Errors after Domain Services Functional Level raised to AD 2012

  • 7022355
  • 20-Nov-2017
  • 21-Jun-2018

Environment

  • Open Enterprise Server 2015 (OES 2015) Linux Support Pack 1
    • OES 2015 SP1 May 2017 Hot Patch
  • Domain Services for Windows (DSfW)

Situation

  • Applied fix for Group Policy Update Failure before running Domain Functional Level Upgrade (domainUpgrade.pl)
    1. Procedure followed per OES 2015 SP1: Domain Services for Windows Administration Guide -> Troubleshooting -> Group Policy Update failure on Windows 10 
      or
    2. Script obtained and applied per TID 7021894 Additional Information
  • Group Policy Errors
  • gpupdate /force returns errors
    • Policy could not be updated successfully
    • The processing of Group Policy failed
    • Windows could not resolve the user name
    • Name Resolution failure on the current domain controller
    • Active Directory Replication latency (an account created on another domain controller has not replicated to the current domain controller)
  • Login Script Errors
    • Permission denied
      Code 800A0046
      Microsoft VBScript runtime error
  • Miscellaneous errors and incorrect behaviour
  • DCERPC Errors

Resolution

Re-run the fix for Group Policy Update Failure (Item 1 or 2 in Situation, above) after running the Domain Functional Level Upgrade (domainUpgrade.pl). Reboot the DSfW server.

Cause

The case of parameters passed to setpassword was inconsistent.

Status

Reported to Engineering

Additional Information

The resolution to this problem is applicable only when the set of symptoms are seen following the Group Policy Update Failure fix and then a Domain Functional Level Upgrade to AD 2012.  

In Summary
  • DSfW Domain at Functional Level AD 2003 (default)
  • Errors experienced per TID 7021894
  • Fix applied per TID 7021894
  • DSfW Domain Functional Level upgraded to AD 2012 (domainUpgrade.pl)
  • Errors experienced per Situation section of this TID
  • Re-run the fix per TID 7021894