A Group Policy object is not applied as expected after you restart a Windows XP-based client computer or a Windows Server 2003-based computer (886516)


The information in this article applies to:

  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Media Center Edition
  • Microsoft Windows XP Tablet PC Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems

SYMPTOMS

When you restart your Microsoft Windows XP-based client computer or your Microsoft Windows Server 2003-based computer after you join a domain, a Group Policy object (GPO) may not be applied as expected.

CAUSE

This issue may occur if the client's computer system clock is set to a different time than the time that is set on the domain controller computer.

WORKAROUND

To work around this issue, use one of the following methods.

Method 1: Resync the computer before you restart

To make sure that the GPO is applied successfully when you restart the client computer, follow these steps before you restart the client computer:
  1. Click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type the following commands, and then press ENTER at the end of each command:

    w32tm /config /update

    w32tm /resync

    Note After you complete each command, you receive the following message:The command completed successfully.
  3. Type exit, and then press ENTER to quit the command prompt.
  4. Restart your client computer.

Method 2: Restart the client computer two times

To make sure that the GPO is applied successfully, restart your client computer two times after you first join the domain.

MORE INFORMATION

If you view the event log after this issue occurs, you find the following events: 
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1097
Date: <date>
Time: <time>
User: NT AUTHORITY\SYSTEM
Computer: <computer_name>
Description:
Windows cannot find the machine account, The clocks on the client and server machines are skewed.
For more information, see Help and Support Center at http://support.microsoft.com.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: <date>
Time: <time>
User: NT AUTHORITY\SYSTEM
Computer: <computer_name>
Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.
For more information, see Help and Support Center at http://support.microsoft.com.

USERENV.LOG (see attached)
++++++++++++++
GetGPOInfo: Entering...
USERENV(200.388) 21:31:06:674 GetMachineToken: AcceptSecurityContext failed with 0x80090324
USERENV(200.388) 21:31:06:694 GetGPOInfo: Failed to get the machine token with -2146893020
USERENV(200.388) 21:31:06:734 GetGPOInfo: Leaving with 0
USERENV(200.388) 21:31:06:734 GetGPOInfo: ********************************
USERENV(200.388) 21:31:06:744 ProcessGPOs: GetGPOInfo failed.
Modification Type:MajorLast Reviewed:9/22/2006
Keywords:kbtshoot kbprb KB886516 kbAudEndUser kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.