We migrated servers over the weekend to a new domain controller which had GPOs setup to deploy software. All of our clients had their OS reloaded, so they're "fresh" and most of them did get the software installed, but some are refusing to install some software. I'm getting these errors:
The assignment of application Adobe Reader XI from policy Adobe Reader
failed. The error was : %%1274The removal of the assignment of application Adobe Reader XI from
policy Adobe Reader failed. The error was : %%2
It happens for Adobe Reader XI, LogMeIn and Google Chrome. It's also very random. I've read online and on SF that the issue is with the async deployment and I've already had the setting changed to wait for connectivity. In the event log I do see additional messages about not being able to contact the domain controller in time, so I'm assuming it's all related.
It's like the setting to wait for connectivity is just being randomly applied. I've already restarted the file server, the clients and ran GPUPDATE several times, but it's not doing anything except telling me that it has to install software on next reboot, which never happens.
Is there any other kind of troubleshooting I can do?
Not sure if it matters, but the servers are all Windows Server 2008 R2 and the clients are all Windows 7. Clients are also a mix of 32 and 64 bit, if that makes any difference…
Best Answer
So, after a very long time of getting this worked out, I found out there was several issues with my network. First, as @joeqwerty suggested there is an issue with STP on the switches. From my research I found that as soon as a port on a switch is refreshed (like a machine restart) the STP on it restarts and it can take up to 45 seconds to complete. In 45 seconds the machine will already be up but will have difficulty getting an IP address from the DHCP server and from there it just cascades into errors.
The solution is to enable PortFast on the switches which sets the ports to always forward and it avoids the whole STP discovery and assignment phase. I also ended up just turning off STP on each port on each switch that I know is a client or server machine. Not sure if really does anything over enabling PortFast, but it makes me feel better. Make sure NOT to disable STP on ports that connect to other switches, routers, gateways, etc.
Another issue was also the Windows Firewall. My GPOs disable the firewall altogether, but the service is still active. From my research I discovered that when the computer boots up there is a pseudo-firewall in place which is controlled by the service which blocks all traffic until Windows is completely initialized and the service is taken over and controlled by Windows. Disabling the service further improved network accessibility while the machine is booting up.
As a safe measure I've also updated the drivers on all client and server machines. I've also updated the NIC firmware on all the servers and switches. For an extra good measure I've also updated the BIOS on all machines as well.
As of right now, everything seems to be working fine. One last thing I was planning on experimenting with is Jumbo Frames. We'll see if that helps...