The*_*man 4 active-directory ldap group-policy windows-server-2012-r2
当我在工作站上运行 gpupdate 时,出现以下错误。
Computer policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
User Policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
跑步gpresult /h给予The user does not have RSoP data
查看事件日志,我可以看到与 gpupdate 相关的错误代码 49 Invalid Credentials。但是,当我使用 ldp.exe 测试 ldap 绑定时,凭据工作正常。
有没有人看到过这样的问题?我正在拔头发试图弄清楚发生了什么。
我能够自己解决这个问题。事实证明,本地计算机帐户缓存了(正确)失败的错误凭据。感谢@greg-askew 为我指明了正确的方向。对于偶然发现此问题以寻找解决方案的任何人:
PsExec.exe -i -s cmd.exe(这将在本地计算机帐户上下文中打开另一个命令窗口)。rundll32.exe keymgr.dll, KRShowKeyMgr(这将打开一个带有缓存凭据列表的 gui)。从缓存中删除凭据后,它立即重新开始工作。
| 归档时间: |
|
| 查看次数: |
44312 次 |
| 最近记录: |