New client cannot apply GPOs.
Recently I came across bizarre issue regarding my courageous business environment with Debian 8 as Microsoft domain controller (DC). After redeploying and rejoining one of my workstations running Windows 10, the client was unable to load and apply GPOs. Both user, and computer policies raised (Event id 1058 error code 65). From new machine I was able to navigate sysvol share using \\SERVERNAME\sysvol, but not using \\FQDN\sysvol (wild credentials prompt appeared, but never authorized correctly).
Wrong lead.
After spending numerous hours digging through samba logs, few days later I figured it might have to do something with time synchronizations between server and clients. To my surprise running:
net time /domain:AD.EXAMPLE.COM /SET
and:
gpupdate /force /logoff
worked like charm. From this point I blamed NTP Server and reconfigured Samba with new settings.
You can imagine my surprise when I came across this problem again week before. It turned out that I was using my sysprep image with Windows 10 version (1607) January build. From now on builds up from October 2016 have this bug fixed.
Summary:
Event id 1058 error code 65 – make sure you are running latest Windows 10 builds or look for UNC path hardening registry records.
Leave a Reply