Well, Ken got me down the correct path, methinks. I had an old GPO still linked to the DC's OU that had a (long since decommissioned) WSUS server set up in it. I've removed those links.
However, it appears that the actual GPO object itself is not anywhere in my SYSVOL. As a matter of fact, it appears that _ALL_ of my GPO's, even the "standard" ones like "Default Domain Controller", don't exist as files. So this is now a much bigger problem: Why are they all missing... and what do I do about it? Reading up on how to troubleshoot this now. FWIW: I have a boatload of "can't load policy" errors in my event log. The SYSVOL share has only a single GUID in the policies folder... despite having 8-10 polices in the MMC snap in.... all of which barf when I try to view or edit them. <sigh> -sc PS- Aren't we all supposed to have multiple DC's for redundancy? :) I have most of my home infrastructure setup such that losing the domain would be a pain... file perms, SQL authentication, and the biggie: Exchange. I ran one for a long time, and had the root disk hiccup on me a couple of times, and it made me nervous. So when I virtualized the home environment, I put a DC on 2 of the ESXi severs I built up. -----Original Message----- From: Richard Stovall [mailto:[email protected]] Sent: Tuesday, January 05, 2010 8:29 PM To: NT System Admin Issues Subject: Re: Windows Update failure I have had somewhat similar problems in the past with Windows Update that were apparently caused by using OpenDNS for my external resolvers, and thereby receiving sub-optimal responses for Windows Update-related sites. update.microsoft.com is a small maze of distributed sites, and for a while earlier this year if I used OpenDNS at work it would often take > 5 minutes to load any pages (on XP, etc.). I went so far as chasing down all the related domains I could find (nsatc.net, etc.) and putting in conditional forwarders for them to DNS servers other than OpenDNS. YMMV, but I did see drastically improved Windows Update performance after adding the forwarders and moving resolution of update.microsoft.com, microsoft,com, www.update.microsoft.com.nsatc.net, and a handful of others away from OpenDNS. (Having said all this, I don't think that OpenDNS' responses were/are invalid. I think that probably what happened is that for a while I was being sent to destinations that just didn't perform very well. PS You have 2 DCs at your house? On Tue, Jan 5, 2010 at 7:32 PM, Steven M. Caesare <[email protected]> wrote: > So.. both my home Win2K8sp1 DC's decided to stop resolving DNS twice > in the last several days. The service was running, it just stopped resolving names. > A restart of the service did the trick. > > > > Being the typical cobbler without shoes, I hadn't patched these boxes > in a while. Attampting to Windows Update either of them results in a > failure code 8024402C in the GUI. Curiously, this is not logged in > Applications, Security, System or MS/Windows/windowsUpdateClient/Operational event logs. > > > > The MS article for this error > (http://windows.microsoft.com/en-US/windows-vista/Windows-Update-error > -8024402C), appears to suggest generic connectivity issues (firewall, > etc..) or WSUS. > Neither apply here (and I disabled IE ESC to be sure). I can browse > the interweb just fine > > > > No AV or local FW enabled. Nor proxy. > > > > Thoughts? > > > > -sc > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
