2 Replies Latest reply on Sep 9, 2019 5:42 AM by nielsgeursen

    Eventid 1128: The Group Policy Side Extension has been temporary disabled for VMware UEM.

    ArnoM Enthusiast
    vExpert

      Hi Guys,

       

      I'm wondering if you ever saw below issue before. We have a customer who is running VMware UEM 9.5 in a Horizon Cloud (IBM Cloud) environment.

       

      Sometimes the end-user will not receive any UEM settings when they log on. We see below messages appear in the event viewer and RSoP.

      (See below screenshots)

      EventID1128.jpgRSOP.png

       

      The workaround the customer is using right now is to close and reset the user connection, so when they re-logon they will get a new session and the problem is gone.

       

      I understand this issue could also be AD related and not specifically VMware UEM.

      The customer has a somewhat of an unusual AD configuration: they have an RODC and with Sites & Services the RDSH VMs and the end-users authenticate to this RODC.

      Another unusual configuration is the customer also copied the UEM .admx files locally on a Management server to C:\Windows\PolicyDefnitions instead of the SYSVOL folder which you normally would expect in Production environments.

       

      Trying to justify some recommendations (i.e. copy the .admx files to the SYSVOL, but don't know if this will actually solve this problem) and if someone can point me in the right direction that would be greatly appreciated!

        • 1. Re: Eventid 1128: The Group Policy Side Extension has been temporary disabled for VMware UEM.
          DEMdev Master
          VMware Employees

          Hi Arno,

           

          The event viewer screenshot references the Scripts client-side extension, which is not part of UEM, and I can't imagine that having an effect on UEM unless you run FlexEngine.exe as a logon script...

          Well... If that CSE caused the Group Policy service to terminate, that might of course also affect the UEM CSE. Are there any svchost.exe crash dumps or "crash events" logged around the time you see that event 1128?

           

          For the other screenshot, I'd like to see what that error listed below actually is .

           

          Having the ADMX templates in a local PolicyDefinitions folder rather than on SysVol shouldn't be an issue. The only thing is that you won't be able to view the UEM GPO properly on a system that does not have the templates, but that's just cosmetic – the GPO itself does not depend on the templates.

           

          I don't know much about AD, and definitely know nothing about read-only DC's or Sites & Services, so I can't really speak to that. Apart from the fact that we use a client-side extension (which is a bit of an exotic Group Policy feature), there's nothing special when it comes to AD or Group Policy usage or requirements in UEM...

          • 2. Re: Eventid 1128: The Group Policy Side Extension has been temporary disabled for VMware UEM.
            nielsgeursen Novice
            vExpert

            Hi Arno,

             

            I am experiencing the same issue with the exact same behavior.

            This is happening on Windows 2016 and with VMware DEM (UEM) Agent 9.7. I am not sure if we have RODC's but we have sites & services with multiple domain controllers.

             

            We mostly see this happening in the morning when all the users are logging in. First we thought it was related to the uptime of the server (7 days) but we are also seeing this on servers that are recently rebooted (2 hours uptime).

             

            I created a SR at VMware on provided logging. If I have an update I will let you know as well.

             

            Regards Niels