Group Policy Intermittently Failing to Process
Our team was asked to take a look at an escalated ticket about intermittent issues with missing icons, profile settings, and various group policy preference items not applying.
Since the information contained in the escalated ticket/case didn’t have much details to go off of we started with the basics.
- Does the user have a profile on the File Server? Is the Profile corrupted?
- You can verify if a NTuser.dat file is corrupted by copying it to a new location and then loading it into Registry editor.
- Does the user have Folders and Files on the File Server where the Folder Redirection Group Policy location is configured for?
- Are permissions set correctly on the Folders/Files?
- Are the XenDesktop virtual machines in the correct Active Directory OU?
- Have there been any changes to the GPO’s?
- Find the last or current virtual machine that the user logged into and check the event logs for details if there were GPO’s that failed to apply.
- Is Citrix Profile Manager logging enabled? Check the log file.
- Can you reproduce the issue with your account?
- How often does the user experience this issue? Did the user log off and then log back in when trying to reproduce the issue or did they just disconnect and reconnect?
After verifying some of the basic details, we tried to reproduce the issue by logging on to a XenDesktop virtual machine, creating a file on the desktop then logging off. A couple times of logging on and off quickly, we notice that a new profile was being setup. The files that I previously created were missing from the desktop and GPO’s that configure default user settings such as hiding first run popups were not applied.
Now that I was able to reproduce the issue, I opened up the Event Viewer and started looking through the System log. I noticed 2 events in particular that occurred when the virtual machine initially started up.
Error NETLOGON 5719
Error GroupPolicy 1055
Based on these events and Microsoft’s KB article, it was clearly an issue with our group policies not applying before a user logged into the virtual machine. That explains why it took us several attempts to reproduce the issue. We need to be logged into a virtual machine that was recently rebooted to see the issues.
Next step was to create a PVS maintenance version of our Citrix XenDesktop image, update the registry and promote the version to our test target devices. Testing was successful and we were able to promote the version to production.
Policies are now applied correctly and files persist after logging off and on multiple times.
Microsoft KB article information-
Symptoms:
Windows 7 clients intermittently fail group policy processing at startup or reboot. The following events are logged in the System event log:
Error NETLOGON 5719
Error GroupPolicy 1055
Cause:
The behavior is caused by a race condition between network initialization, locating a Domain Controller and processing Group Policy. If the network is not available, a Domain Controller will not be located, and Group Policy processing will fail. Once the operating system has loaded and a network link is negotiated and established, background refresh of Group Policy will succeed.