VMware Horizon Community
eddy_chong
Contributor
Contributor

Horizon Instant Clone Log On - Group Policy not applied

Hi,

Currently i am deploying Horizon 7.11 with Windows 10 instant clone + DEM + Appvolumes. One of the issue i encountered randomly is my vdi user successfully logon to the virtual desktop but the group policies are not applied. Running gpupdate /r return error basically telling me particular group policy {xxxx-xxx-xxxx-xxxxx}\gpt.ini is not accessible. Which the mentioned policies {xxxx-xxx-xxxx-xxxxx} actually could not be found when i browse to the link \\domain\sysvol\domain\policies\.

The domain controller is pingable.

pastedImage_2.png

Also running gpresult /r returned an error message: INFO: The user does not have RSoP data

However, sometimes the logon by the same user does not face the same issue and the said policy actually exists in \\domain\sysvol\domain\policies\

The issues happens to the same domain controller, sometimes it hits the issue, sometimes it just works.

This looks like active directory issue to me, if anyone has faced similar issue and know which direction we should look into from the AD side, please share with me.

Thanks!

Eddy

Tags (1)
Reply
0 Kudos
5 Replies
RoderikdeBlock
Enthusiast
Enthusiast

You can try to force a gpupdate using the Post-Synchronization script:

pastedImage_0.png

Roderik de Block


Blog: https://roderikdeblock.com
Reply
0 Kudos
sjimmy
VMware Employee
VMware Employee

We are running into same issue. Were you able to resolve this issue and what was causing this issue ? Thanks.

Reply
0 Kudos
akandemir
Contributor
Contributor

We also have the same issue in our environment. Did you already find an fix? 

Reply
0 Kudos
mmettle
Contributor
Contributor

I'm experiencing the EXACT same issue. Anyone got any ideas?

Reply
0 Kudos
mmettle
Contributor
Contributor

Figured it out in my environment.....

  1. GPO loopback processing setting was in 2 computer GPOs on the same OU, with both "Replace" and "Merge" options (so I reckon there's a conflict there) - Removed the setting from one of them and left the "Replace" setting.
  2. "Turn off Resultant Set of Policy logging" was set to "Enabled". - Set to disabled.
  3. Disabled a registry GPO preference which was causing another error... 

Now I don't have errors running gpupdate and can run gpresult -r successfully for user scope. Happy days.

(Also note that it was someone else that built those conflicting policies so don't blame me for user error 😅)

Reply
0 Kudos