当我在工作站上运行gpupdate时,出现以下错误。
Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). User Policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description. To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results. 运行gpresult /h给出The user does not have RSoP data
查看事件日志,我可以看到与gpupdate关联的错误代码49无效的凭证。 但是,当我使用ldp.exetestingldap绑定证书工作正常。
有没有人看过这样的问题? 我正在拉我的头发,试图弄清楚是怎么回事。
我能够自己解决这个问题。 事实certificate,本地计算机帐户caching了(正确)失败的错误凭证。 感谢@ greg-askew指向正确的方向。 对于任何人在这寻找一个解决scheme绊倒:
PsExec.exe -i -s cmd.exe (这将在本地计算机帐户上下文中打开另一个命令窗口)。 rundll32.exe keymgr.dll, KRShowKeyMgr (这将打开一个具有caching凭据列表的gui)。 从caching中删除凭证后,它立即再次开始工作。