On Fri, Oct 2, 2015 at 11:08 AM, Gavin Wilby <[email protected]> wrote: > > Slow link preventing the gpo from populating?
Nope; these are gig links. > > > > Gavin Wilby > > IT Support Engineer > > > > From: [email protected] [mailto:[email protected]] > On Behalf Of Michael Leone > Sent: 02 October 2015 15:58 > To: [email protected] > Subject: [NTSysADM] WSUS GPO seems inacessible but only for new members > > > > This is odd. I have a GPO which assigns WSUS settings; criteria is that > computer account must be in a specific OU, and a member of a specific AD > group. This has been working well for years. > > > > Now, we've added a couple new servers at a remote site, and so I set them up > for WSUS (moved their machine accounts to the right OU, added them to the > right group). In AD, that's what I see, and the changes have replicated to > all DCs. > > > > When I do a Group Processing Policy result for these accounts, it sees that > the GPO is being listed as "inaccessible". Also, the GPO is being listed by > it's GUID, and not it's name. > > > > I don't know what's up with that, as the other accounts that this GPO applies > to properly show the GPO as applied, and with it's proper name. It's only > these new members that are showing this. (I spot checked 3 or 4 other group > members; they all show it as applied). > > > > So what would cause these new members to not be able to read the GPOs (that's > what inaccessible usually means, right?). The GPO is accessible to all the > other group members, so it shouldn't be a permissions issue of the GPO > itself, I wouldn't think. > > > > Doing a "gpresult /r" on these new members, the group membership does NOT > show the new groups the account belongs to, but DOES show that it is in the > correct OU (I see the OU name in the CN). It says that Group Policy is being > applied, as it is listing the 3 GPOs above as being DENIED, but doesn't show > the last GPO (the WSUS one). > > > > It DOES show the proper group memberships for the logged on user, too. (not > that that is relevant to the GPO, but does sort of indicate that the machine > is speaking to AD). > > > > I see no errors in event log on the member server. Not seeing anything in the > event log of the DC that the member says it is getting it's GPO info from, > either. > > > > Ideas as to where to go next? I have IP connectivity; the member is doing > what it's supposed to do (some sort of security camera setup). It does run > antivirus - Kaspersky for Windows Servers 8.0.2.213, like other servers. The > AV policy shouldn't be blocking anything AD related ... > > > > > > > > > > SMP Partners Limited, SMP Trustees Limited and SMP Fund Services Limited are > licensed by the Isle of Man Financial Supervision Commission. SMP Accounting > & Tax Limited is a member of the ICAEW Practice Assurance Scheme. > > SMP Partners Limited registered in the Isle of Man, Company Registration No: > 000908V > Directors: M.W. Denton, M.J. Derbyshire, S.E McGowan, O. Peck, J.J. Scott, > S.J. Turner > > SMP Trustees Limited registered in the Isle of Man, Company Registration No: > 068396C > Directors: A.C. Baggesen, J.M. Cubbon, M.W. Denton, K.M. Goldie, O Peck, J. > Watterson > > SMP Fund Services Limited registered in the Isle of Man, Company Registration > No: 120288C > Directors: V. Campbell, R.K. Corkhill, M.W. Denton, D.A. Manser, S.E McGowan, > J.J. Scott > > SMP Accounting & Tax Limited registered in the Isle of Man, Company > Registration No: 001316V > Directors: I.F. Begley, A.J. Dowling, P. Duchars, J.J. Scott, S.J. Turner > > SMP Capital Markets Limited registered in the Isle of Man, Company > Registration No: 002438V > Directors: M.W. Denton, M.J. Derbyshire, D.F Hudson, S.E McGowan, O. Peck, > J.J. Scott. > > SMP Partners Limited, SMP Trustees Limited, SMP Fund Services Limited, SMP > Accounting & Tax Limited and SMP Capital Markets Limited are members of the > SMP Partners Group of Companies. > > This email is confidential and is subject to disclaimers. Details can be > found at: http://www.smppartners.com/disclaimer.html > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________
