AD group policy update throwing error

amazon-web-services active-directory windows-server-2012 amazon-ec2 group-policy

So, the entire environment is in AWS. I have 2 VPC's A and B - A has AD in it, and B has multiple domain joined servers. The domain joining and other AD connections work across VPC peering. I can login using domain admin to the VPC B servers (though there's a little lag) successfully. Within the AD, I have added all the users to remote desktop users group, but the other domain users can login to a server only if their domain credentials are added in the local server remote desktop users group. I know this is not the correct way. When I check the rsop, I see that the domain group policy is being inherited, but when I try to update group policy (gpupdate, there comes the error:

Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

User Policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Can someone help me understand what's the issue here.? Any help would really be appreciated.


Solution 1:

Within the AD, I have added all the users to remote desktop users group, but the other domain users can login to a server only if their domain credentials are added in the local server remote desktop users group. I know this is not the correct way.

That actually is the correct way. Membership in the domain Remote Desktop Users group grants the ability to log onto Domain Controllers via Remote Desktop Services. This domain group does not grant the ability to log on to domain members via Remote Desktop Services.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc756898(v=ws.10)

As for your Group Policy processing problem, what are the domain members using for DNS (in the TCP/IPv4 properties of the NIC)? What is the Domain Controller using for DNS (in the TCP/IPv4 properties of the NIC)?

Related

How to get an specific header value from the HttpResponseMessage
Apache Redirect with OR Operator
How to restrict Cassandra to use fixed memory
std::shared_ptr thread safety
How does impala provide faster query response compared to hive
How to read user input until EOF?
Go checking for the type of a custom Error
Stream of boolean values, is any true?
Expected Android API level 21+ but was 30
How can I track/observe all changes within a subgraph?
Rails: Internationalization of Javascript Strings?
Linux command-line call not returning what it should from os.system?