When I run gpupdate on my workstations I get the following error.
Computer policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
User Policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
Running gpresult /h gives The user does not have RSoP data
Looking in the event log, I can see associated with the gpupdate an error code 49 Invalid Credentials. However, when I test ldap bind using ldp.exe the credentials work fine.
Has anyone seen an issue like this? I'm pulling my hair out trying to figure out what is going on.
Best Answer
I was able to fix this myself. It turns out that the local machine accounts had cached bad credentials that were (correctly) failing. Thanks to @greg-askew for pointing me in the right direction. For anyone who stumbles on this looking for a solution:
PsExec.exe -i -s cmd.exe(This will open another command window in the Local Machine account context).rundll32.exe keymgr.dll, KRShowKeyMgr(That will open a gui with a list of cached credentials).After deleting the credentials from the cache, it immediately started working again.