3.5 Example 5: Administrative Tool Cannot Connect to a Group Policy Server

The examples in this section describe message sequences that occur during the policy administration process that end in failure as a result of a lost connection with the Group Policy server or a remotely-located Group Policy file share. These two scenarios are illustrated:

  • Failure to contact Active Directory

  • Failure to contact the Group Policy file share

The examples in this section map to the use case specified in Administering Group Policy (section 2.5.3).

Prerequisites

The following prerequisites apply to the examples in this section:

Note that the Group Policy server (DC) discovery and connection sequence for the Group Policy client and Administrative tool are identical.

  • The Administrative tool has read/write access to the Group Policy server.

  • For the failure to contact the Group Policy file share scenario, it is assumed that the Group Policy file share resides on the Group Policy server.

Initial System State

The initial state of the Group Policy protocols corresponds to the previously specified prerequisites.

Final System State

The state of the Group Policy protocols and components after execution of each example in this section can be described as follows:

  • The state of the Group Policy protocols and components is unchanged.

Sequence of events for Active Directory Connection Failure

The following diagram shows the message sequence that occurs when the Administrative tool is unable to connect with Active Directory.

Administrative tool cannot connect with Active Directory

Figure 15: Administrative tool cannot connect with Active Directory

The message sequence for this example is described as follows:

  1. The Administrative tool attempts to locate the Group Policy server in the domain by the steps described in [MS-ADOD] section 3.1.1.

  2. The Group Policy server information for the domain is returned.

  3. The Administrative tool sends an LDAP query to Active Directory to retrieve GPO information, as described in [MS-GPOL] sections 2.2.2, 2.2.3, and 2.2.4.

  4. The Administrative tool fails to receive a response from the Group Policy server within a specified time-out interval.

Sequence of events for Group Policy file share Connection Failure

The following diagram shows the message sequence that occurs when the Administrative tool fails to connect with the Group Policy file share.

Administrative tool cannot connect with the Group Policy file share

Figure 16: Administrative tool cannot connect with the Group Policy file share

The message sequence for this example is described as follows:

  1. The Administrative tool attempts to locate the Group Policy server in the domain by following the steps described in [MS-ADOD] section 3.1.1.

  2. The Group Policy server information for the domain is returned.

  3. The Administrative tool sends an LDAP query to Active Directory to request GPO information, as described in [MS-GPOL] sections 2.2.2, 2.2.3, 2.2.4, 2.2.5, and 2.2.7.

  4. The Administrative tool receives responses ([MS-GPOL] sections 2.2.2, 2.2.3, 2.2.4, 2.2.5, and 2.2.7) from the Group Policy server within a specified time-out interval.

  5. The Administrative tool requests information from the Group Policy file share on the Group Policy server, in a manner that is similar to the process described in section 2.1.3.1.7.

  6. The Administrative tool does not receive a response from the Group Policy server within a specified time-out interval.