer accounts are in the same forest. Ensure the
> user domain name matches the name of a trusted domain that resides in
> the same forest as the computer account.
> Computer Policy update has completed successfully.
>
> To diagnose the failure, review the event log or run GPRESULT /H
> GPReport.html from the command line to access information about Group
> Policy results.4
>
> Kind Regards
> “This e-mail is sent on the Terms and Conditions that can be accessed
> by Clicking on this link https://webmail.vodacom.co.za/tc/default.htm
> l "
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
�This e-mail is sent on the Terms and Conditions that can be accessed by
Clicking on this link https://webmail.vodacom.co.za/tc/default.html "
Hai, The PC config looks ok. Check your firewall settings on you pc and DC. Open 389 and 636 (TCP and UDP) and test from the pc if you can telnet to port 53 of the DNS servers. Let me know the result. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Eben Victor > Verzonden: donderdag 7 april 2016 12:16 > Aan: samba > Onderwerp: Re: [Samba] GPO > > Hi Louis, > See below, > C:\>ipconfig /all > Windows IP Configuration > Host Name . . . . . . . . . . . . : EBEN-TEST-PC > Primary Dns Suffix . . . . . . . : domain.corp > Node Type . . . . . . . . . . . . : Hybrid > IP Routing Enabled. . . . . . . . : No > WINS Proxy Enabled. . . . . . . . : No > DNS Suffix Search List. . . . . . : domain.corp > Ethernet adapter Local Area Connection: > Connection-specific DNS Suffix . : domain.corp > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network > Connection > Physical Address. . . . . . . . . : 00-0C-29-67-2C-53 > DHCP Enabled. . . . . . . . . . . : Yes > Autoconfiguration Enabled . . . . : Yes > IPv4 Address. . . . . . . . . . . : 172.16.210.130(Preferred) > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Lease Obtained. . . . . . . . . . : 06 April 2016 01:17:33 PM > Lease Expires . . . . . . . . . . : 06 April 2016 03:14:04 PM > Default Gateway . . . . . . . . . : 172.16.210.2 > DHCP Server . . . . . . . . . . . : 172.16.210.254 > DNS Servers . . . . . . . . . . . : 10.102.219.51 > 10.102.219.50 > 10.132.33.48 > 10.132.33.2 > Primary WINS Server . . . . . . . : 172.16.210.2 > NetBIOS over Tcpip. . . . . . . . : Enabled > I have already tested disjoin and rejoining the PC, still the same > error. I did a clean installation with new hostname as well. > Also see below Microsoft analyst report > User Logon Info > ************ > User Name : domain\user > User SID : S-1-5-21-801203796-115225906-466470621- > 4513 > User Object > DN : CN=user##SELECTION_END##,OU=Users,DC=domain,DC=corp > User Password Last Set : 7/16/2015 3:20:41 PM > UserAccountControl Value : {NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD} > Logon Authentication Method : Kerberos > User Domain : domain.corp > Computer Site : Default-First-Site-Name > Computer Role : Client > Computer Operating System : Windows 7 > Computer Domain : domain.corp > Domain Controller : {zafprdc001.domain.corp} > Global Catalog : {zacprdc001.domain.corp} > > System Logs: > *********** > 11/2/2015 10:15:00 AM Warning EBEN-TEST-PC.domain.corp 1014 Microsoft- > Windows-DNS-Client N/A NT AUTHORITY\NETWORK SERVICE Name resolution for > the name _ldap._tcp.dc._msdcs.domain.corp timed out after none of the > configured DNS servers responded. > http://social.technet.microsoft.com/wiki/contents/articles/3336.event-i > d-1014-microsoft-windows-dns-client.aspx > > 11/2/2015 10:15:02 AM Error EBEN-TEST-PC.domain.corp 5719 NETLOGON N/A > N/A This computer was not able to set up a secure session with a domain > controller in domain domain due to the following: There are currently > no logon servers available to service the logon request. This may lead > to authentication problems. Make sure that this computer is connected > to the network. If the problem persists, please contact your domain > administrator. ADDITIONAL INFO If this computer is a domain > controller for the specified domain, it sets up the secure session to > the primary domain controller emulator in the specified domain. > Otherwise, this computer sets up the secure session to any domain > controller in the specified domain. > https://support.microsoft.com/en-us/kb/938449 > > 11/2/2015 10:15:11 AM Error EBEN-TEST-PC.domain.corp 1058 Microsoft- > Windows-GroupPolicy N/A NT AUTHORITY\SYSTEM The processing of Group > Policy failed. Windows attempted to read the file > \\domain.corp\SysVol\domain.corp\Policies\{CCD95983-4A18-4AA7-9466- > D95765CC1AD0}\gpt.ini from a domain controller and was not successful. > Group Policy settings may not be applied until this event is resolved. > This issue may be transient and could be caused by one or more of the > following: a) Name Resolution/Network Connectivity to the current > domain controller. b) File Replication Service Latency (a file created > on another domain controller has not replicated to the current domain > controller). c) The Distributed File System (DFS) client has been > disabled. > https://technet.microsoft.com/en-us/library/cc727259(v=ws.10).aspx > > 11/2/2015 10:15:53 AM Error EBEN-TEST-PC.domain.corp 1110 Microsoft- > Windows-GroupPolicy N/A domain\EBEN-TEST-PC The processing of Group > Policy failed. Windows could not determine if the user and computer > accounts are in the same forest. Ensure the user domain name matches > the name of a trusted domain that resides in the same forest as the > computer account. > https://technet.microsoft.com/en-us/library/cc727342(v=ws.10).aspx > > Group policy Logs: > ************** > 11/2/2015 10:15:11 AM Error EBEN-TEST-PC.domain.corp 7017 Microsoft- > Windows-GroupPolicy N/A NT AUTHORITY\SYSTEM The system calls to access > specified file completed. > \\domain.corp\SysVol\domain.corp\Policies\{CCD95983-4A18-4AA7-9466- > D95765CC1AD0}\gpt.ini The call failed after 827 milliseconds. > 11/2/2015 10:15:12 AM Error EBEN-TEST-PC.domain.corp 7000 Microsoft- > Windows-GroupPolicy N/A NT AUTHORITY\SYSTEM Computer boot policy > processing failed for domain\EBEN-TEST-PC$ in 4 seconds. > 11/2/2015 10:15:53 AM Error EBEN-TEST-PC.domain.corp 7001 Microsoft- > Windows-GroupPolicy N/A NT AUTHORITY\SYSTEM User logon policy > processing failed for domain\EBEN-TEST-PC in 0 seconds. > 11/2/2015 10:16:25 AM Error EBEN-TEST-PC.domain.corp 7005 Microsoft- > Windows-GroupPolicy N/A NT AUTHORITY\SYSTEM Manual processing of policy > failed for user domain\EBEN-TEST-PC in 0 seconds. > > Gpresult: > ******* > INFO: The user "domain\user" does not have RSOP data. > > 07/21/2015 02:11:48 AM Error EBEN-TEST-PC.domain 4205 > Microsoft-Windows-NlaSvc Gateway Resolution NT > AUTHORITY\NETWORK SERVICE Gateway resolution failed on interface > {581B9AD1-62E8-4689-9338-E2568B7DD014} for 10.23.199.1 with error: 0x43 > 07/22/2015 02:10:24 AM Error EBEN-TEST-PC.domain 4343 > Microsoft-Windows-NlaSvc Ldap Authenticatio NT > AUTHORITY\NETWORK SERVICE LDAP authentication on interface > {581B9AD1-62E8-4689-9338-E2568B7DD014} (10.23.199.220) failed with > error 0x56 > LDAP errors: > https://support.microsoft.com/en-us/kb/218185 > -----Original Message----- > From: bar???? tombul <bbtombul at gmail.com> > To: Eben Victor <eben.victor at vcontractor.co.za> > Cc: samba <samba at lists.samba.org> > Subject: Re: [Samba] GPO > Date: Wed, 6 Apr 2016 14:10:10 +0300 > this command >> samba-tool ntacl sysvolreset > 2016-04-06 13:34 GMT+03:00 Eben Victor <eben.victor at vcontractor.co.za>: > > Hi All, > > I create a Samba domain and works it's great, the issue that I have > > is with the GPO's.When applying GPO's then only the computer Policy > > is applied and not the user GPO. I keep on receiving below error. > > Has anybody else perhaps been experiencing the same issues? > > > > C:\>gpupdate /force > > Updating Policy... > > > > User policy could not be updated successfully. The following errors > > were encountered: > > > > The processing of Group Policy failed. Windows could not determine if > > the user and computer accounts are in the same forest. Ensure the > > user domain name matches the name of a trusted domain that resides in > > the same forest as the computer account. > > Computer Policy update has completed successfully. > > > > To diagnose the failure, review the event log or run GPRESULT /H > > GPReport.html from the command line to access information about Group > > Policy results.4 > > > > Kind Regards > > ?This e-mail is sent on the Terms and Conditions that can be accessed > > by Clicking on this link https://webmail.vodacom.co.za/tc/default.htm > > l " > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > ?This e-mail is sent on the Terms and Conditions that can be accessed by > Clicking on this link https://webmail.vodacom.co.za/tc/default.html " > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba