VPN and Group Policy push

  • Thread starter Thread starter Terry
  • Start date Start date
T

Terry

Anyone

I have 5 centers that are connected to the corporate
office through a VPN (site to site)using T1 lines.
Corporate has approx 20 users. Each center has approx 10
users.

Users can log into the domain but the group policy is not
getting to the client computers. I have created
the "DisableDHCPMediaSensse" in the registry and no
change. I have check for the ports 88 and 445 for being
open on the VPN and LAN site and it is. I have tried to
ping the computers at each center using the command ping
192.168.0.1 -n 100 -l 2048 and I get a successful reply
with an ave time of 80ms. The computers have different
NICs. Intel, 3Com, etc...

Clients at the corporate sites recieve the Group Policies
fine. The only clients that don't receive the policy is
the ones through the Site to Site VPN.

I have set the slow link detection to force Group Policy
if a slow link is detected.

Client Error: Event ID 1054: Message: Windows cannot
obtin the domain controller name for your computer
network. (An unexpected network eror ocurred) Group
Policy processing aborted

My Question: Why wont group policy push down to the
clients?

Thank you in advance for your assistance.
 
One thing to check if you haven't already is whether your users are
connecting via cached credentials, i.e., logging onto the account and then
connecting via VPN? If so, Group Policy will not process.

Here is the description of this issue in the Group Policy Infrastructure
white paper:

Application of Group Policy During a Remote Access Connection
Group Policy is applied during a remote access connection as follows:

When using the Logon using dial-up connection check box on the logon prompt,
both User and Computer Group Policy is applied, provided the computer is a
member of the domain that the remote access server belongs to or trusts.
However, computer-based software installation settings are not processed.
This is because normally computer policy would have been processed before
the logon screen, but since no network connection is available until logon,
the application of computer policy is done as background refresh at the time
of logon.

When the logon is done with cached credentials, and then a remote access
connection is established, Group Policy is not applied during logon. For
example, if users connecting through a VPN connection are logging in via
cached credentials, folder redirection settings will not be processed,
because folder redirection policy can only be processed at user logon, not
in the background refresh.
 
Back
Top