Network interruption whenever GPO updates (event log SciCli Event ID 1704)

Discussion in 'Windows Server' started by Erik Wogstad, Jun 18, 2009.

  1. Erik Wogstad

    Erik Wogstad Guest

    Meinolf and Ace,

    Just to be clear, none of our wokstations were created from images.
    All are off-the shelf hp workstations, with XP factory preinstalled.
    The Win2K server OS was installed from scratch using original MS
    installation CD (Wn2K advanced server) onto HP Proliant ML370-G3
    server. So I don't think any imaging issues are relevant to my

    That said, I'm not sure we've conquered the problem yet. For testing
    purposes, I've deliberately left programs open with files in use to
    test for interruptions. I also left open a terminal services session
    from my workstation to the server. Another interruption last night,
    wth terminal session lost and applications reporting unexpected lost
    connections. I reopened TS noted saw this am that SceCli EventID 1704
    was logged around 2:00 am.

    For good measure, I will reboot server and workstations and see what
    happens. Prior pattern suggests another interruption will hit at 7:00
    pm this eve when security policies are scheduled to update again.

    So what all hapens in the background when "security policy in GPO are
    applied". What other settings can I check? Can objects get
    corrupted? Rebuilt? Other factors to consider?

    Erik Wogstad, Jun 23, 2009
    1. Advertisements

  2. I don't like it either, but that customer needed a quick fix, and that was
    the only thing I can think of. Believe me, I know exactly what you're
    talking about. I hate NewSID, but the guy was kind of desperate. There are
    numerous places in the reg, etc, that NewSID or any other SID changer
    doesn't do the trick correctly. I think it's junk, but that's my opinion. I
    would rather sysprep the machine, then restart and trap the restart to image

    I told him to not image any more machines until we can schedule a time so I
    can sysprep his image for him on a weekend or something.

    Ace Fekay [Microsoft Certified Trainer], Jun 23, 2009
    1. Advertisements

  3. I'm trying to read back in the thread. There are numerous posts, so maybe if
    I can ask you, is how many GPOs are created in the domain? If anything other
    than the default policies, what settings are in them? Have the default
    policies been changed?

    What DNS address is the TS machine using?

    Here are some links to look at to help troubleshoot GPOs:

    Group Policy Troubleshooting

    Assuming all the DCs, servers and client machines are only using the
    internal DNS servers, and you feel the DNS infrastructure is running clean,
    all machines can resolve all internal DCs, no services are disabled on any
    DCs (such as the DHCP Client service), etc, and there are no errors in the
    DC event viewers, or the client machines that this is occuring on, then I
    think you will need to dig a little deeper with GPO logging.

    Try creating a separate OU, link the GPO to it, then move that user into it.
    Then enable logging and see what is happening. Please take a look at the
    following links to help guide you.

    Fixing Group Policy problems by using log files

    Enable Logging for Group Policy Object Editor Client Side Extensions

    Troubleshooting Group Policy application problems

    Enable Verbose Global Policy Logging

    JSI Tip 3100. How do enable Group Policy debug logging on a Windows 2000

    Ace Fekay [Microsoft Certified Trainer], Jun 23, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.