Forefront IT Services Ltd

Workstations are not picking up GPOS despite everything in AD being correct.

1.      Machine SIDs.  If machines had been ghosted/cloned and not given a new SID apps will not deploy.
Solution:  Ensure each machine has an unique SID.  Disjoin the machine from the domain, reboot,  apply a new SID, reboot,  then join to the domain again.  http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx

2.      STP (Spanning Tree Protocol).  This is a feature on some switches which when enabled on ports directly connected to workstations may stop apps from being deployed.  To find out if it’s enabled:  Open a command prompt on a suspect workstation.  Ping a node elsewhere on the network using the –t switch so you are getting an unlimited number of pings.  Disconnect the machine from the switch, wait 10 seconds or so, then plug it back in again.  How long does it take the machine to get a reply back from the node you are pinging?  It should be within 3 seconds of plugging the machine back into the network.  If it’s longer (20-30 seconds), then STP is enabled on this, and probably other ports.  It can be turned off by entering the management console of the switch.