General discussion

Locked

Updates

By trujillo ·
I am having troubles with some Group Policy's with my domin and VPN. What I am working is Microsoft SUS server. What it does is goes to Microsoft and downloads updates and then I approve them for the clients to download from my server and install them. I am still in testing but close to the end the problem comes in with the VPN. There is a policy that comes with this through a template where you can specify what time the client looks for updates and what server and so on and so forth. I have no problem with clients updating to the new group policy at "home office" but when I go across the VPN I have problems. I am almost certain that it is my Firwall VPN device. I have also looked at the event viewer and I get this error:

Source Userenv
Catergory None
Event ID 1000
Type Error
User NT Authuority\System

Description: Windows cannot obtain the domain controller name for your computer network. Return value (59)


I know what the error means, "An unexpected netowrk problem has occured" but that really helps a lot. I know my physical network is fine. I know my DNS is working fine, as well as my WINS. I believe that this error has something to do with the computer on the remote end of the VPN trying to update its group policies. I did some reading and found out that there is another place on the client where you can look at the log and see where it may be having problems. I looked there an this is what I saw:
Userenv (b.268) ProcessGPOs: DSGetDcName failed with 59.

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by compgirlfhredi In reply to Updates

1. You can use the NetBIOS name to query the PDC and the KDC (Kerberos Key Distribution Center), but until it is fixed, use the DNS Domain Name to query the GC.

2. Basicdc.inf references three environment variables (%SYSVOL%, %DSDIT%, and %DSLOG%), that are only defined during the Dcpromo process.
To fix the problem:

1. Open a CMD prompt on the domain controller and type net share sysvol. Record the path that is returned.

2. Right-click My Computer and press Properties.

3. Select the Advanced tab.

4. Press Environment Variables.

5. In the System variables section, press New.

6. Type SYSVOL in the Variable Name box.

7. In the Variable Value box, type the path from step 1, without the last \sysvol.

8. Repeat this process to create the DSDIT and DSLOG variables, whose values can be obtained at:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

Database log files path REG_SZ C:\WINNT\NTDS (Set DSLOG to C:\WINNT\NTDS)
DSA Working Directory REG_SZ C:\WINNT\NTDS (Set DSDIT to C:\WINNT\NTDS)
9. At a CMD prompt, type secedit /refreshpolicy machine_policy /enforce

Collapse -

by compgirlfhredi In reply to

A random offset interval is added to the refresh interval, to calclate the refresh cycle. W2K DC's use a 0 minute offset, while non-DC W2K comps use 30 minutes. The refresh info for user and comp policies are maintained separately.

Use Group Policy to change these settings, or you can use the registry:To change the refresh interval for computers:
Registry key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
Value Name: GroupPolicyRefreshTime
Data Type: REG_DWORD
Range (in minutes): 0 to 64800

To change the offset interval for computers:
Registry key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
Value Name: GroupPolicyRefreshTimeOffset
Data Type: REG_DWORD
Range (in minutes): 0 to 1440

To change the refresh interval for domain controllers:
Registry key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
Value Name: GroupPolicyRefreshTimeDC
Data Type: REG_DWORD
Range (in minutes): 0 to 64800

To change the offset interval for domain controllers:
Registry key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
Value Name: GroupPolicyRefreshTimeOffsetDC
Data Type: REG_DWORD
Range (in minutes): 0 to 1440

To change the refresh interval for users:
Registry key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
Value Name: GroupPolicyRefreshTime
Data Type: REG_DWORD
Range (in minutes): 0 to 64800

To change the offset interval for users:
Registry key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
Value Name: GroupPolicyRefreshTimeOffset
Data Type: REG_DWORD
Range (in minutes): 0 to 1440
To immediately impose GPO settings upon a target workstation:
Computer:
SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE
User:
SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE

Collapse -

by trujillo In reply to

Poster rated this answer.

Collapse -

by trujillo In reply to Updates

This question was closed by the author

Back to Windows Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums