[Samba] Problems with GPO

[Marcio Demetrio Bacci]

Hi
In my network I have two DC Samba 4 and two File Server Samba 4 too.
Shared directories are on a LUN presented to File Server (/ STORAGE).
I'm network drive mapping in my domain with GPO and it work properly.
However, some times, the drives aren't mapped. This way, I run GPUPDATE
/FORCE command and some times I receive the following error:
'









*Updating Policy ...The user policy could not be updated successfully. The
following errors were found:Group Policy has not been processed. Windows
was unable to apply registry-based policy settings to the LDAP Group Policy
object: // CN = User, cn = {AFC65B84-867D-459D-9C0C-CBB3D511F086}, cn =
policies, cn = system, DC = company,DC = com, DC = br. Group Policy
settings will not be resolved until this event is resolved. View the event
details for more information about the name and path of the file that
caused the failure.The following warnings were encountered when processing
user policies:Windows failed to apply the Scripting settings. Perhaps the
Scripts settings have their own log file. Click on the "More Information"
link.The computer policy could not be updated successfully. The following
errors were found:Group Policy has not been processed. Windows was unable
to apply registry-based policy settings to the LDAP Group Policy object: //
CN= Machine, CN = {31B2F340-016D-11D2-945F-00C04FB984F9}, CN = Policies, CN
= System, DC = company, DC = com, DC = br. Group Policy settings will not
be resolved until this event is resolved. View the event details for more
information about the name and path of the file that caused the failure.The
following warnings were encountered when processing computer
policies:Windows failed to apply the Scripting settings. Perhaps the
Scripts settings have their own log file. Click on the "More Information"
link.Windows failed to apply the Group Policy Registry settings. The Group
Policy Registry settings may have their own log file. Click on the "More
Information" link.To diagnose the failure, review the event log or run
GPRESULT / H GPReport.html from the command line to access information
about Group Policy results.'*

That way, I wait a while, run the command again and normally works.
When generating the report with 'GPRESULT / H' I see error information for
access denied or have an error code related to Windows Update (0x80070005).
This does not make sense, as I execute the command a few minutes later and
it works. On some computers I need to redo the GPUPDATE or even wait for
the GPO to be applied alone.

Given this, I would like to know if anyone would have any idea what could
cause the problem reported here?

Was it some dynamic port specific that the customer was using at that
moment?

It is not firewall blocking and I don't see (with tcpdump) communications
problems between computer and DC.

Regards,

Márcio Bacci