Tuesday, November 29, 2011

gpupdate /force fails on Windows 7 x64

So I'm back in the thick of things as IT Manager of a small company and having been specifically in a Security role for a year, my first action is to push out Group Policy changes to make sure Updates are installed and more importantly - Flash is up to date.

I've discovered Windows 7 x64 on Win2k3 domains have major issues.

First they won't join the domain in the normal manner. Then I found one that was previously setup (I have no idea how), that won't run gpupdate /force. When you do, all you get is:

The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results.


I hate Windows.

To fix both issues - add the following Key to your registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC]
"Server2003NegotiateDisable"=dword:00000001

Or save that in a text file and give it a .reg extenstion, then double click it.

Enjoy.

2 comments:

sysadmin noob said...

That worked for my user policy but the computer policy still failed to update. ideas?

s7726 said...

Had the same symptoms solved by following: http://abouomar.blogspot.com/2011/09/password-stored-in-credential-manager.html