Windows tip: How to troubleshoot Group Policy issues

Taking a systematic approach when troubleshooting problems is usually better than rolling dice or shooting in the dark. When something goes wrong with Group Policy processing and a client running Windows Vista or later doesn't receive the policy settings you expected it to receive, you can troubleshoot the issue by following these steps:

First, open Event Viewer using administrator credentials on your computer and expand the console tree to select Administrative Events, which is found under Custom Views. Look here for any policy processing failures that may have happened, and if you find such an event, select the General tab for the event and click the Event Log Online Help link and see what additional information doing this brings up. If this isn't sufficient to resolve your problem, proceed with the next step below.

Second, still in Event Viewer, select the Operational log found under Applications And Services Logs \ Microsoft \ Windows \ Group Policy. Locate a failure (error or warning) event and select it, switch to the Details tab for the event, select the XML View option, and locate the correlation ID for the event (see attached figure). This ID identifies the particular series of Group Policy processing events to which the selected event belongs.

Third, install GPLogView.exe (you can download this tool from here). Then open an admin-level command prompt, change the current directory to C:\Program Files\GroupPolicy Logview, and run the following command:

gplogview –a <activity ID>

This will filter the Group Policy Operational log for all events having the specified activity ID and display these events in order. Here's some sample output from running this command:

c:\Program Files\GroupPolicy Logview>gplogview -a 74591C96-57E0-44AB-B381-914730408E15
Processing events...
2008-11-20 14:06:10.536 4000 Starting computer boot policy processing for CONTOSO\ADMINISTRATOR1$.
                             Activity id: {74591C96-57E0-44AB-B381-914730408E15}

2008-11-20 14:06:10.546 5320 Attempting to retrieve the account information.
2008-11-20 14:06:10.546 4017 Making system call to get account information.

2008-11-20 14:06:14.031 7017 The system call to get account information completed.

                             The call failed after 3485 milliseconds.
2008-11-20 14:06:14.031 5320 Retrying to retrieve account information.
2008-11-20 14:06:14.532 4017 Making system call to get account information.

2008-11-20 14:06:17.105 7017 The system call to get account information completed.

                             The call failed after 2574 milliseconds.
2008-11-20 14:06:17.105 5320 Retrying to retrieve account information.
2008-11-20 14:06:17.606 4017 Making system call to get account information.

2008-11-20 14:06:20.210 7017 The system call to get account information completed.

                             The call failed after 2603 milliseconds.
2008-11-20 14:06:20.210 5320 Retrying to retrieve account information.
2008-11-20 14:06:20.711 4017 Making system call to get account information.

2008-11-20 14:06:23.344 7017 The system call to get account information completed.

                             The call failed after 2634 milliseconds.
2008-11-20 14:06:23.344 7320 Error: Retrieved account information. Error code 5.

2008-11-20 14:06:23.685 7000 Computer boot policy processing failed for CONTOSO\ADMINISTRATOR1$ in 13 seconds.
2008-11-20 14:06:23.595 1129 The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
Processed 16 records.

Finally, examine the output of your gplogview –a command and follow the step-by-step processing of policy and try to determine what may have caused the failure. From the above sequence of events, it looks like a network timeout may have occurred, so check if both your client computer and the domain controller are on the network by using ping and so on.

GPLogView is a cool troubleshooting tool—more on this next week.

Got comments concerning this tip? Want to share a tip of your own with ITWorld readers? Email me

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies