Processing of Group Policy failed. Windows attempted to read file sysvol\policies and was not successful

Issue: Numerous issues on DC including:
Cannot apply group policy
Cannot access the sysvol
Errors include “Could not open pipe with [DC1]:failed with 53”,
     “Failed can not test for HOST SPN”,
     “An net use or LsaPolicy operation failed with error 53”

DCDIAG Errors:

Starting test: MachineAccount
Could not open pipe with [DC1]:failed with 53: The network path was not found.
Could not get NetBIOSDomainName
Failed can not test for HOST SPN
Failed can not test for HOST SPN

Starting test: SysVolCheck
[DC1] An net use or LsaPolicy operation failed with error 53, The network path was not found..      ……………………. DC1 failed test SysVolCheck

Starting test: NetLogons
[DC1] An net use or LsaPolicy operation failed with error 53, The network path was not found..         ……………………. DC1 failed test NetLogons

The following error may be found in DCDIAG, Event Viewer, or when attempting to apply group policy via GPUPDATE /FORCE:

The processing of Group Policy failed. Windows attempted to read the file \\DC1hattansystems.com\sysvol\DC1hattansystems.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following.

Additional Symptom:
– Attempting to connect to network shares may yield the error: “The Network Path Was Not Found”

Causes:
– The “TCP/IP Netbios Helper” service is stopped
– DNS Issues

Solution:
– Start the “TCP/IP Netbios Helper service” and verify the startup type is set to automatic.
– Verify DNS resolution is working, test browsing to other DC’s (test browsing to UNC path, for example: click start, run, type \\DC2)
Use these additional resources for troubleshooting active directory.

Related

9 thoughts on “Processing of Group Policy failed. Windows attempted to read file sysvol\policies and was not successful

  1. cuonglt

    Hi all,
    i have the same problem. when i create new a GPO and operate command ‘gpupdate /force’ on the both server and client. But it seem no apply on client. it take a long time about 90 then the GPO is appied. Can youu help me resolve this error? pls feel free contact me via email.
    thanks in advance.

    Reply
    1. Chris Harris Post author

      Hi, I’ve found some group policy settings can take up to two reboots to apply, even when running gpupdate /force. gpresult is also helpful to determine if a policy is assigned to a user/computer or not. It sounds like it is in your case since you say policies do apply, but they take 90 minutes? Are you running a multi-site AD environment? I would check what AD Replication interval is in AD Sites and services, as well as running repadmin /showreps to see that replication is working. Note: running gpupdate /force on a server itself would only apply policies to the server, that wouldn’t help for applying policies to another computer.

      Reply
  2. Arun V

    I got an opportunity to solve the issue for one of our clients.

    In my case i had 2 DC in separate location say location 1 and location 2.

    Some computers in location o1 was logging to DC in location 2.

    To solve this go to DC in location 1 and access the following path.

    C:\Windows\SYSVOL\sysvol\domaint\Policies and access the files which is mentioned in the error .
    in your case it is {31B2F340-016D-11D2-945F and copy that file to DC in location 2 and run Gpupdate.This solved the error.
    please feel free to contact me if you need any help.

    Reply
    1. Prasad TVS

      Arun
      thanks for your remarks.
      Today I had a similar issue.
      Event error says Group Policy file not readable.

      I created a TEST share folder and gave some permissions on the server.
      I rebooted the server and lo all the earlier shares and permissions came into force and working
      Thanks
      TVS

      Reply
    2. vithoba

      gpupdate/force
      Updating Policy…

      User Policy update has completed successfully.
      Computer policy could not be updated successfully. The following errors were enc
      ountered:

      The processing of Group Policy failed. Windows attempted to read the file \\Domain-dc
      \sysvol\Domain-DC\Policies\{843ADE3A-F0C8-43F9-8ADE-504C0B2
      BEA5A}\gpt.ini from a domain controller and was not successful. Group Policy set
      tings may not be applied until this event is resolved. This issue may be transie
      nt and could be caused by one or more of the following:
      a) Name Resolution/Network Connectivity to the current domain controller.
      b) File Replication Service Latency (a file created on another domain controller
      has not replicated to the current domain controller).
      c) The Distributed File System (DFS) client has been disabled.

      To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
      rom the command line to access information about Group Policy results.

      Reply
      1. Chris Harris Post author

        Hi, I see you posted the output of your command but I don’t see a question?
        I would recommend you pursue option (a) ‘diagnosing any DNS related issues’ and making sure DNS is properly configured on all your domain controllers and in their TCP/IP settings specifically. I’d do an nslookup YOUR-AD-DOMAN-NAME.LOCAL and make sure all IP’s returned are actually DC’s. DCDIAG would also be good to check and fix any errors there. From that point I would look into (b) if you have a multi-site environment. It should be simple to check if DFS client is disabled, that would be worth while to check briefly.

        Reply
    3. Mike

      Thank You Arun V! This worked for my issue, I was fighting trying to find an old script that kept installing on only certain PC’s. It turned out the users GPO just couldn’t update to the new script until I manually copied the policy over to DC2.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *