[Samba] GPO fail and sysvol perm errors

L.P.H. van Belle belle at bazuin.nl
Wed Oct 28 07:45:59 UTC 2020

Good morning Chris 

> -----Oorspronkelijk bericht-----
> Van: Sonic [mailto:sonicsmith at gmail.com] 
> Verzonden: dinsdag 27 oktober 2020 21:07
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] GPO fail and sysvol perm errors
> On Tue, Oct 27, 2020 at 4:01 AM L.P.H. van Belle via samba
> <samba at lists.samba.org> wrote:
> > Ok, so thats correct.
> However gpupdate fails. And I know you said not to run sysvolreset,
> but after running it gpupdate works.
> >
> > Can you tell the windows event id and description?
> I get different errors depending upon the system, whether it's a local
> system or a remote one connected via vpn.
> The remote system is Event ID 1058:
> The processing of Group Policy failed. Windows attempted to 
> read the file
> \\my.example.com\sysvol\my.example.com\Policies\{31B2F340-016D
> -11D2-945F
> -00C04FB984F9}\gpt.ini from a domain controller and was not 
> successful. Group
> Policy settings may not be applied until this event is resolved

Ok, im guessing you can open the gpt.ini file fine, if you click that link, correct? 
Have you enable the "Always wait for network" GPO setting. 
Enable this one. 

> The local system is Event ID 1096:
> The processing of Group Policy failed. Windows could not apply the
> registry-based policy settings for the Group Policy object
> LDAP://CN=Machine,cn={E2BC0255-64C8-42CF-A27A-59A7D3DCD2DC},cn
> =policies,cn=
> system,DC=my,DC=example,DC=com. Group Policy settings will 
> not be resolved until this event is resolved.

So here they say, delete and recreate, i dont think thats needed.. 

I think  your solution is in this link.

> After running sysvolreset the systems update fine. Problem is once I
> add or edit a GPO (from Windows 10 20H2) everything fails until I run
> sysvolreset again.
Thats because there is something off in the rights or,.. due to, 
its trying to read it but the networks isnt ready yet. 

> > And which group is set on sysvol in general on the share tab.

> This is the current info (I did run sysvolreset to get the GPO's
> working again, so this is not with your settings, I can look into this
> again later)
> Owner is ADDOM\Administrator
> Allow Everyone Full Control
That should be sufficient. 
And.. its not "my" settings.. ;-)  al can be found in : https://docs.microsoft.com/ 

I also recommend you to read, since you also having remote location:  

First, lets see how far above gets you. 



More information about the samba mailing list