Really weird one. A while ago we were being notified by SCOM (System Center Operations Manager) that one of our domain controllers had issues processing group policies. The event in the event log:

The actual error: The processing of Group Policy failed. Windows attempted to read the file \\contoso.com\sysvol\contoso.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

a) Name Resolution/Network Connectivity to the current domain controller.

b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).

c) The Distributed File System (DFS) client has been disabled.

First thing I checked was whether each of the domain controllers actually did have the gpt.ini file for that specific GPO:

PS C:\Users\thomas> Get-ADDomainController -filter * |% {gci \\$($_.name)\sysvol\contoso.com\ Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}}

This showed me that indeed all domain controllers had that file present. Somewhere online I found the following suggestion:

C:\Windows\system32>\\machine_with_management_tools_installed\c$\windows\system32\dfsutil.exe /spcflush

And that seemed to stop the error from returning. But after a few minutes I had a little “doh I saw this before moment”. The real cause (and solution) is to log off any old remote desktop sessions on that server which are left open for a considerate amount of time. So here’s a post for myself hoping this little knowledge bit will stick. So whilst the actual error might sound quit scary, there’s no real impact to your endusers or services.