3 Replies Latest reply on Sep 13, 2017 8:26 AM by DEMdev

    UEM GPO Randomly not Applying

    epa80 Enthusiast

      I know this is more of an Active Directory/GPO question, but, going to post it here and see if anyone has come across a similar experience.


      We were troubleshooting a pool earlier, where, at a very high rate, our VMs were not applying the UEM GPO. For whatever reason, it was only this one pool of 500 (we have 3000 VMs total), and even in this pool, it wasn't every time. Very hit or miss.


      When digging through the event viewer, we came across this error exactly on the problem desktops:




      These VMs were created on August 11th. We have a locally set limit of 90 days before the computer account password can expire, so that wasn't it. We tried linking it to refreshes, but again, hit or miss. Meaning I could refresh a desktop, sometimes it would be ok, sometimes not. Frustrating that we can't spot anything consistently linked, other than the pool itself. Which means perhaps the parent? But we don't know what to really look for. Our parent is built off the domain, and joining the domain is handled via QuickPrep.


      We did delete the pool outright, and all computer accounts, and thus far our testing has gone well, 19 out of 20 logins show UEM properly working. Of course, there's ONE to keep us annoyed. Has anyone seen issues similar to this? I'll be happy to talk to my Domain guy about it, but, I just need a bit more ammo.


      Thanks in advance.

        • 1. Re: UEM GPO Randomly not Applying
          DEMdev Master
          VMware Employees

          Hi epa80,


          You might need a GPODev, ADDev, or HorizonDev instead of me :-), but here are a few thoughts:

          • Is there any relevant info in the details of the event log messages?
          • Are other GPOs coming through correctly to the VMs in this pool?
          • Could there be an (intermittent) issue with connectivity to the DC(s)?
          • 2. Re: UEM GPO Randomly not Applying
            epa80 Enthusiast

            Thanks for the reply. And yeah, I don't think this has anything to do with UEM, I posted it here though just because I thought with UEM so reliant on GPO running properly, maybe some mother UEM customer has come across this type of issue. In truth though, any VDI environment reliant on GPOs would see it.


            Just this morning I logged into our pool we believe is having the issue, and again saw the issue. Some further testing showed another pool having the issue. The commonality of these 2 pools is they exist in the same VDI cluster of hosts. So now we're at that level, cluster. Another pool we tested in a separate cluster, we couldn't get the issue to happen.


            So, on the VM it happened on today, this is the screenshot of the error in event viewer, and the text from the details tab is below that. You'll see that the error happened at 8:28AM. I didn't login through View onto the VM until about 8:55AM. Our working theory right now goes something like this:


            • VMs in this cluster get refreshed.
            • Some of the VMs for some reason are not binding to the network fast enough, and thus their GPOs do not run initially.
            • If a user logs in before the GPO update interval occurs, the user will have the GPO not running issue. Noticed mostly by UEM because we deliver a ton of icons with them.


            So we're at a bit of a loss. Any input is appreciated.




            + System



              - Provider



               [ Name]  Microsoft-Windows-GroupPolicy

               [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}


               EventID 1096


               Version 0


               Level 2


               Task 0


               Opcode 1


               Keywords 0x8000000000000000


              - TimeCreated



               [ SystemTime]  2017-09-13T12:28:34.256250000Z


               EventRecordID 45808


              - Correlation



               [ ActivityID]  {8ECF79A7-CAD3-4787-BF63-A1AFA9B125C4}


              - Execution



               [ ProcessID]  112

               [ ThreadID]  1320


               Channel System


               Computer REDACTED


              - Security



               [ UserID]  S-1-5-18




            - EventData



              SupportInfo1 2

              SupportInfo2 1254

              ProcessingMode 1

              ProcessingTimeInMilliseconds 3188

              ErrorCode 64

              ErrorDescription The specified network name is no longer available. 

              DCName \\domain.controller.fqdn

              GPOCNName LDAP://CN=Machine,cn={DE16CA21-9FDB-4B20-8FED-DC8297247855},cn=policies,cn=system,DC=rdacted,DC=redacted,DC=redacted

              FilePath \\domain\sysvol\domain\Policies\{DE16CA21-9FDB-4B20-8FED-DC8297247855}\Machine\registry.pol

            • 3. Re: UEM GPO Randomly not Applying
              DEMdev Master
              VMware Employees

              ErrorDescription The specified network name is no longer available also seems to point to some networking issue, but I'm afraid I have no ideas for further troubleshooting.


              You could of course configure UEM in NoAD mode so you're not dependent on GPO, but it's probably better to get your infrastructure issues sorted first :-)