Windows failed to apply the Group Policy Folder Options settings.
약 1시간 30분 ~ 2시간 간격으로 다음의 오류가 System 로그에 쌓이는 현상이 발생했습니다.
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2011-05-16 오전 11:41:38
Event ID: 1085
Task Category: None
Level: Warning
Keywords:
User: TESTAD\SeongTae Jeong
Computer: win2008x86.testad.com
Description:
Windows failed to apply the Group Policy Folder Options settings. Group Policy Folder Options settings might have its own log file. Please click on the "More information" link.
마치 그것만 있으면 어떻게 알 수 있겠냐는 듯이, 부가적으로 다음과 같은 오류도 약 1시간 30분 ~ 2시간 간격으로 Application 로그에 쌓였습니다.
Log Name: Application
Source: Group Policy Folder Options
Date: 2011-05-16 오전 9:33:59
Event ID: 8194
Task Category: (2)
Level: Error
Keywords: Classic
User: SYSTEM
Computer: win2008x86.testad.com
Description:
The client-side extension could not remove user policy settings for 'Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}' because it failed with error code '0x8007000d The data is invalid.' See trace file for more details.
검색해 보니 다음의 글이 나오는데,
Event ID 1085 - Application of Group Policy
; https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc727303(v=ws.10)
이에 따라 테스트 삼아서 gpupdate.exe를 실행하니 아래와 같은 결과가 나옵니다.
C:\Windows\system32>gpupdate
Updating Policy...
User Policy update has completed successfully.
The following warnings were encountered during user policy processing:
Windows failed to apply the Group Policy Folder Options settings. Group Policy Folder Options settings might have its own log file. Please click on the "More in
formation" link.
Computer Policy update has completed successfully.
For more detailed information, review the event log or invoke gpmc.msc to access information about Group Policy results.
비록 해결책은 아니지만, gpupdate 실행으로 위에서 열거했던 2가지 이벤트 로그 오류가 정확하게 재현이 되는 것을 확인했습니다. 절반은 성공했군요. ^^
좀 더 검색하니, 해결책이 나오는데요.
Error message on a domain controller that is running Windows Server 2008: "The client-side extension could not remove user policy settings for 'Domain Name {GUID}' because it failed with error code '0x8007000d The data is invalid.'"
; http://support.microsoft.com/kb/977564/en-us
캐시 파일이 깨져서 발생한다고 합니다. 이 때문에, 깨진 캐시 파일을 지워야 하는데 그 파일의 경로를 알기 위해서는 Group Policy에 대한 로그를 남기도록 설정을 해줘야 한다고 하는데, 이 방법에 대해서는 다음의 글에서 자세하게 설명해 주고 있습니다.
Enabling Group Policy Preferences Debug Logging using the RSAT
; https://docs.microsoft.com/en-us/archive/blogs/askds/enabling-group-policy-preferences-debug-logging-using-the-rsat
따라서, gpedit.msc를 실행하고 "Computer Configuration\Policies\Administrative Templates\System\Group Policy\Logging and tracing"으로 이동한 후, 이제 이전에 발생했던 이벤트 로그 항목에서 보았던 것("Group Policy Folder Options settings")처럼 다양한 "Logging and tracing" 항목들 중에서 "Folder Options Policy Processing"을 선택하여 로그가 남도록 설정합니다.
그다음 gpupdate를 다시 실행시키면 (Windows Server 2008의 경우) C:\ProgramData\GroupPolicy\Preference\Trace 경로에 로그 파일이 남습니다. 제 경우에는 User.log 파일 하나가 생성되었는데요. 다음과 같은 내용을 포함하고 있었습니다.
2011-05-16 12:02:45.549 [pid=0x404,tid=0xbf0] Entering ProcessGroupPolicyExFolderOptions()
2011-05-16 12:02:45.549 [pid=0x404,tid=0x180c] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}
2011-05-16 12:02:45.549 [pid=0x404,tid=0x180c] BackgroundPriorityLevel ( 0 )
2011-05-16 12:02:45.549 [pid=0x404,tid=0x180c] DisableRSoP ( 0 )
2011-05-16 12:02:45.549 [pid=0x404,tid=0x180c] LogLevel ( 2 )
2011-05-16 12:02:45.549 [pid=0x404,tid=0x180c] Command subsystem initialized. [SUCCEEDED(S_FALSE)]
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] Background priority set to 0 (Idle).
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] ----- Parameters
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] CSE GUID : {A3F3E39B-5D83-4940-B954-28315B82F0A8}
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] Flags : ( ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] ( X ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] ( ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] ( ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] ( ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] ( ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] ( ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] ( ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] ( ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] ( ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] Token (computer or user SID): S-1-5-21-1990051354-560935109-2448667075-1104
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] Abort Flag : Yes (0x00423f38)
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] HKey Root : Yes (0x000001e0)
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] Deleted GPO List : No
2011-05-16 12:02:45.580 [pid=0x404,tid=0x180c] Changed GPO List : Yes
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] Asynchronous Processing : Yes
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] Status Callback : No (0x00000000)
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] WMI namespace : Yes (0x01f8309c)
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] RSoP Status : Yes (0x011cfcd8)
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] Planning Mode Site : (none)
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] Computer Target : No (0x00000000)
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] User Target : No (0x00000000)
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] Calculated list relevance. [SUCCEEDED(S_FALSE)]
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] ----- Changed - 0
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] ( X ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] Options (raw) : 0x00000002
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] Version : 983055 (0x000f000f)
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] GPC : LDAP://CN=User,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=testad,DC=com
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] GPT : \\testad.com\sysvol\testad.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\User
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] GPO Display Name : Default Domain Policy
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] GPO Name : {31B2F340-016D-11D2-945F-00C04FB984F9}
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] GPO Link : ( ) GPLinkUnknown - No link information is available.
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] ( ) GPLinkSite - The GPO is linked to a site.
2011-05-16 12:02:45.596 [pid=0x404,tid=0x180c] ( X ) GPLinkDomain - The GPO is linked to a domain.
2011-05-16 12:02:45.611 [pid=0x404,tid=0x180c] ( ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
2011-05-16 12:02:45.611 [pid=0x404,tid=0x180c] ( ) GP Link Error
2011-05-16 12:02:45.611 [pid=0x404,tid=0x180c] lParam : 0x00000000
2011-05-16 12:02:45.611 [pid=0x404,tid=0x180c] Prev GPO : No
2011-05-16 12:02:45.611 [pid=0x404,tid=0x180c] Next GPO : No
2011-05-16 12:02:45.611 [pid=0x404,tid=0x180c] Extensions : [{00000000-0000-0000-0000-000000000000}{3BFAE46A-7F3A-467B-8CEA-6AA34DC71F53}][{25537BA6-77A8-11D2-9B6C-0000F8080861}{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}][{A3F3E39B-5D83-4940-B954-28315B82F0A8}{3BFAE46A-7F3A-467B-8CEA-6AA34DC71F53}]
2011-05-16 12:02:45.611 [pid=0x404,tid=0x180c] lParam2 : 0x027b08b4
2011-05-16 12:02:45.611 [pid=0x404,tid=0x180c] Link : LDAP://DC=testad,DC=com
2011-05-16 12:02:45.611 [pid=0x404,tid=0x180c] GPH : C:\ProgramData\Microsoft\Group Policy\History\{31B2F340-016D-11D2-945F-00C04FB984F9}\S-1-5-21-1990051354-560935109-2448667075-1104\Preferences\FolderOptions\FolderOptions.xml
2011-05-16 12:02:45.611 [pid=0x404,tid=0x180c] GPT : \\testad.com\sysvol\testad.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\User\Preferences\FolderOptions\FolderOptions.xml
2011-05-16 12:02:45.611 [pid=0x404,tid=0x180c] GPH data file : C:\ProgramData\Microsoft\Group Policy\History\{31B2F340-016D-11D2-945F-00C04FB984F9}\S-1-5-21-1990051354-560935109-2448667075-1104\Preferences\FolderOptions\FolderOptions.xml
2011-05-16 12:02:45.611 [pid=0x404,tid=0x180c] Completed parse of GPH XML. [ hr = 0x8007000d "The data is invalid." ]
2011-05-16 12:02:45.611 [pid=0x404,tid=0x180c] Completed remove GPH. [ hr = 0x8007000d "The data is invalid." ]
2011-05-16 12:02:45.611 [pid=0x404,tid=0xbf0] Leaving ProcessGroupPolicyExFolderOptions() returned 0x8007000d
보는 바와 같이 "0x8007000d" 오류가 남는 근처에 GPH data file의 경로가 남습니다.
C:\ProgramData\Microsoft\Group Policy\History\{31B2F340-016D-11D2-945F-00C04FB984F9}\S-1-5-21-1990051354-560935109-2448667075-1104\Preferences\FolderOptions\FolderOptions.xml
이제 끝이 보이는군요. ^^ "FolderOptions.xml" 파일을 삭제하고, 다시 gpupdate를 실행하면 이번에는 정상적으로 다음과 같이 실행되는 것을 확인할 수 있습니다.
C:\Windows\system32>gpupdate
Updating Policy...
User Policy update has completed successfully.
Computer Policy update has completed successfully.
물론, 이벤트 로그의 경고 및 에러 항목은 없어졌습니다.
[이 글에 대해서 여러분들과 의견을 공유하고 싶습니다. 틀리거나 미흡한 부분 또는 의문 사항이 있으시면 언제든 댓글 남겨주십시오.]