2008 DC in a 2003 Domain/Forest
I recently installed a new 2008 domain controller in 2003 forest for a customer. The documentation on TechNet is straight-forward and I didn’t encounter any issues with upgrading the schema or the domain or DCPROMOing the server. I returned to the customer last week and discovered that Group Policy was not refreshing for the computer account and attempts to update global catalog related DNS entries were also failing.
GroupPolicy, 1055:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Web searches revealed nothing. At first I though it was my IPv6 configuration on the system. Nothing there. I tried adding the computer account to various groups, still nothing. After a day and a half, I finally felt that the promotion went bad somewhere and demoted the system, let it sit over the weekend and promoted it again. Same problems with different error messages.
GroupPolicy, 1097:
The processing of Group Policy failed. Windows could not determine the computer account to enforce Group Policy settings. This may be transient. Group Policy settings, including computer configuration, will not be enforced for this computer.
Web searches for this didn’t reveal a lot either. A reboot later and the error message changed with the same end result: Group Policy for the system was not refreshing.
GroupPolicy, 1006
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
This time, however, a web search turned up a KB and a hotfix: Events 1925, 1006, 1645, 1055, 40961 on new Windows Server 2008 domain controllers or error message: "No authority could be contacted for authentication" in Windows Vista when you try a Remote Desktop Connection. A quick call to Microsoft scored me the hotfix which has cleared up the problem: Yipee! Because this is at a customer site, I cannot verify the exact cause of the issue or whether it lines up with the cause described in the KB. I’m just glad that it worked.