December 29, 2016 at 2:13 pm #13825
Randomly — I will have Windows7 Professional desktops that have an issue applying Group Policies.
I go to rsop.msc and see under Computer Configuration where my Windows Update policy resides and see — The specified domain either does not exist or could not be contacted.
I go to gpresult /v and I see the computer is connecting to the DC’s
Sometimes I’m able to issue the command – gpupdate /force, reboot then the GP’s will run – no error in rsop, but that is hit or miss.
My domain controllers are Server 2012. WSUS is running on a separate 2012 server. All have been in production since the beginning of this year.
Updates were running good for quite awhile, but I get those messages in rsop now and then.
Anyone have options what to look for how to resolve the specified domain either does not exist or could not be contacted ?
BobDecember 30, 2016 at 9:02 am #13828
This is likely related to your previous question. Normally that error happens when:
1. DNS resolution to DCs is failing
2. The machine accounts for those workstations are no longer valid in the domain
3. Some other network issues
As per my previous response, you might want to check the GP operational log to see if you get any more detail on what exactly, is failing, but make sure you can ping DCs by name, can view the SYSVOL share on the closest DC (net view \\DCName\SYSVOL) and that the machine is still valid in the domain (can try rejoining the machine to the domain).
DarrenDecember 30, 2016 at 1:30 pm #13829
Thanks for the information. So I performed the items you mentioned in the first post, on 1 computer that I was able to access.I ran gpupdate /force, then went to the GP log in event viewer, and I followed each process. All completed successfully — proper domain, user name, proper GP’sn no errors or issues.
Then I went to your second reply to my second post and no problem doing a ping to each DC by name. Also able to open the SYSVOL folder on each DC.
I also issued the wuauclt /detectnow command. Followed the Windows Update and saw it finished, but found no new updates. And — when I open Windows Update on the PC — the date for Most recent check for updates does not change, still old date. So I reboot the PC, walked away, about 10 minutes later went back, no updates. Performed another wuauclt /detectnow. I left the computer awhile, when I returned, no updates. I checked Windows Update on the PC again – still see old date for – Most recent check for update.
So — now that sounds like an issue with Windows Update application on this specific PC? as the Most recent check for updates never updates/changes?
Strange — as I originally noted in my post — all was working good from earlier this year until November – all PC’s were checking in to WSUS daily, installing patches. Then it looks like something broke in November as all PC’s were effected – wired and wireless at different intervals. Then they “come back alive”, and can bomb out again.
Only my servers — are up to date in WSUS. They are on 24/7, but I have a Windows 7 PC in IT that is also on 24/7 and cat5 wired. That got messed up once a few weeks back. Then I saw it started reporting in again – I did not do anything with that PC, just woke up, and continued reporting in daily to WSUS.
Very — strange — this is giving me a real hard time here.
BobDecember 30, 2016 at 2:39 pm #13830
yes, that does sound like a Windows Update issue, but I don’t know enough about it’s inner workings to speculate what it could be. There have been patches to fix Win7 specific Windows Update issues, most recently in July (https://support.microsoft.com/en-us/kb/3161647) but not sure about this one, unfortunately.
You must be logged in to reply to this topic.
- Group Policy Storage Whitepaper Updated!
- Elevating AD Domain Access With Write Access on the Domain NC Head
- Performing a Denial of Service on AD–How Hard Is it Really?
- Protecting Active Directory–Making AD and Group Policy Less “Visible” to Attackers
- How To Think About Windows Group Policy–An Infrastructure Architect’s Take