Computer GPO not applying - Event veiwer blaming DNS

Discussion in 'Networking & Security' started by bigdogchris, Sep 8, 2011.

  1. bigdogchris

    bigdogchris [H]ard as it Gets

    Messages:
    17,918
    Joined:
    Feb 19, 2008
    I have a strange issue. Out of no where one of my machines stopped receiving the computer policy. This system is a sysprepped clone. All other PC's in the OU are receiving GPO's as they should. Otherwise they are identical in configuration. This one was working fine up until a few days ago. Zero changes have been made to machines in almost two months.

    So to resolve this, I ran RSoP on the machine and it in fact shows a red x for computer GPO's. I removed it from the domain then deleted it from it's OU. I then renamed it and joined it back to the domain and placed it back in the OU and rebooted several times. It still does not receiving computer GPO's, but it does receive User based GPO's just fine. I checked event viewer and it gives a Group Policy error saying the name can not be resolved to our DNS server. All other PC's in the OU are receiving the GPO's. I don't think this is a configuration issue since it worked up until a day or two ago.

    On the DNS server I checked the AD integrated zone and I see the Host A record for the computer name and it's IP. It's identical to all of the other records. I have DNS scavenging enabled.

    What else should I try?
    For a side question, I notice that when I ping host names from the server, I get no response from any workstation. When I ping IP's I do though. How can AD even be functioning if the server cannot see the PC's based on host name?
     
  2. -Dragon-

    -Dragon- 2[H]4U

    Messages:
    2,318
    Joined:
    Apr 6, 2007
    Is your computer setup to use your dns server or is it maybe configured to use some public dns server? Some things will use netbios to determine a hosts address while others require a dns lookup.
     
  3. bigdogchris

    bigdogchris [H]ard as it Gets

    Messages:
    17,918
    Joined:
    Feb 19, 2008
    This is a small environment. The system is using a staticly assigned DNS address which also happens to be the DC. None of those settings where changed.

    The client is resolving the DNS/DC correctly. The computer policy will not apply. The user policy does.

    The event ID is 1055
    The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:

    a) Name Resolution failure on the current domain controller.

    b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
     
  4. -Dragon-

    -Dragon- 2[H]4U

    Messages:
    2,318
    Joined:
    Apr 6, 2007
    Try doing both a nslookup and a ping to the domain (not DC, e.g. contoso.com not dc.contoso.com) and make sure both IPs are the same. In my setup I saw a few times where for some reason the nslookup would return the right IP but ping would use the IPv6 address instead of the IPv4 and for whatever reason it wouldn't work right using v6. I just disabled the v6 protocol on the computers having the issue and that seemed to solve it for me.
     
  5. dbwillis

    dbwillis [H]ardness Supreme

    Messages:
    7,683
    Joined:
    Jul 9, 2002
    Did you try changing the PC name before adding it back to the domain?
    That worked a few times for me on weird GPO issues (mapping drives)