이벤트 로그 - User Policy could not be updated successfully
gpupdate /force 명령어 수행 시 다음과 같은 오류가 발생합니다.
C:\WINDOWS\system32>gpupdate /force
Updating policy...
Computer Policy update has completed successfully.
User Policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
이와 함께 이벤트 로그에 관련 항목이 기록됩니다.
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2017-11-23 오후 12:04:28
Event ID: 1110
Task Category: None
Level: Error
Keywords:
User: TESTAD\TestUser
Computer: TESTMAIN.TESTAD.com
Description:
The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1110</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2017-11-23T03:04:28.048164700Z" />
<EventRecordID>70550</EventRecordID>
<Correlation ActivityID="{17E672BE-0F2B-4DFD-99F6-D53F42876BFD}" />
<Execution ProcessID="1028" ThreadID="1352" />
<Channel>System</Channel>
<Computer>TESTMAIN.TESTAD.com</Computer>
<Security UserID="S-1-5-21-1990051354-560935109-2448667075-1104" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">2639</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">15</Data>
<Data Name="ErrorCode">1722</Data>
<Data Name="ErrorDescription">The RPC server is unavailable. </Data>
</EventData>
</Event>
gpresult를 실행해,
C:\WINDOWS\system32> GPRESULT /H GPReport.html
생성된 gpreport.html를 보면 다음과 같은 내용이 있습니다.
During last computer policy refresh on 2017-11-23 오후 12:33:32
Error: Computer determined to be not in a site. Error code 0x77F.
During last user policy refresh on 2017-11-23 오후 12:33:32
The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.
딱히 해결 방법을 못 찾다가 결국 다음의 글에 따라,
Event ID 1110 - Group Policy Preprocessing (Active Directory)
; https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc727342(v=ws.10)
Disjoin and join the computer to the domain. Then log on with the same user account that experienced the problem.
해당 컴퓨터를 AD로부터 분리한 후 다시 연결하는 것으로 해결했습니다. (그러고 보면 잘 해결되지 않는 AD 문제는 다시 연결하면 해결되는 경우가 종종 있습니다.)
참고로, 다음과 같이 실행할 때마다 경고가 뜰 수 있습니다.
C:\WINDOWS\system32> gpupdate /force
Updating policy...
Computer Policy update has completed successfully.
User Policy update has completed successfully.
The following warnings were encountered during user policy processing:
The Group Policy Client Side Extension Folder Redirection was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
For more detailed information, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
Certain user policies are enabled that can only run during logon.
OK to log off? (Y/N)
로그오프/온 이후에도 gpupdate /force를 수행하면 다시 동일하게 경고가 뜨며, gpreport.html에도 다음과 같은 정도의 메시지만 들어 있습니다.
Folder Redirection did not complete policy processing because the user needs to log on again for the settings to be applied. Group Policy will attempt to apply the settings at the user's next logon.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 2017-11-23 오후 1:51:33 and 2017-11-23 오후 1:51:34.
그런데 이 경고는 그냥 무시하면 됩니다.
The Group Policy Client Side Extension Folder Redirection Issue
; https://social.technet.microsoft.com/Forums/windowsserver/en-US/2ff78117-8d11-42b4-b5cd-07c1e3fab6d2/the-group-policy-client-side-extension-folder-redirection-issue?forum=winserverGP
위의 글에도 나오지만 원래 "Folder Redirection" 설정은 로그온 시에만 동기적으로 적용되는 정책이기 때문에 비동기 식으로 업데이트하는 gpupdate /force로 강제 설정을 하면 경고로 뜨는 것에 불과합니다. 즉, 어쨌든 로그온 시에 적용이 될 것이고 다시 gpupdate /force를 실행하면 그사이 또 바뀐 것에 대해 다음번 로그온 시에 적용하겠다는 경고일 뿐입니다.
[이 글에 대해서 여러분들과 의견을 공유하고 싶습니다. 틀리거나 미흡한 부분 또는 의문 사항이 있으시면 언제든 댓글 남겨주십시오.]