GPO Software Deployment Errors %%1274 and %%2

active-directory windows-server-2008-r2 windows-7 group-policy
8,618

So, after a very long time of getting this worked out, I found out there was several issues with my network. First, as @joeqwerty suggested there is an issue with STP on the switches. From my research I found that as soon as a port on a switch is refreshed (like a machine restart) the STP on it restarts and it can take up to 45 seconds to complete. In 45 seconds the machine will already be up but will have difficulty getting an IP address from the DHCP server and from there it just cascades into errors.

The solution is to enable PortFast on the switches which sets the ports to always forward and it avoids the whole STP discovery and assignment phase. I also ended up just turning off STP on each port on each switch that I know is a client or server machine. Not sure if really does anything over enabling PortFast, but it makes me feel better. Make sure NOT to disable STP on ports that connect to other switches, routers, gateways, etc.

Another issue was also the Windows Firewall. My GPOs disable the firewall altogether, but the service is still active. From my research I discovered that when the computer boots up there is a pseudo-firewall in place which is controlled by the service which blocks all traffic until Windows is completely initialized and the service is taken over and controlled by Windows. Disabling the service further improved network accessibility while the machine is booting up.

As a safe measure I've also updated the drivers on all client and server machines. I've also updated the NIC firmware on all the servers and switches. For an extra good measure I've also updated the BIOS on all machines as well.

As of right now, everything seems to be working fine. One last thing I was planning on experimenting with is Jumbo Frames. We'll see if that helps...

Share:
8,618

Related videos on Youtube

Gup3rSuR4c
Author by

Gup3rSuR4c

Updated on September 18, 2022

Comments

  • Gup3rSuR4c
    Gup3rSuR4c over 1 year

    We migrated servers over the weekend to a new domain controller which had GPOs setup to deploy software. All of our clients had their OS reloaded, so they're "fresh" and most of them did get the software installed, but some are refusing to install some software. I'm getting these errors:

    The assignment of application Adobe Reader XI from policy Adobe Reader failed. The error was : %%1274

    The removal of the assignment of application Adobe Reader XI from policy Adobe Reader failed. The error was : %%2

    It happens for Adobe Reader XI, LogMeIn and Google Chrome. It's also very random. I've read online and on SF that the issue is with the async deployment and I've already had the setting changed to wait for connectivity. In the event log I do see additional messages about not being able to contact the domain controller in time, so I'm assuming it's all related.

    It's like the setting to wait for connectivity is just being randomly applied. I've already restarted the file server, the clients and ran GPUPDATE several times, but it's not doing anything except telling me that it has to install software on next reboot, which never happens.

    Is there any other kind of troubleshooting I can do?

    Not sure if it matters, but the servers are all Windows Server 2008 R2 and the clients are all Windows 7. Clients are also a mix of 32 and 64 bit, if that makes any difference...

    • joeqwerty
      joeqwerty over 11 years
      1. net helpmsg 1274 = The group policy framework should call the extension in the synchronous foreground policy refresh (which you seem to already be aware of). 2. net helpmsg 2 = The system cannot find the file specified.
    • Gup3rSuR4c
      Gup3rSuR4c over 11 years
      Yes, 1274 says that, but the setting is already applied (and randomly ignored)... Code 2 is just it trying to cleanup something that was not applied anyway... Could network drivers be causing this?
    • joeqwerty
      joeqwerty over 11 years
      How did you address issue 1? Also, is portfast (or the equivalent) enabled on the client switchports?
  • Bigbio2002
    Bigbio2002 over 11 years
    Jumbo frames aren't typically used in normal PC/server network environments. It's more for things such as SAN hardware that runs over Ethernet, instead of fiber, where the network overhead of smaller frames would be too excessive.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

GPO not applying to Clients
Domain User Account Locks: Correct password used
Active Directory Allow User to Install Only
Why only one PC is not updating the GPO?
Local group policy not applying (gpresult says its empty, but it's not)
Group Policy for Computers not applying, can't find PDC?
Password Policy seems to be ignored for new Domain on Windows Server 2008 R2
Disable speakers on Windows client machines?
How to get additional Account Info tab in ADUC with Taskpads
How do you get around security warnings when redirecting AppData?