I encountered a strange problem when applying new GPO settings on one of the computers. To diagnose the problem, I updated GPO settings manually using the gpupdate /force
command and saw the following error in the console:
Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
At the same time, an event with the EventID 1096 and the same description (The processing of Group Policy failed) appeared in the System event log:
Log Name: System Source: Microsoft-Windows-GroupPolicy Event ID: 1096 Level: Error User: SYSTEM
If you try to diagnose the GPO applying issue with the gpresult command (gpresult.exe /h c:\tempt\gpresultreport.html
), you can see that only Group Policy Registry settings are not applied (Group Policy Registry — Failed
):
Registry failed due to the following error listed below. Additional information may have been logged. Review the Policy Events tab in the console or the application event log.
This means that only Group Policy Objects with CSE (client-side extension) settings that manage registry keys through GPO are not applied to the client computer.
The Registry client-side extension could not read the registry.pol file. Most likely the file is corrupted (we recommend checking the file system for errors using chkdsk
). To re-create this file, go to c:\Windows\System32\GroupPolicy\Machine, and rename it to registry.bak.
You can rename the file from the elevated command prompt:
cd "C:\Windows\System32\GroupPolicy\Machine"
ren registry.pol registry.bak
Update the group policy settings on a computer using the command:
gpupdate /force
Windows will re-create the registry.pol file (local GPO settings will be reset) and successfully apply all GPO settings.
If you see the Event ID 1096 (The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LDAP://
) with the ErrorCode 13 and “The data is invalid
” description, this means that the error is related to the domain GPO mentioned in the error details.
Copy the policy GUID and find the GPO name using the PowerShell command below:
Get-GPO -Guid 19022120-0250-407E-EB99-8438B6BB06C7
- Open the Domain Group Policy Management console (
gpmc.msc
) and make sure that the Group Policy object exists; - Check that there are registry.pol and gpt.ini files in the SYSVOL folder on DC and you can read them (check the NTFS permissions);
- Make sure that the GPO version is the same on all domain controllers (check that the domain and AD replication work correctly);
- Delete GPO files from the SYSVOL folder on your domain controller the client gets GPO from (get your current logonserver:
$env:LOGONSERVER
) and wait until it is replicated from the neighboring DC; - If the previous methods don’t help, re-create the GPO, or restore it from a backup.
1 comment
What a legend!!!! I was stuck with some devices not enrolling in Intune after we applied the MDM enable policy.
I was resetting the devices initially and now I found out there are 40 devices not enrolled.
I used this guide to fix the GPO issue and the device enrolled instantly.
I will try this on the other devices now.