gpupdate /force not working

[meanoldman]

I recently deployed a new printer to the Windows 7 computers on my network using GP and I thought all was well. The computers I looked at all had the new printer listed in the Devices and Printer and everything seemed to be working just fine. Then a couple people called and said they new printer wasn't showing up on their assigned computer. So I walked over to their desk and ran gpupdate /force and got the following result:

User policy could not be updated successfully. The following errors were encount
ered:

The processing of Group Policy failed. Windows could not obtain the name of a do
main controller. This could be caused by a name resolution failure. Verify your
Domain Name System (DNS) is configured and working correctly.
Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed. Windows could not obtain the name of a do
main controller. This could be caused by a name resolution failure. Verify your
Domain Name System (DNS) is configured and working correctly.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.

Methinks that is odd so I ipconfig /all and everything looks correct. I went to a DC and ran nslookup for a computer in question and it resolves correctly.

Then, on a computer that I know was updating if I ran gpupdate, now all of the sudden that computer fails as well. Any ideas?

[jeff_longley]

What happens from the Client when you run NSLookup?
Had a quick look in the event logs?

[MikeBY]

If the network checks out Ok as Jeff suggests, it could be that the machines are not registered properly with the domain. The event logs should point you in the right direction.

[meanoldman]

If I NSLookup the client's host name from the client computer the result is our PDC/DNS server returning the complete FQDN for the computer. If I do the same for the DC's host name or static IP, I also get correct results.

Event log shows Event ID 1054 when I attempt to gpupdate and it fails. The example below is with me logged in as the domain administrator. Same results as a standard user.

Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 6/21/2011 2:19:09 PM
Event ID: 1054
Task Category: None
Level: Error
Keywords:
User: DOMAIN\Administrator
Computer: PC1126P.DOMAIN.com
Description:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

The curious thing is, this isn't consistant. First, none of our XP computers have this problem. Second, on our Win7 computers it doesn't always fail. It's about 60-40 whether it will fail or not. And it doesn't seem to matter if I've just logged on, or if the computer has been sitting for several minutes or hours.

[MikeBY]

Any other errors in the event logs (even if they seem unrelated)?

[meanoldman]

No, not much else. I cleared the system log on one of the test systems yesterday to see what all would show up. The only thing that suggests any network hiccups is that the local computer can't find a network time server now and then. Oddly, I see successful and unsuccessful automatic GP refreshes listed.

[jeff_longley]

Random thought.... Is power saving enabled on the NIC's? Just wondering if they're "nodding off" and thus causing the betwork drop out? Have you got managed switches you can investigate?

[meanoldman]

I wondered if I had missed that too, but checked to make sure and found this was not the case. I try to disable that because the NIC turning off caused reconnection issues with mapped drives.

[jeff_longley]

Latest drivers for network card installed? as it seems to be only W7 machines, how do the GP logs look? can you cross reference them with the system logs? and find any matching events?

[meanoldman]

Latests drivers are installed. I've disabled LAN power saver in the BIOS, as well as the previously mentioned settings in Windows. I've flushed the routes, run netsh int ip reset, etc. to no avail. I still have to look at the GP logs on the server. Could network activity maybe cause this, being as it seems to be so unpredictable when it will fail or succeed?