Your additional license server role and perhaps other roles/installed options may allow certain AD traffic that is otherwise blocked. You can test this by enabling file and print services as well as network browsing on one of your afflicted terminal servers.
>>> "Richard Stovall" <[email protected]> 5/28/2009 12:10 PM >>> What do you see in the app logs of the problem machines when you run “gpupdate /force” on them? Can you browse to \\domaindns.name\SYSVOL\domaindnas.name\Policies ( file:///\domaindns.name.name) from the 02-07? From:Owens, Michael [mailto:[email protected]] Sent: Thursday, May 28, 2009 12:03 PM To: NT System Admin Issues Subject: Group Policy Problem - I've lost all my hair All- I seem to have a problem with GPO replication. I think. I am not really sure what the problem is - it just confuses me at this point. Here is the deal. I have a 7 server TS farm. They all run server 2008 64 bit edition, but I believe the problem is something with our DCs. Our domain is 2003. Server 1 has the licenses, and distributes them out accordingly. I added a GPO to it, to lock them down. All servers are in the same OU, and my test account is in a different OU with the same GPO applied to it. The servers are named STUCTX0x. STUCTX01 takes any group policy change I give it. If I change the GPO, and run a gpupdate /force... STUCTX01 takes the GPO when I log in on my test account. (lab rat) On STUCTX02-STUCTX07 it doesn't work. I logged onto the DC, and used the GP modeling wizard to simulate logging onto STUCTX02 with lab rat. It says it will pull the correct policies. So, I logged onto STUCTX02 and did a "gpresult /user lrat /v" It gives me "INFO: The user "lrat" does not have RSOP data." When I do that on stuctx01, it pulls the correct policy. Replication otherwise on the domain controllers appear to be working correctly. How do I get it to apply to all of the servers in that OU? Everything looks right to me, and I do not even know what to look at next! Thanks guys, Mike This message, and any response to it, may constitute a public record and thus may be publicly available to anyone who requests it in accordance with Chapter 149 of the Ohio Revised Code. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
