On Tue, 06 Nov 2018 17:18:27 +0000 Sandy via samba <samba at lists.samba.org> wrote:> the big question, how do I restore it again >I take it that 'sysvol' is at /var/lib/samba, change it if it isn't, replace 'domain.tld' with your dns domain. mkdir -p /var/lib/samba/sysvol/domain.tld/Policies/\{31B2F340-016D-11D2-945F-00C04FB984F9\}/MACHINE/ mkdir /var/lib/samba/sysvol/domain.tld/Policies/\{31B2F340-016D-11D2-945F-00C04FB984F9\}/USER/ touch /var/lib/samba/sysvol/domain.tld/Policies/\{31B2F340-016D-11D2-945F-00C04FB984F9\}/GPT.INI Now use Louis's instructions to set the permissions from Windows. Rowland
Repeat for all domain controllers to make sure the GPOs have actually replicated to all machines functioning as DCs. AD setup based on 2008r2 to 2012r1 were horrible at replicating. If a DC was offline during policy creation, it would never get that policy even when repladm said everything was fine. This is a good thread:) On Tue, Nov 6, 2018 at 11:40 AM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Tue, 06 Nov 2018 17:18:27 +0000 > Sandy via samba <samba at lists.samba.org> wrote: > > > the big question, how do I restore it again > > > > I take it that 'sysvol' is at /var/lib/samba, change it if it isn't, > replace 'domain.tld' with your dns domain. > > mkdir -p > /var/lib/samba/sysvol/domain.tld/Policies/\{31B2F340-016D-11D2-945F-00C04FB984F9\}/MACHINE/ > > mkdir > /var/lib/samba/sysvol/domain.tld/Policies/\{31B2F340-016D-11D2-945F-00C04FB984F9\}/USER/ > > touch > /var/lib/samba/sysvol/domain.tld/Policies/\{31B2F340-016D-11D2-945F-00C04FB984F9\}/GPT.INI > > Now use Louis's instructions to set the permissions from Windows. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Tue, 6 Nov 2018 12:52:25 -0600 Rob Townley <rob.townley at gmail.com> wrote:> Repeat for all domain controllers to make sure the GPOs have actually > replicated to all machines functioning as DCs. AD setup based on > 2008r2 to 2012r1 were horrible at replicating. If a DC was offline > during policy creation, it would never get that policy even when > repladm said everything was fine.Samba is even worse at replicating sysvol, it doesn't by default ;-) You might want to read this: https://wiki.samba.org/index.php/SysVol_replication_(DFS-R) Rowland
I follow all the steps that have described me and the error continues, once
again I leave it to see if you can continue to help me
Computer policy could not be updated successfully. The following errors were enc
ountered:
The processing of Group Policy failed. Windows attempted to read the file \\eccm
g.cupet.cu\sysvol\eccmg.cupet.cu\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and
could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
User Policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows attempted to read the file \\eccm
g.cupet.cu\sysvol\eccmg.cupet.cu\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
\gpt.ini from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be transient and
could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
I already solved the gpo problem in my domain, I can already do a gpupdate and everything goes well, I was guided by the emails that they sent me, only that there was one that I was not reading regarding the permissions that I had commented, that is to say everything ok without problem, now another one has been presented to me, when I try to create a gpo it tells me that the system can not have the specified path ..... some idea