VMware Horizon Community
ArnoM
Enthusiast
Enthusiast
‎05-23-2019 06:11 AM

Eventid 1128: The Group Policy Side Extension has been temporary disabled for VMware UEM.

Hi Guys,

I'm wondering if you ever saw below issue before. We have a customer who is running VMware UEM 9.5 in a Horizon Cloud (IBM Cloud) environment.

Sometimes the end-user will not receive any UEM settings when they log on. We see below messages appear in the event viewer and RSoP.

(See below screenshots)

EventID1128.jpgRSOP.png

The workaround the customer is using right now is to close and reset the user connection, so when they re-logon they will get a new session and the problem is gone.

I understand this issue could also be AD related and not specifically VMware UEM.

The customer has a somewhat of an unusual AD configuration: they have an RODC and with Sites & Services the RDSH VMs and the end-users authenticate to this RODC.

Another unusual configuration is the customer also copied the UEM .admx files locally on a Management server to C:\Windows\PolicyDefnitions instead of the SYSVOL folder which you normally would expect in Production environments.

Trying to justify some recommendations (i.e. copy the .admx files to the SYSVOL, but don't know if this will actually solve this problem) and if someone can point me in the right direction that would be greatly appreciated!

Blog: https://arnomeijroos.com/ Twitter: @ACMeijroos
Reply
0 Kudos
4 Replies
DEMdev
VMware Employee
VMware Employee
‎05-23-2019 08:47 AM

Hi Arno,

The event viewer screenshot references the Scripts client-side extension, which is not part of UEM, and I can't imagine that having an effect on UEM unless you run FlexEngine.exe as a logon script...

Well... If that CSE caused the Group Policy service to terminate, that might of course also affect the UEM CSE. Are there any svchost.exe crash dumps or "crash events" logged around the time you see that event 1128?

For the other screenshot, I'd like to see what that error listed below actually is Smiley Happy.

Having the ADMX templates in a local PolicyDefinitions folder rather than on SysVol shouldn't be an issue. The only thing is that you won't be able to view the UEM GPO properly on a system that does not have the templates, but that's just cosmetic – the GPO itself does not depend on the templates.

I don't know much about AD, and definitely know nothing about read-only DC's or Sites & Services, so I can't really speak to that. Apart from the fact that we use a client-side extension (which is a bit of an exotic Group Policy feature), there's nothing special when it comes to AD or Group Policy usage or requirements in UEM...

Reply
0 Kudos
nielsgeursen
Enthusiast
Enthusiast
‎09-09-2019 05:42 AM

Hi Arno,

I am experiencing the same issue with the exact same behavior.

This is happening on Windows 2016 and with VMware DEM (UEM) Agent 9.7. I am not sure if we have RODC's but we have sites & services with multiple domain controllers.

We mostly see this happening in the morning when all the users are logging in. First we thought it was related to the uptime of the server (7 days) but we are also seeing this on servers that are recently rebooted (2 hours uptime).

I created a SR at VMware on provided logging. If I have an update I will let you know as well.

Regards Niels

Reply
0 Kudos
Bickity
Contributor
Contributor
‎07-21-2020 07:28 AM

Did you get any update from VMware on this problem? I just experienced this on server 2019 for the first time. There are a series of failure events, but DEM is the first that happens...

pastedImage_1.png

Reply
0 Kudos
gerrybo
Contributor
Contributor
‎10-28-2021 11:26 AM

Also experiencing this issue on various Server 2019 RDSH using VMware DEM 10.3. As mentioned by someone else, multiple 1128 errors, but the first is always VMWare DEM leading me to believe that's the cause of the problem. 

 

Reply
0 Kudos