Struggling with Group Policy Update Errors: “Windows Couldn’t Resolve the Computer Name”

By
Elli Mongillo
-
0
11
Asked By CuriousCaterpillar55 On

Hey folks, I'm really having a tough time with Group Policy issues across several machines in my domain. When trying to run `gpupdate /force`, I get an error that says the computer policy couldn't be updated successfully because "Windows couldn't resolve the computer name." I suspect it might be due to name resolution issues with the domain controller or perhaps Active Directory replication latency. Unfortunately, this also means that GPOs and group memberships aren't being applied to those machines. I've already checked the DNS settings, removed and rejoined machines to the domain, and verified access to `SYSVOL` and `NETLOGON`. Network connectivity seems fine too. The only workaround that seems to work temporarily is formatting the PCs and rejoining them, but that's not really manageable. I'm out of ideas and could really use any advice on what to check next. Thanks!

4 Answers

Answered By TechSavvyTiger99 On

It sounds like a DNS issue to me. You mentioned you've checked things client-side, but did you look at the logs on your DNS server? A good test would be to run `nslookup` from both working and affected machines to see if they resolve to the same IPs. Sometimes discrepancies can point you in the right direction. Are you using multiple AD servers? If they’re out of sync, it could also cause these issues.

Answered By ProblemSolverPenguin42 On

Have you tried running `Test-ComputerSecureChannel`? That could help diagnose if the machine trusts the domain controller properly. Also, check the event logs from your domain controllers and ensure the time is in sync across devices. Sometimes, time issues can mess with Kerberos authentication, which is key for AD.

Answered By NetworkNinja88 On

Definitely keep an eye on DNS. Make sure your domain computers are using only the DCs for DNS resolution. It's ideal to avoid public DNS to prevent issues like this. I get that remote access can complicate things, but if you have to stick with public DNS for remote users, just be aware of how that might affect domain joins.

Answered By GPOGuru27 On

Check to see if this issue is consistent across all machines or just a select few. It could help narrow things down. If your FSMO roles are on a DC that’s misconfigured or down, it could lead to widespread issues with authentication and GPO application. Also, run a network trace with tools like Wireshark during the `gpupdate` to pinpoint where it's failing.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.