We all know that Group Policy engine makes a periodic update to entire Group Policy architecture in every 90 minutes. So when we configure a GPO setting, we need to wait this time for getting the setting applied to clients. Also, we might need clients to log out and log in back to make the settings effective.
See: Disable Background Refresh Of Group Policy In Windows.
In case, if we instantaneously need to update the GPO architecture just after applying the setting, we use the gpupdate /force
command. Use of the /force parameter can immediately update both user and computer level GPOs. The change will also apply to not just new or changed GPOs but to older GPOs as well.
However, sometimes running the gpupdate /force
command may fail to update GPO engine. We recently came around this issue on our Windows Server. Following message was displayed when we opted to update GP engine:
Computer policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
If you’re also facing this issue, this article will help you to resolve. Before we go to a solution, you must confirm following things:
- Check the DNS server, default gateway etc. settings on your system. It would be better if you run Network Adapter troubleshooter to found the connectivity issues and fix them.
- If you’re able to ping the domain, verify can you ping DC as well.
- In case if you ping to IP for the DC, are you able to get there.
There may be some connectivity issues indicated in above points, and correcting them should fix this. Else, you may try below steps additionally.
The Processing Of Group Policy Failed Because Of Lack Of Network Connectivity To A Domain Controller
1. Press + R and put secpol.msc
in Run dialog box. Click OK to open Security Policy snap-in.
2. Then in Security Policy snap-in window, navigate here:
Security Settings > Local Policies > User Rights Assignment
3. In the right pane of User Rights Assignment, double click on the Access this computer from the network policy. The setting basically determines which users can connect to the device from network. All you need to do is to make sure you’ve correct groups added here in this setting. Click Apply, OK and close Security Policy snap-in.
Once you ensure that, you can retry updating GP engine and it would work then without any issue.
Hope this helps!
Related: Group Policy Update Hangs In Windows.
Leave a Reply