| Author | Messages | |
DhirajHaritwal
Posts:23
 | | 07/01/2009 1:43 PM |
| Can I verify both policy settings (Vista & XP) in AD
Dhiraj
From: gptalk-owner@lists.gpoguy.com [mailto:gptalk-owner@lists.gpoguy.com] On Behalf Of Mike Elliott
Sent: Wednesday, July 01, 2009 5:28 PM
To: gptalk@lists.gpoguy.com
Subject: Re: [gptalk] Extension Wireless ProcessGroupPolicy failed, status 0x201b
You need to be administering GP settings from either a Windows Vista client or from a Windows 2008 Server box, not a W2K3.
Mike
2009/7/1 Haritwal, Dhiraj <Dhiraj.Haritwal@ap.sony.com<mailto hiraj.Haritwal@ap.sony.com>>
Mike,
I have created one Policy for XP also but still on Win 2K3 ADC gpmc it's showing only one policy which is for XP. It's still a mystery that why in 2K3 AD GPMC it's showing only XP policy but on my Vista machine, it's showing both policy (Vista & XP).
Does anybody have any idea, where exactly it store the Wireless policy settings in AD Sysvol.
Dhiraj
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Mike Elliott
Sent: Tuesday, June 30, 2009 1:15 PM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: Re: [gptalk] Extension Wireless ProcessGroupPolicy failed, status 0x201b
This might sound obvious, but there needs to be a policy for each OS. A Vista policy for Vista machines and another XP policy for XP machines. As it stands the XP machines will be able to see and read the gpo itself but there is no relevant XP policy in there for them to apply.
Mike
2009/6/30 Haritwal, Dhiraj <Dhiraj.Haritwal@ap.sony.com<mailtohiraj.Haritwal@ap.sony.com>>
Darren,
All XP machines are having SP3. Yes, I am facing this problem on XP machines only. On Win 2K3 server side I am getting the below error in GPMC. Is it because I have created a Wireless Vista Policy (as per below screenshot). Where exactly I can see this wireless info in sysvol folder.
[cid:image001.png@01C9FA77.7B2786D0]
[cid:image002.png@01C9FA77.7B2786D0]
Thanks & Regards,
Dhiraj Haritwal
System Administrator
Sony India Pvt. Ltd.
Tel. No. : +91-11-66006276
Mobile No. : +91-9873585408
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Darren Mar-Elia
Sent: Monday, June 29, 2009 10:36 PM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: RE: [gptalk] Extension Wireless ProcessGroupPolicy failed, status 0x201b
The fact that XP thinks the GPO does not exist is puzzling. Clearly it found the GPO enough to know it had to process it. But when the Wireless extension runs, its not finding the GPO settings. If I remember correctly, Wireless settings are stored in AD, within the GPC part of the GPO. The ony thing I can think of is that somehow the XP machines cannot read the Wireless settings out of AD -- I would check permissions on the GPC and drill into the "Machine" container to see if you can view the permissions on it. Also, you say you have SP3 on those boxes, which is required (or you would need the hotfix for SP2) to process WPA2 settings. Can you verify that SP3 is really installed correctly? I think its suspicious that only XP machines are having the issue.
Darren
--- On Mon, 6/29/09, Haritwal, Dhiraj <Dhiraj.Haritwal@ap.sony.com<mailtohiraj.Haritwal@ap.sony.com>> wrote:
From: Haritwal, Dhiraj <Dhiraj.Haritwal@ap.sony.com<mailtohiraj.Haritwal@ap.sony.com>>
Subject: RE: [gptalk] Extension Wireless ProcessGroupPolicy failed, status 0x201b
To: "gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>" <gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>>
Date: Monday, June 29, 2009, 6:11 AM
Darren,
Waiting for your reply.
Dhiraj
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Haritwal, Dhiraj
Sent: Saturday, June 27, 2009 12:05 PM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: RE: [gptalk] Extension Wireless ProcessGroupPolicy failed, status 0x201b
There is no security group/WMI Filters. OS is also same XP SP3.
Sorry just now I realized that Wireless policy is not applying on any of XP Machines & showing "Policy object doesn't exist".
Now the confusion is then how it's working on Vista machines & on XP is showing Object not found.
Dhiraj
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Darren Mar-Elia
Sent: Friday, June 26, 2009 8:59 PM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: RE: [gptalk] Extension Wireless ProcessGroupPolicy failed, status 0x201b
Well, the error is pretty clear in that the system can't find the GPO. Is this GPO using any security group or WMI filters? Any differences in OS updates between the XP machines where its working and those where its not?
Darren
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Haritwal, Dhiraj
Sent: Thursday, June 25, 2009 9:47 PM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: RE: [gptalk] Extension Wireless ProcessGroupPolicy failed, status 0x201b
Darren,
But I have seen the Same DC as logon server on XP Machines where Wireless policy is showing error but the same DC is coming on my Vista machine where I able to see Wireless Policy with the settings which I have configured.
I have configured Wireless policy from Vista Machine with RSAT because in windows 2003 there is no option for WPA2. I don't think so Schema updation required for Wireless Policy.
Now it's very strange that on Vista Machines as well as some XP Machines, Wireless policies are applied but on some XP Machines showing errors.
GPOTool is showing Policy OK on both of my Win WK3 ADC's.
============================================================
Policy {5BBA7734-8580-48DB-A96E-FC866D750EEC}
Friendly name: Wireless Users Policy
Policy OK
============================================================
Dhiraj
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Darren Mar-Elia
Sent: Thursday, June 25, 2009 9:46 PM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: RE: [gptalk] Extension Wireless ProcessGroupPolicy failed, status 0x201b
I doubt the problem is caused by lack of schema updates. Mike is correct that if you are in a Server 2003 AD environment, you need to have applied the Server 2008 AD schema extensions in order to even see the new Wireless policy stuff from a Vista or 2008 GPMC editor. I suspect Dhiraj's problem is really related to GPO replication issues. Dhiraj---I would run GPOTool.exe against your DCs for the GPO that is delivering that wireless policy and make sure all DCs have the same version.
Darren
From: gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<mailto:gptalk-owner@lists.gpoguy.com>] On Behalf Of Mike Elliott
Sent: Thursday, June 25, 2009 8:49 AM
To: gptalk@lists.gpoguy.com<mailto:gptalk@lists.gpoguy.com>
Subject: Re: [gptalk] Extension Wireless ProcessGroupPolicy failed, status 0x201b
I found that I was not able to even create a Wifi policy for Vista clients until this schema update had been applied. The necessary schema attributes are not there. In attempting to add a new Vista policy in GPMC I got an error describing the missing attributes.
Mike
2009/6/25 Timo Ylitalo <boniziwa@gmail.com<http://us.mc6.mail.yahoo.com/mc/compose?to=boniziwa@gmail.com>>
I am not sure whether this is what's causing your problem. I also have 2003 AD and I have to set up wireless settings through group policy in the near future, so it would be interesting to know, whether one needs the schema update to configure wireless policy to XP SP3 and Win7 clients. Btw, from what OS are you configuring the group policy, I mean do you use the 2003 or vista or perhaps Windows 7 RC? I'd also like to know whether the OS that your configuring the settings has any effect on this, I mean you do get all the new policy settings when using e.g. Windows 7 RC. I guess I am not much of a help here, just more questions Maybe someone smarter than me can help.
- Timo
2009/6/25 Haritwal, Dhiraj <Dhiraj.Haritwal@ap.sony.com<http://us.mc6.mail.yahoo.com/mc/compose?to=Dhiraj.Haritwal@ap.sony.com>>
Very strange! Then how come it's working on mostly Vista & some XP Machines. I am using windows 2003 AD & XP-SP3 / Vista-SP1/SP2 clients. Best part is I have seen this problem on some XP machines (SP3).
Second thing if client is not able to get the object, do you think it's because of the AD Schema modification.
Dhiraj
From: gptalk-owner@lists.gpoguy.com<http://us.mc6.mail.yahoo.com/mc/compose?to=gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<http://us.mc6.mail.yahoo.com/mc/compose?to=gptalk-owner@lists.gpoguy.com>] On Behalf Of Timo Ylitalo
Sent: Thursday, June 25, 2009 6:21 PM
To: gptalk@lists.gpoguy.com<http://us.mc6.mail.yahoo.com/mc/compose?to=gptalk@lists.gpoguy.com>
Subject: Re: [gptalk] Extension Wireless ProcessGroupPolicy failed, status 0x201b
I don't know if this has anything to do with your problem, but I've read that you need to extend your Active Directory Schema in some cases (depending on your domain controller operating system) when configuring wireless settings through group policy. Here's more detailed information http://technet.microsoft.com/en-us/library/bb727029.aspx
- Timo
2009/6/25 Haritwal, Dhiraj <Dhiraj.Haritwal@ap.sony.com<http://us.mc6.mail.yahoo.com/mc/compose?to=Dhiraj.Haritwal@ap.sony.com>>
It's replicated to both. I am also getting the below error message in GPMC Result for those clients.
Error! Filename not specified.
Dhiraj
From: gptalk-owner@lists.gpoguy.com<http://us.mc6.mail.yahoo.com/mc/compose?to=gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<http://us.mc6.mail.yahoo.com/mc/compose?to=gptalk-owner@lists.gpoguy.com>] On Behalf Of Florian Frommherz
Sent: Thursday, June 25, 2009 5:28 PM
To: gptalk@lists.gpoguy.com<http://us.mc6.mail.yahoo.com/mc/compose?to=gptalk@lists.gpoguy.com>
Subject: RE: [gptalk] Extension Wireless ProcessGroupPolicy failed, status 0x201b
Howdie!
201b is a hex code for 8219 which stands for "ERROR_POLICY_OBJECT_NOT_FOUND". Can you check whether the wireless policy in question has been replicated (both SYSVOL and AD portions) to all DCs (e.g. the DC the test user logs on to)?
Cheers,
Florian
________________________________
Von: gptalk-owner@lists.gpoguy.com<http://us.mc6.mail.yahoo.com/mc/compose?to=gptalk-owner@lists.gpoguy.com> [mailto:gptalk-owner@lists.gpoguy.com<http://us.mc6.mail.yahoo.com/mc/compose?to=gptalk-owner@lists.gpoguy.com>] Im Auftrag von Haritwal, Dhiraj
Gesendet: Donnerstag, 25. Juni 2009 10:59
An: gptalk@lists.gpoguy.com<http://us.mc6.mail.yahoo.com/mc/compose?to=gptalk@lists.gpoguy.com>
Betreff: [gptalk] Extension Wireless ProcessGroupPolicy failed, status 0x201b
Hi,
I have deployed one Wireless GP to configure WPA2 on XP/Vista machines. Now on some XP Machines I am getting the below error message in Event viewer/Userenv & clients are not showing Wireless policy. Kindly tell me what can be the reason.
USERENV(54c.a6c) 11:25:34:086 ProcessGPOs: Extension Wireless ProcessGroupPolicy failed, status 0x201b.
USERENV(54c.a6c) 13:13:37:649 ProcessGPOs: Extension Wireless ProcessGroupPolicy failed, status 0x201b.
USERENV(54c.a6c) 14:43:38:293 ProcessGPOs: Extension Wireless ProcessGroupPolicy failed, status 0x201b.
USERENV(54c.a6c) 16:37:39:034 ProcessGPOs: Extension Wireless ProcessGroupPolicy failed, status 0x201b.
USERENV(54c.550) 18:17:48:917 MyRegUnLoadKey: Failed to unmount hive 00000005
USERENV(54c.550) 18:17:48:932 DumpOpenRegistryHandle: 2 user registry Handles leaked from \Registry\User\S-1-5-21-376907524-191846188-1232828436-77614
USERENV(54c.550) 18:17:48:932 UnloadUserProfileP: Didn't unload user profile <err = 5>
USERENV(54c.550) 18:17:49:948 UnloadUserProfile: UnloadUserProfileP failed with 0
USERENV(54c.151c) 18:17:55:011 CEvents::Report: ReportEvent failed. Error = 1717
USERENV(780.1034) 18:17:56:120 GetUserNameAndDomain: MyGetUserNameEx failed for NT4 style name with 1115
USERENV(780.1034) 18:17:56:417 GetUserNameAndDomain: MyGetUserNameEx failed for NT4 style name with 1115
USERENV(780.1108) 18:17:56:432 GetUserNameAndDomain: MyGetUserNameEx failed for NT4 style name with 1115
USERENV(54c.550) 09:27:02:093 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(54c.550) 09:27:02:109 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(54c.550) 09:27:02:109 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(54c.368) 09:28:12:066 ProcessGPOs: Extension Wireless ProcessGroupPolicy failed, status 0x201b.
USERENV(54c.b4c) 11:14:23:634 ProcessGPOs: Extension Wireless ProcessGroupPolicy failed, status 0x201b.
USERENV(54c.b4c) 12:51:24:248 ProcessGPOs: Extension Wireless ProcessGroupPolicy failed, status 0x201b.
USERENV(6d0.102c) 14:03:39:085 GetUserGuid: Failed to impersonate user with 5.
USERENV(6d0.102c) 14:03:39:116 GetProfileType: Profile is not loaded.
USERENV(12ac.14d8) 14:03:44:429 GetUserGuid: Failed to impersonate user with 5.
USERENV(12ac.14d8) 14:03:44:444 GetProfileType: Profile is not loaded.
Regards,
Dhiraj
________________________________
This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway..
________________________________
This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway..
________________________________
This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway..
________________________________
This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway..
________________________________
This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway..
________________________________
This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway..
________________________________
This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway..
________________________________
This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway..
________________________________
This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway..
| | | |
|
|