Group policy not applying to DC

kennethwelch · 2016-01-27T01:58:33.000Z

okay, so i have 2 domain controllers in my domain. lets call them DC “S” and DC “V” for simplicity. Both are VMs and the each reside in different sites/campuses. If i make a change to group policy and perform a gpupdate /force DC “V” works as expected but DC “S” does not apply the new settings.If i check the event viewer it states that new policies have been detected and applied after every gpupdate but gpresult does not show the new policies. however, i’ve noticed, after a few hours, policies will finally update themselves. Even if i remove the setings or delete the GPO link DC “S” does not make the changes.

I’m at a loss here and am not sure how to troubleshoot this any further. Any tips or info will be greatly appreciated.

justin1250 · 2016-01-27T02:03:48.000Z

How fast is the link?
Have you made any modifications to slow link detection?

kennethwelch · 2016-01-27T02:06:10.000Z

gpresult states a fastlink is detected. funny thing is DC “V” is on the other side of a 60Mbps point to point radio where as DC “S” is on a mostly 1Gbps site.

justin1250 · 2016-01-27T02:09:23.000Z

Is V the pdce role holder? If so any gpo changes would originate there. Not sure why S is lagging like that
Does dcdiag report any errors?

kennethwelch · 2016-01-27T02:47:32.000Z

ya, “V” actually hold all the FSMO roles. I need to work on getting some moved to “S”. dcdiag without any switches passes all tests. it does mention errors in the event log: There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.

justin1250 · 2016-01-27T02:50:15.000Z

Do you know if sysvol is replicating with dfs or frs?

kennethwelch · 2016-01-27T02:56:49.000Z

im not 100% sure but i assume frs. Domain functional level is currently at 2003 if that helps.

justin1250 · 2016-01-27T03:09:05.000Z

Yeah it’s frs then. Dfs you need function level of 2008. What frs errors are in the event log?

kennethwelch · 2016-01-27T03:13:38.000Z

give me a bit. currently racking up the hyper v host

kennethwelch · 2016-01-27T14:11:03.000Z

No errors, just warnings about write cache being enabled. Also a warning with ID 13565 about initializing sysvol. But that was around the time I spun up the machine.

kennethwelch · 2016-03-03T16:01:57.000Z

Still wondering what might cause gpupdate not to work even though the system will update policy on it’s own sometime later.