1

I have this problem for over 2 years with my server and I basically cannot use windows server group policy due to this problem. I have a windows server 2008 R2 that when I try to add a new GPO to my domain it gives me an error "The network name cannot be found.". Also, I cannot edit any of my existing GPO's as I get "Failed to open Group Policy Object. You may not have appropriate rights." I am a domain admin, I'm part of the administrators group and domain admin group. Also, I tried the above with the local administrator account of the server and it did not work. The fixes I tries were fixing the policies under sysvol, repairing the sysvol folder all together. trying to get windows to repair it using few cmd commands. I have also tried changing delegations for these policies to ensure I have the appropriate rights but none has worked to this day. When I check event viewer for the above problem I see "Security policy cannot be propagated. Cannot access the template. Error code = 3. \*****.local\sysvol*****.local\Policies{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf."

Any help would be appreciated.

Adam Miklosi
  • 159
  • 1
  • 2
  • 11
Armin
  • 11
  • 1
  • 2
  • 2
    `I have this problem for over 2 years with my server and I basically cannot use windows server group policy due to this problem.` - Wow. Did you not once think about opening a support case with Microsoft in that 2 years? – joeqwerty Sep 12 '18 at 02:19
  • Because I thought that I have to have a support agreement with Microsoft to raise a support case. – Armin Sep 12 '18 at 02:42
  • That looks like possibly a corrupt policy. Rename that `{6AC17...}` folder. Add .bak to it or something and see if anything changes. Did you change permissions on the sysvol folder at any time? You may need to start over and just destroy the sysvol and policies. – Appleoddity Sep 12 '18 at 03:50
  • I have re-built SYSVOL once. changed the permissions and everything. I mean even if I rename {6AC17} thats still one GPO there are 7 GPOs in sysvol that they all have the same issue. – Armin Sep 12 '18 at 04:02
  • at one point I event tried dcgpofix tool, but I ended up with error "Unable to read EFS certificates from Registry.pol file of Default Domain Policy. The error was: The network name cannot be found." – Armin Sep 12 '18 at 04:25
  • IMHO there's a point in time that you have to make a decision. That point usually comes when you start changing and resetting permissions in the registry and system directory. Either open a support case with MS or rebuild from scratch. – spacenomyous Sep 17 '18 at 15:38

0 Answers0