Thursday, July 31, 2014

Machine domain group policy failed to apply

In this case, domain joined workstation with Windows 7 operating system was failing to register itself on new WSUS server. Settings for the new WSUS server were entered into domain GPO. I tried to refresh the settings with gpupdate /force. But, the command was failing to apply computer settings from domain GPO, with following error message:
Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
The output from Gpresult /h gpresult.html was showing failed status for Registry in component status:

 

Error event was logged into System event log with ID 1096 and same description:

The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.

So, all errors were pointing for local policy corruption.
Navigating to c:\windows\system32\GroupPolicy\Machine folder and renaming the registry.pol file into registry-pol.bakup (for example), and running the gpupdate /force again, has resulted the command to successfully complete and apply the computer and user policy settings. The workstation has received new settings for the WSUS server and successfully registered itself on this new WSUS server.

I was using the same method for resolution in my article The processing of Group Policy failed. Event ID 1096, and the reason for not applying the domain GPOs was again the local policy corruption.