Group Policy Issues with WAN

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

freaknut

Thread Starter
Joined
Oct 12, 2007
Messages
54
I am administering a WAN where there are two office locations with the domain controller (The domain controller is Server 2003 Standard Edition, Service Pack 2) at a third location. On both networks there are a couple PCs using Cat5, whereas the rest are laptops (about 30 or so) using wireless connections. Until just recently (about 3 months ago), all of the machines were running Windows XP Pro. We have begun to add new laptops and decided to start moving over to Vista Business, so all new laptops have Vista, but the old machines still have XP.

This is the problem I'm having: Some of the machines do not apply group policy from the domain controller, but others will apply it just fine.
  • I am only having this issue with XP Pro machines (all of the Vista laptops are working fine so far).
  • Not all of the XP machines are having this problem.
  • The machines that have this problem can not be browsed over the network using Windows explorer. Machines that do apply group policy CAN be browsed over the network.
  • All XP machines, regardless of whether or not they apply group policy, get the following System Event Log:
    • Event Type: Error
      Event Source: NETLOGON
      Event Category: None
      Event ID: 5719
      Date: 3/22/2008
      Time: 3:16:35 AM
      User: N/A
      Computer: TECHSUPPORT
      Description:
      No Domain Controller is available for domain GCBDD due to the following:
      There are currently no logon servers available to service the logon request. .
      Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

      For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
      Data:
      0000: 5e 00 00 c0 ^..À
  • All of the Vista machines, even though they do apply group policy, get the following System Event Log:
    • Log Name: System
      Source: NETLOGON
      Date: 4/2/2008 11:19:21 AM
      Event ID: 5719
      Task Category: None
      Level: Error
      Keywords: Classic
      User: N/A
      Computer: MaryAnn.GCBDD.ORG
      Description:
      This computer was not able to set up a secure session with a domain controller in domain GCBDD due to the following:
      There are currently no logon servers available to service the logon request.
      This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

      ADDITIONAL INFO
      If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
      </Event>
  • You can ping all the machines that will apply group policy, but can not ping any machines that do NOT apply group policy
  • I have compared network settings between computers that do apply group policy and computers that do not. I have not found any differences in the network settings.
  • I have tried removing some of the problem computers from the domain, deleting the computers from active directory, then adding the machines back on. To no avail.
  • For laptops on wireless connections...I have tried switching to a Cat5 connection. Again, to no avail.
  • I know for a fact that it is not on a user basis: I have used the same user for all testing, and it has worked on some machines and not worked on other machines.

Thanks for you help!
 
Joined
Jan 28, 2008
Messages
1,428
Do the machines exist in Active Directory?
Does DNS have these machines listed with host and ptr records?
Does each server run DNS server?
What DNS server is the third site pointed to of the two available?
XP windows firewalls disabled?

Appears to me from the errors, your name resolution is not working properly, which points to DNS
 

freaknut

Thread Starter
Joined
Oct 12, 2007
Messages
54
Do the machines exist in Active Directory?
Yes
Does DNS have these machines listed with host and ptr records?
I'm not sure exactly what you mean by this question, but all the computers are listed as host records with IP addresses in the Forward Lookup Zone for this specific domain.
Does each server run DNS server? What DNS server is the third site pointed to of the two available?
I apologize for not neing more clear. There are two office locations that do NOT have servers. The only server on the network is at a third hosting location and is used as the DNS server for the entire WAN.
XP windows firewalls disabled?
Yes

Appears to me from the errors, your name resolution is not working properly, which points to DNS
Those were initially my thoughts, but all computer names, when I ping them, resolve properly. I just don't get any ping responses.
 
Joined
Jan 28, 2008
Messages
1,428
"The only server on the network is at a third hosting location and is used as the DNS server for the entire WAN."

This is the same server rolling out the group policies eg. MS server running AD and DNS?

On the machines that can't be browsed is netbios disabled? [tcp/ip/advanced/wins tab]
 

freaknut

Thread Starter
Joined
Oct 12, 2007
Messages
54
"The only server on the network is at a third hosting location and is used as the DNS server for the entire WAN."

This is the same server rolling out the group policies eg. MS server running AD and DNS?
Correct.

On the machines that can't be browsed is netbios disabled? [tcp/ip/advanced/wins tab]
netbios is set to default. I tried setting it to Enabled and restarted it a few times, but that didn't make a difference, so I set it back to default.
 
Joined
Jan 28, 2008
Messages
1,428
How are the pcs getting their ip addresses?
Are they pointed to the MS server for DNS? First listing in workstation dns list?

This maybe the key: are the two remote sites defined in Active Directory sites and services? They should be in different subnets so you would enter sites and services and define the site by subnet. This way AD knows about them.
 

freaknut

Thread Starter
Joined
Oct 12, 2007
Messages
54
How are the pcs getting their ip addresses?
Are they pointed to the MS server for DNS? First listing in workstation dns list?
The internal IP for the DNS server is at the top of the workstation dns list.

This maybe the key: are the two remote sites defined in Active Directory sites and services? They should be in different subnets so you would enter sites and services and define the site by subnet. This way AD knows about them.
The only item defined in AD Sites and Services is under Sites --> Default-First-Site-Name --> Servers --> [SERVER NAME]

I am not a certified network tech, and am merely keeping up the WAN that was set up before I came here, so I'm not completely familiar with everything used in setting up WANs and Domains (AD Sites and Services being one such thing).
 
Joined
Jan 28, 2008
Messages
1,428
I would suggest creating two sites, one for each remote location. Under each new site you have subnets. Add those sites subnet to each. See if this solves the GP issue. You can always remove these sites later with no impact.
 

freaknut

Thread Starter
Joined
Oct 12, 2007
Messages
54
I'm currently working on adding these sites, but I'm unfamiliar with Active Directory Sites and Services. Do you have any suggestions on how-to reading materials? I'm going through the msdn guide right now.
 
Joined
May 22, 2005
Messages
72
Active Directory isn't the hard to learn you Server has enough info on how to setup, configure and administration. Setting up user and computer groups is where I would start first. I don't know how you have your users login by name or number which in this case doesn't matter. Each user will have a profile of what software group, internet they can access. The same can be done for the computer name also. Take some work but you can do it. I never read any books on the subject myself, just know what to do by hands on experience.
 

freaknut

Thread Starter
Joined
Oct 12, 2007
Messages
54
I'm familiar with Active Directory Users and Computers. I've done plenty of configuration with users, groups, group policy, etc., but I haven't done a whole lot of WAN configuration, which I guess is where the Active Directory Sites and Services comes in.

So I added a new site and added a subnet that points to that site. Do I have to add a server to that new site?
 
Joined
Jan 28, 2008
Messages
1,428
No you do not have to add a server. All you did was let Active Directory know about that subnet.

Any difference in GPO rollout?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top