Computer Configuration \ <policies> \ Administrative Templates \ System \ Remote Procedure Call
Restrictions for unauthenticated RPC clients
RPC endpoint mapper client authentication
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc
RestrictRemoteClients
EnableAuthEpResolution
GPUPDATE /FORCE returns:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results .
The System Event log returns errors 1053 and 1055 for group policy:
The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
The Group Policy Operational event log will show error 7320:
Error: retrieved account information. Error code 0x5.
Error: Failed to register for connectivity notification. Error code 0x32.
Repadmin.exe returns:
DsBindWithCred to RPC <servername> failed with status 5 (0x5)
DSSites.msc returns:
Directory Service event log returns:
Warning 1655:
Active Directory Domain Services attempted to communicate with the following global catalog and the attempts were unsuccessful.
Global catalog:
\\somedc.cohowineyard.com
The operation in progress might be unable to continue. Active Directory Domain Services will use the domain controller locator to try to find an available global catalog server.
Additional Data
Error value:
5 Access is denied.
Error 1126:
Active Directory Domain Services was unable to establish a connection with the global catalog.
Additional Data
Error value:
1355 The specified domain either does not exist or could not be contacted.
Internal ID:
3200e7b
Warning 2092:
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role. Operations which require contacting a FSMO operation master will fail until this condition is corrected.
Changing the primary domain DNS name of this computer to "" failed.
The name will remain "<something>".
The error was:
Access is denied
After failed join above, rebooting computer and attempting a domain logon fails with error:
The security database on the server does not have a computer account for this workstation trust relationship.
Win32: Access is denied.
You do not have sufficient permissions to complete the operation
You do not have access rights to logical disk manager
Either the machine does not exist or you don't have permission to access this machine
Domain Controller is unreachable
Cannot access the local WMI repository
Cannot connect to reporting DCOM server
DFSR Event log error 1202:
The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
error: 160 (one or more arguments are not correct)
"Unable to connect to the Primary DC's AD. Please make sure that the PDC is reachable and retry the command later"
Could not bind to a Domain Controller. Will try again at next polling cycle.
You do not have the correct permissions to open the Windows Firewall with Advanced Security Console.
Error code: 0x5
Connection to the Virtual Disk Service failed. A VDS (Virtual Disk Service) error occurred while performing the requested operation.
Access is denied.
The Windows Server Backup engine is not accessible on the computer that you want to manage backups on. Make sure you are a member of the Administrators or Backup Operators group on that computer.
Access is Denied
Note how the client (10.90.0.94) attempts to bind to the EPM on a DC (10.90.0.101) and gets rejected with status 0x5 (Access is Denied).
Depending on the calling application - in this case, the Group Policy service running on a Win7 client that is trying to refresh policy - it may continue to try binding many times before giving up. Again, the DC responds with the unhelpful error "REASON_NOT_SPECIFIED" and keeps rejecting the GP service.
For comparison, a normal working EPM bind of the GP service looks like this:
1. You must delete or unlink the whole policy that includes this RPC setting:
2. Delete or rename this specific policy's GUID folder from each DCs SYSVOL folders (remember, file replication is not working so it must be done on all individual servers).
3. Manually visit all DCs and delete the RestrictRemoteClients registry setting.
4. Reboot all DCs to get your domain back in operation. Not all at once, of course!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.