Group policies not applying to specific server

group-policywindows-server-2008-r2

I have one server – 2008 R2 Enterprise, running WSUS and our KMS server – which is failing to apply any group policies from the domain. I'm out of ideas of how to get this to process. Any ideas?

My steps so far have included the following.

  1. verified that the secure channel is good via netdom verify myhost
  2. tried gpupdate /force
  3. Reviewed the gpresult /v output – which shows no computer policies what so ever
  4. Poked through the registry. HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPOLink-List only shows an entry for the local policy.
  5. Rename the folder C:\ProgramData\Microsoft\Group Policy
  6. Remove the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy\History
  7. Apply the steps outlined at KB310741
  8. triple check the event log (application, system, group policy operational) all of which don't show problems.
  9. triple check the location in AD computer and group membership settings – there should be about 30 policies applying.

Anything more obvious I've missed?

EDIT:

I did notice one additional item of some interest – the Distinguished-Name value on the State\Machine key described above is coming back blank. Not sure how or why. I tried pasting the correct value in but it didn't work.

Best Answer

After all the headaches and problems that this has caused for the last several weeks it looks like the problem was how our windows server was activated. Looks like someone inadvertently put in a KMS key via the GUI.

This resulted in the OS not activating correctly and not being fully (?) joined to the domain. This filtered down to not being able to interact with the domain controllers properly - the join domain box was greyed out - and the DN entry required for group policy to work not being populated. In the end the greyed out join domain box was the clue I needed, indicating a problem with the windows license.

When I punched in a MAK key and put in our KMS information via cscript cscript slmgr.vbs /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx as it should have been everything started working exactly the way you would expect.

Hopefully this'll help another poor soul out of a month worth of extra work.

Related Topic