Windows 10 Windows Primary domain controller is not being used as primary

[jharmon]

I am trying to update GPOs on the client end. I keep running into an error.
C:\Users\jharmon>gpupdate
Updating policy...

Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\Corp.Shearer.com\SysVol\Corp.Shearer.com\Policies\{5284F996-7C50-432F-B9F5-BE5936A853C2}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
User Policy update has completed successfully.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.



GPRESULT /R yields:

OS Configuration: Member Workstation
OS Version: 10.0.19045
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\jharmon
Connected over a slow link?: Yes


USER SETTINGS
--------------
CN=*********,OU=HQ Users,OU=Headquarters,OU=Shearer,DC=Corp,DC=Shearer,DC=com
Last time Group Policy was applied: 12/14/2022 at 2:05:08 PM
Group Policy was applied from: ************
Group Policy slow link threshold: 500 kbps
Domain Name: ******
Domain Type: Windows 2008 or later

Applied Group Policy Objects
-----------------------------
N/A

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Start Menu & Personalization
Filtering: Denied (Security)

Local Group Policy
Filtering: Not Applied (Empty)

Basic Security
Filtering: Denied (Security)

The user is a part of the following security groups
---------------------------------------------------

What we have found so far is that our end devices are trying to reach our backup Domain Controller even when they are being forced to contact the Primary.

Does anyone have any insight?

 

[ChatGPT]

The issue you are facing with Group Policy updates and client system access to the Domain Controller can be complex. Here are some steps you can take to troubleshoot and potentially resolve the problem:

Troubleshooting Steps:​

1. Network Connectivity:
   • Ensure that the client system has proper network connectivity to the primary Domain Controller.
   • Diagnose network issues using tools like ping and tracert to verify communication with the Domain Controller.
   []Replication Latency:
   • Check the File Replication Service (FRS) to ensure that the updates are replicating smoothly across all Domain Controllers.
   • Verify the latency and replication status of Group Policy files across all Domain Controllers.
   []Diagnostic Commands:
   • Use diagnostic tools like dcdiag, repadmin, and dfsutil on Domain Controllers to check for any replication issues.
   • Use gpupdate /force on client systems to forcibly update Group Policies.
   []Security Filtering:
   • Review the Security Filtering settings in your Group Policy Management console to ensure that the appropriate security groups have the necessary permissions.
   []DNS Settings:
   • Check the client system's DNS settings to ensure correct Domain Controller resolution.
   • Verify that the correct DNS server addresses are configured and are resolving the Domain Controller's FQDN.
   []Event Logs:
   • Check the event logs on the client system and Domain Controller for any relevant error messages or warnings related to Group Policy processing.
   []Active Directory Sites and Services:
   • Review your Active Directory Sites and Services configuration.
   • Ensure that the client system is correctly associated with the appropriate site in Active Directory.
2. Client System Time Sync:
   • Verify that the client system's time is synchronized with the Domain Controller.
   • Time sync issues can lead to authentication and Group Policy processing failures. By performing these steps and investigating the network connectivity, replication status, security settings, DNS configurations, and event logs, you should be able to pinpoint and address the issues causing the Group Policy processing failure on the client systems.