# Windows Server 2008 r2 problems (GPO and DHCP)



## bobo666 (Jan 19, 2012)

I have set up a small network at work consisting of around 5 desktop computers, and 2 printers.

Yesterday my server seemed to be working fine, but then I installed a trail of Sophos and tried to deploy it on to the 5 computers. My server (IP:192.168.1.50) was set up with ADDS and every computer had joined the domain (192.168.1.50). I could deploy GPO's (I'm new to servers, so I just deployed wallpapers and printers for now, nothing complicated.), 

The only roles that my server has active are: ADDS, DNS, DHCP, File services and Print and Document Services.

But since I installed Sophos, things have changed and I can't figure out why.

The current things that my client computers can do are: Access the Internet, Remote connection to the server, Log into their roaming profiles, access shared folders on the server, and see other computers on the network. I still have GPO's active on my server, but they are not updating no matter what I try (cmd -> gpupdate /force).

I can't get my head around why GPO's are not updating. I am sure that it is something very simple, but I just can't figure out what it is. 

Another serious problem (which I think links to the GPO problem) is that before I installed Sophos I had my DHCP with a scope of 192.168.1.10 - 192.168.1.40. In that scope, I had 2 reservations of 192.168.1.35 and 36 which where for my printers on a static IP address. However, non of my client PC's would get the correct scope from DHCP (one PC is 192.168.1.169 and another is 192.168.1.163). If I set a static IP on the clients (lets say 192.168.1.20 - so it's within the scope), then my computer is not listed in DHCP as a leased IP address. 

Usually I would have my client computers network settings as: Get IP address automatically, and my DNS as 192.168.1.50 (plus my ISP's Alt DNS). 

I hope that this makes some sort of sense, I realise that I am rambling! Any help what so ever would be greatly appreciated, I am banging my head against walls here . 

Feel free to ask any questions regarding my server settings or client settings. 

Thanks for any help


----------



## Rockn (Jul 29, 2001)

Are these computers domain members, or have you joined them to the domain? Is Active Directory functioning properly? Have you set up OU's in AD and added computers to the OU you want policy applied to? Can you run the RSOP wizard against any computer/users and see if policy is applied?


----------



## bobo666 (Jan 19, 2012)

The computers are joined to the domain yes. When I manually joined them I got the message "Welcome to the domain.". 

I have no errors displayed in AD or DHCP - but I have a few best practice errors for the DNS. I have set up the OU's for my staff, but I had to deploy the GPO's domain wide because it wouldn't seem to update if it was in the OU for staff. 

This is interesting - when I just tried to run the RSOP wizard against a computer that is currently being used, I got the message 

"Failed to connect to Login\*client computer* due to the error below. 

The RPC server is unavailable."

Now I do have RPC running (and its dependencies) I think. Is this quite a simple problem to fix (ie restarting RPC service) or could it be due to a large number of different factors? I'm going to presume the latter...


----------



## bobo666 (Jan 19, 2012)

Also, I have just ran RSOP from the server on my OC's that I have made and filed the computers in. It is displaying that there is an error (it's a yellow ! ) and it is listing my wallpaper GPO under the users (where I wanted it). The current background for the clients is black, and when the user logs off the GPO wallpaper is displayed for a few seconds. 

I really don't understand why this sudden set of problems occurred and it is really doing my head in!


----------



## Rockn (Jul 29, 2001)

So is SOPHOS still part of the equation or have you removed it. If there is a firewall as a part of SOPHOS it may be denying access for the registry changes that a policy needs to perform. What version of Windows are your client computers?

You also stated that there were DHCP issues. Is there a possibility that there is more than one DHCP server on your network? There can only be one authorized DHCP server on your domain. And when you run IPCONFIG on the clients does the DNS server point back to your domain controller? If it doesn't this is your problem.


----------



## bobo666 (Jan 19, 2012)

Sophos has been completely removed from the server. There is a firewall that comes with Sophos, but since that isn't part of the equation anymore it shouldn't matter. Does RSOP have anything to do with any kind of registry edit on a client computer? There can't be more than one DHCP server on the network, as we only have one server! All my client computers are running Windows 7 Ultimate. 

When I run IPCONFIG on a client PC it states that my DNS is 192.168.1.50 (my server IP), and my alternative DNS is my ISPs. 

I have a horrible feeling that this is going to be a very tiny thing causing this, buried deep in some settings. Any ideas?

Thank you very much for your help.


----------



## Rockn (Jul 29, 2001)

Check the event logs on the server and the client computers. All RSOP does is check the registry on the client computer and puts it in a GUI so you can tell what has been applied, etc. 

If there is possibly a router on the network that has a DHCP server running can also cause issues.


----------



## bobo666 (Jan 19, 2012)

Ok so here is the update so far:

The router which my network is using had a DHCP enabled, so after disabling that my server DHCP started servicing clients again and assigning the correct IP address's. 

However, the computers will still not update GPO's on some computers. There is one computer in the network which IS infact updating GPO's on our accounts. On the computers which are not updating, I have left the domain and rejoined, I have ran GPUPDATE /FORCE on both the server and the clients - but still no look. 

I have managed to run RSOP aiming at one of the problem computers, and it didn't list that any GPO's where applied to it. So it is kind of like my client just isn't seeing where to update GPO's from, but the other computer is?

Thank you for your help so far, I really appreciate it!


----------



## Rockn (Jul 29, 2001)

Check the client side event logs. I ran into this the other day on an XP machine and it had something to do with cached profiles if I remember correctly.

It had to do with cached credentials. Delete any cached credentials and see if it works.


----------

