Well, to be fair, it is really a wireless AND an OS issue. The OS is loading too quickly for the wireless or the wireless is loading too slowly for the OS (take your pick). Logon is processing before the network is connected, and thus, machine group policies are not applying properly, if at all. A better supplicant (and likely a better wireless NIC) will help with the problem.
We've standardized on Intel 5300 and 6200 series chipsets for the client side of our 802.11n deployment, along with Intel ProSET, and gone through multiple hoops to try and get as fast of a connection to the network as possible prior to the CTRL-ALT-DEL screen. We don't get GPO on the firt try every time, however a gpupdate /force gets it every time (so far, anyway). Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA jra...@eaglemds.com<BLOCKED::mailto:%20jra...@eaglemds.com> www.eaglemds.com<BLOCKED::http://www.eaglemds.com/> ________________________________ From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Thursday, October 14, 2010 10:44 AM To: NT System Admin Issues Subject: RE: Group Policy Problems Over Wireless I should've bet big. After plugging in one of the machines, group membership updated perfectly and the software was deployed. We tried a second machine and got the same results. So, this is almost certainly a wireless issue-not an AD issue. From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, October 13, 2010 2:37 PM To: NT System Admin Issues Subject: RE: Group Policy Problems Over Wireless Yeah, but you won't say how much money until you get the results, will you? :) If wireless is working well enough to use the computer and do other domain kinds of things, it doesn't cause wrong results from gpresult /v. Have you checked for replication issues among the DC's? Carl From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, October 13, 2010 2:24 PM To: NT System Admin Issues Subject: RE: Group Policy Problems Over Wireless I'm 99.9% sure this is a wireless issue, but will get that additional .01% assurance shortly. I have a technician plugging one of the lab machines in to see if the problem goes away. I'd bet money it does. From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, October 13, 2010 2:20 PM To: NT System Admin Issues Subject: RE: Group Policy Problems Over Wireless All things considered, you appear to have a group policy problem unrelated to the wireless, something easily proven by taking a problem machine and connecting it wired. The info you've posted about the event ID's was insufficient for me to research them further. Googling the event ID description text may also be useful. Good luck. Carl From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, October 13, 2010 1:47 PM To: NT System Admin Issues Subject: RE: Group Policy Problems Over Wireless Yeah, I've done the force. Half a dozen times. Been to that website, too, but have come up empty in terms of resolving this specific issue. I'm just stumped. Oddly, the deployment worked fine on one of the machines in the lab-and they're all ostensibly the same. I say ostensibly because clearly there's something different between the one that worked and the ones that didn't, but I have no clue what. From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, October 13, 2010 1:02 PM To: NT System Admin Issues Subject: RE: Group Policy Problems Over Wireless gpupdate /force Also eventid.net is your friend. Carl From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, October 13, 2010 12:38 PM To: NT System Admin Issues Subject: RE: Group Policy Problems Over Wireless Gpresult /v shows something odd. Below is an edited version of the results. The "TCHS SMART Sync 2010 Student Computer Assignment Policy" is the policy that pushes down the app. But it only does so to machines that are members of a group called "TCHS SMART Sync 2010 Student Computers." Now, the computer in question (TCHS-115-S02) *is* a member of that group, as confirmed by looking in ADUC. Yet gpresult says it's not. So if the machine doesn't know it's a member of the group, why is it trying to apply the software assignment policy at all? I don't get that. And the assignment is failing with event IDs 101, 102, and 108. Applied Group Policy Objects ----------------------------- TCHS SMART Sync 2010 Student Computer Assignment Policy The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- The computer is a part of the following security groups ------------------------------------------------------- BUILTIN\Administrators Everyone BUILTIN\Users NT AUTHORITY\NETWORK NT AUTHORITY\Authenticated Users This Organization TCHS-115-S02$ FCS Computers TCHS Admin Policy Computers Domain Computers System Mandatory Level From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, October 13, 2010 11:50 AM To: NT System Admin Issues Subject: RE: Group Policy Problems Over Wireless What are you using for a wireless supplicant (program that configures the SSID etc.)? Windows WZC or something specific to the wireless? Whichever one you are using, turn it off and try the other. Also download and install the latest wireless NIC drivers. All else being OK, generally the "trick" is to use WZC, but as some have indicated, sometimes the vendor utility, assuming it runs as a service, might be OK. I would also disable any wired adapter that may be present. Also make sure your group policies are in effect using gpresult /v - especially the one about always waiting for network. Carl From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, October 13, 2010 10:26 AM To: NT System Admin Issues Subject: Group Policy Problems Over Wireless Short version: Is there a trick to improving group policy processing when accessing the network wirelessly? Long version: We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, connecting to Server 2008 R2 DC. I'm trying to deploy a piece of software to these machines via Group Policy. I have things setup so that if the machine is a member of a certain group, the software is deployed. Unfortunately, it only worked correctly on one of the machines-on all the rest, the software isn't being deployed. So I connect to any of the machines that didn't get the software, and run gpresult. It doesn't show me that those machines are members of the group that gets the software. But I know they are; I've confirmed in ADUC on the DC. They're just not picking up group membership. Looking at the event log for events that happen around startup, I see things that make me think group policy processing is trying to happen prior to the wireless network being initialized. Things like: Event ID 5719 (There are currently no logon servers available to service the logon request.) Event ID 129 (NtpClient was unable to set a domain peer to use as a time source because of discovery error.) Event ID 1129 (The processing of Group Policy failed because of lack of network connectivity to a domain controller.) Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. You can log in (including as someone who has never logged into the machine before), ping the DC, browse to \\domain\syvol<file:///\\domain\syvol>, and so on. It's just that at that point, group policy processing seems to have given up. My machines aren't figuring out that they've been added to a new group. John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ________________________________ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
