Incorrect AutoConfigURL always returned via Default Domain Policy

Kane 71 Reputation points
2021-03-31T22:08:09.927+00:00

Hello;

I was using the Default Domain Policy to deploy a registry key for AutoConfigURL setting, since two months ago, I have changed a new URL for AutoConfigURL but apparently; the new URL did not apply properly.

I tried to delete the Registry entry created by Default Domain Policy and using a policy called GPO-Apps for the new Registry key in "User Configuration | Preferences | Windows Settings | Registry", but the old AutoConfigURL always shows when I run gpresult /h report.htm

It said, the Default Domain Policy win the policy

AutoconfigURLhide
Winning GPO Default Domain Policy
Result: Success
Generalhide
Action Replace
Properties
Hive HKEY_CURRENT_USER
Key path Software\Microsoft\Windows\CurrentVersion\Internet Settings
Value name AutoconfigURL
Value type REG_SZ
Value data http://pac.company.com/d49fc30a-ce8a-425d-bf61-3a4cc13c81e8/proxy.pac

Actually, the Value data shown here is old.

I went through the entire GPO but none of the setting is using my old AutoConfigURL setting, I doubt if something not written to Windows properly, so eventhough I saw the setting in GPO user interface is correct, but somewhere is not updated.

Also; I always got the version mismatch issue. I tried to apply the hotfix Windows Server 2012 R2 (KB2919394) but no help.

Default Domain Policy AD / SYSVOL Version Mismatch,Enforced
GPO-Apps AD / SYSVOL Version Mismatch

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,639 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Fan Fan 15,281 Reputation points Microsoft Vendor
    2021-04-01T05:00:36.677+00:00

    Hi,

    When you said " delete the Registry entry created by Default Domain Policy" ,how did you to delete the Registry entry ?
    Did you clear the Registry entry on the GPO settings or on the clients?

    You may try to remove the Registry entry on the Default Domain Policy and then configure the new GPOs for the new URL
    Or just reset the url on the Default Domain Policy GPO and try to check the result.

    If you had already removed the registry settings from the Default Domain Policy, but the old settings still apply to the users,
    you may try to confirm the replication between DCs.

    Best Regards,

    0 comments No comments

  2. Kane 71 Reputation points
    2021-04-01T19:01:02.383+00:00

    thank you for your reply.

    Yes, I found the registry key that contain the wrong setting and delete it.

    Actualy, now I found the root cause why the old AutoConfigURL keep coming back, it was caused by the \company.com\SYSVOL not replicated from DC1 to DC2. When I update the GPO through GUI, the new update applies to the \company.com\SYSVOL on DC1 but not replicated to DC2 which means I got the replication issue which I need to address.

    I digged into and compared the registry file of policies on DC1 and DC2, I found that the file in DC2 keep the old GPO.

    However; I manually copy all files and folders in \company.com\SYSVOL\company.com\Policies from DC1 to DC2. I do not see the old AutoConfigURL comes back.

    I believed that when I logged on to DC, if the logon requested picked by DC2, DC2 will delivery those GPO from its \company.com\SYSVOL\company.com\Policies folders that why the incorrect records keeps coming back.

    Anyway, the issue of Incorrect AutoConfigURL is fixed by manual.

    0 comments No comments

  3. Fan Fan 15,281 Reputation points Microsoft Vendor
    2021-04-02T05:44:26.107+00:00

    Hi,
    Glad to hear that the issue was fixed.

    As mentioned above, the replication issue caused the gpo refresh issue.
    Although copy the file may resolve the issue for this GPO, but the new GPO created in the future will have the same issue too.
    I would suggest you to confirm the ad replication and sysvol replication .
    To confirm the replication, you can use the following command :
    Repadmin /showrepl >C:\repl.txt
    Repadmin /showreps *
    if the ad replication is good, only the sysvol replication have problems ,you can consider a n-authoritative synchronization (for dfsr replicaiton) or D2(for frs replication) on the problematic DC.
    Following link for your reference:
    How to force authoritative and non-authoritative synchronization for DFSR-replicated sysvol replication
    https://learn.microsoft.com/en-US/troubleshoot/windows-server/group-policy/force-authoritative-non-authoritative-synchronization

    Use the BurFlags registry key to reinitialize File Replication Service
    https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/use-burflags-to-reinitialize-frs

    Best Regards,

    0 comments No comments