1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Group Policy Issues with WAN

Discussion in 'Networking' started by freaknut, Apr 2, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. freaknut

    freaknut Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    54
    I am administering a WAN where there are two office locations with the domain controller (The domain controller is Server 2003 Standard Edition, Service Pack 2) at a third location. On both networks there are a couple PCs using Cat5, whereas the rest are laptops (about 30 or so) using wireless connections. Until just recently (about 3 months ago), all of the machines were running Windows XP Pro. We have begun to add new laptops and decided to start moving over to Vista Business, so all new laptops have Vista, but the old machines still have XP.

    This is the problem I'm having: Some of the machines do not apply group policy from the domain controller, but others will apply it just fine.
    • I am only having this issue with XP Pro machines (all of the Vista laptops are working fine so far).
    • Not all of the XP machines are having this problem.
    • The machines that have this problem can not be browsed over the network using Windows explorer. Machines that do apply group policy CAN be browsed over the network.
    • All XP machines, regardless of whether or not they apply group policy, get the following System Event Log:
      • Event Type: Error
        Event Source: NETLOGON
        Event Category: None
        Event ID: 5719
        Date: 3/22/2008
        Time: 3:16:35 AM
        User: N/A
        Computer: TECHSUPPORT
        Description:
        No Domain Controller is available for domain GCBDD due to the following:
        There are currently no logon servers available to service the logon request. .
        Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

        For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
        Data:
        0000: 5e 00 00 c0 ^..À
    • All of the Vista machines, even though they do apply group policy, get the following System Event Log:
      • Log Name: System
        Source: NETLOGON
        Date: 4/2/2008 11:19:21 AM
        Event ID: 5719
        Task Category: None
        Level: Error
        Keywords: Classic
        User: N/A
        Computer: MaryAnn.GCBDD.ORG
        Description:
        This computer was not able to set up a secure session with a domain controller in domain GCBDD due to the following:
        There are currently no logon servers available to service the logon request.
        This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

        ADDITIONAL INFO
        If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
        </Event>
    • You can ping all the machines that will apply group policy, but can not ping any machines that do NOT apply group policy
    • I have compared network settings between computers that do apply group policy and computers that do not. I have not found any differences in the network settings.
    • I have tried removing some of the problem computers from the domain, deleting the computers from active directory, then adding the machines back on. To no avail.
    • For laptops on wireless connections...I have tried switching to a Cat5 connection. Again, to no avail.
    • I know for a fact that it is not on a user basis: I have used the same user for all testing, and it has worked on some machines and not worked on other machines.

    Thanks for you help!
     
  2. Wanderer2

    Wanderer2

    Joined:
    Jan 28, 2008
    Messages:
    1,428
    Do the machines exist in Active Directory?
    Does DNS have these machines listed with host and ptr records?
    Does each server run DNS server?
    What DNS server is the third site pointed to of the two available?
    XP windows firewalls disabled?

    Appears to me from the errors, your name resolution is not working properly, which points to DNS
     
  3. freaknut

    freaknut Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    54
    Yes
    I'm not sure exactly what you mean by this question, but all the computers are listed as host records with IP addresses in the Forward Lookup Zone for this specific domain.
    I apologize for not neing more clear. There are two office locations that do NOT have servers. The only server on the network is at a third hosting location and is used as the DNS server for the entire WAN.
    Yes

    Those were initially my thoughts, but all computer names, when I ping them, resolve properly. I just don't get any ping responses.
     
  4. Wanderer2

    Wanderer2

    Joined:
    Jan 28, 2008
    Messages:
    1,428
    "The only server on the network is at a third hosting location and is used as the DNS server for the entire WAN."

    This is the same server rolling out the group policies eg. MS server running AD and DNS?

    On the machines that can't be browsed is netbios disabled? [tcp/ip/advanced/wins tab]
     
  5. freaknut

    freaknut Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    54
    Correct.

    netbios is set to default. I tried setting it to Enabled and restarted it a few times, but that didn't make a difference, so I set it back to default.
     
  6. Wanderer2

    Wanderer2

    Joined:
    Jan 28, 2008
    Messages:
    1,428
    How are the pcs getting their ip addresses?
    Are they pointed to the MS server for DNS? First listing in workstation dns list?

    This maybe the key: are the two remote sites defined in Active Directory sites and services? They should be in different subnets so you would enter sites and services and define the site by subnet. This way AD knows about them.
     
  7. freaknut

    freaknut Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    54
    The internal IP for the DNS server is at the top of the workstation dns list.

    The only item defined in AD Sites and Services is under Sites --> Default-First-Site-Name --> Servers --> [SERVER NAME]

    I am not a certified network tech, and am merely keeping up the WAN that was set up before I came here, so I'm not completely familiar with everything used in setting up WANs and Domains (AD Sites and Services being one such thing).
     
  8. Wanderer2

    Wanderer2

    Joined:
    Jan 28, 2008
    Messages:
    1,428
    I would suggest creating two sites, one for each remote location. Under each new site you have subnets. Add those sites subnet to each. See if this solves the GP issue. You can always remove these sites later with no impact.
     
  9. freaknut

    freaknut Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    54
    I'm currently working on adding these sites, but I'm unfamiliar with Active Directory Sites and Services. Do you have any suggestions on how-to reading materials? I'm going through the msdn guide right now.
     
  10. tipstir

    tipstir

    Joined:
    May 22, 2005
    Messages:
    72
    Active Directory isn't the hard to learn you Server has enough info on how to setup, configure and administration. Setting up user and computer groups is where I would start first. I don't know how you have your users login by name or number which in this case doesn't matter. Each user will have a profile of what software group, internet they can access. The same can be done for the computer name also. Take some work but you can do it. I never read any books on the subject myself, just know what to do by hands on experience.
     
  11. freaknut

    freaknut Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    54
    I'm familiar with Active Directory Users and Computers. I've done plenty of configuration with users, groups, group policy, etc., but I haven't done a whole lot of WAN configuration, which I guess is where the Active Directory Sites and Services comes in.

    So I added a new site and added a subnet that points to that site. Do I have to add a server to that new site?
     
  12. tipstir

    tipstir

    Joined:
    May 22, 2005
    Messages:
    72
    Yes.. and that depends on the type of access you want to give on that server?
     
  13. Wanderer2

    Wanderer2

    Joined:
    Jan 28, 2008
    Messages:
    1,428
    No you do not have to add a server. All you did was let Active Directory know about that subnet.

    Any difference in GPO rollout?
     
  14. tipstir

    tipstir

    Joined:
    May 22, 2005
    Messages:
    72
    Can be done also but that's optional..
     
  15. freaknut

    freaknut Thread Starter

    Joined:
    Oct 12, 2007
    Messages:
    54
    No change yet.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Group Policy Issues
  1. as2001
    Replies:
    4
    Views:
    534
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/699605

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice