add-circle-bold add-circle add-square add alarm-bell-1 alert-diamond analytics-pie-2 archive archive arrow-down-1 arrow-down-2 arrow-left-1 arrow-right-1 arrow-up-1 attachment-1 bin-paper-1 book-star button-record check-1 check-circle-1 close close-quote close cog-1 cog common-file-stack copy-paste credit-card-1 diagram-fall-down disable time-clock-midnight download-thick-bottom drawer-send envelope-letter envelope-letter expand-6 expand-6 file-code filter-1 floppy-disk flying-insect-honey folder-file-1 headphones-customer-support hierarchy-9 hyperlink-2 information-circle keyboard-arrow-down keyboard-arrow-up layout-module-1 list-bullets lock-2 lock-unlock-1 love-it messages-bubble-square move-to-top multiple-circle multiple-neutral-1 multiple-users-1 navigation-menu-horizontal navigation-menu network-browser open-quote pencil-1 pencil-write pencil-1 print-text rating-star rating-star remove-circle remove-square-1 search send-email-1 shield-warning single-neutral-actions single-neutral smiley-sad-1 smiley-unhappy smiley-indifferent smiley-smile-1_1 smiley-happy smiley-sad-1 smiley-unhappy smiley-indifferent smiley-happy smiley-thrilled social-media-twitter synchronize-arrows-1 tags-double ticket-1 ticket-1 time-clock-circle undo view-1 view-off view wench
Internal Documentation
Customer Portal
All Categories / Webroot Notes / Windows 7 Clients intermittently fail to apply group policy at startup

Windows 7 Clients intermittently fail to apply group policy at startup

Applies to: Windows 7 EnterpriseWindows 7 Home BasicWindows 7 Home Premium More 

 
 

Symptoms 

 
 

Windows 7 clients intermittently fail group policy processing at startup or reboot. The following events are logged in the System event log: 

 

Error 9/9/2010 2:43:29 PM NETLOGON 5719 Error 9/9/2010 2:43:31 PM GroupPolicy 1055  

Cause 

 
 

The behavior is caused by a race condition between network initialization, locating a Domain Controller and processing Group Policy. If the network is not available, a Domain Controller will not be located, and Group Policy processing will fail. Once the operating system has loaded and a network link is negotiated and established, background refresh of Group Policy will succeed. 

 

The following sequence of events reflect the condition: 

 

Information        8/9/2010 2:42:11 PM       EventLog             6006       indicates system shutdown 

Information        8/9/2010 2:43:10 PM       e1kexpress           33         indicates that your network connection link has been established with <speed/duplex> 

Information        8/9/2010 2:43:20 PM       EventLog             6005       indicates event log service has started  

Information        8/9/2010 2:43:25 PM       Dhcp-Client          50036      indicates dhcp client service has started 

Error              8/9/2010 2:43:29 PM       NETLOGON             5719       indicates netlogon unable to reach any of the domain controllers 

Error              8/9/2010 2:43:31 PM       GroupPolicy          1055       indicates group policy processing failed  

Information        8/9/2010 2:59:07 PM       GroupPolicy          1503       indicates group policy processing succeeded  

This can be confirmed via the netlogon logs as well: 

 

8/09 14:43:29 [SESSION] \Device\NetBT_Tcpip_{53267BA1-EB8C-4348-BD81-41C3FF162EE9}: Transport Added (169.254.214.170) 08/09 14:43:29 [SESSION] Winsock Addrs: 169.254.214.170 (1) Address changed. 8/09 14:43:29 [CRITICAL] NetpDcGetDcNext: _ldap._tcp.dc._msdcs.contoso.com.: Cannot Query DNS. 1460 0x5b4 08/09 14:43:29 [CRITICAL] NetpDcGetNameIp: contoso.com.: No data returned from DnsQuery. 08/09 14:43:29 [CRITICAL] DBG: NlDiscoverDc: Cannot find DC. 08/09 14:43:29 [CRITICAL] DBG: NlSessionSetup: Session setup: cannot pick trusted DC 08/09 14:43:29 [SESSION] DBG: NlSetStatusClientSession: Set connection status to c000005e 08/09 14:43:29 [SESSION] DBG: NlSessionSetup: Session setup Failed  

 

Resolution 

 
 

To workaround the issue, you can set a registry value to delay the application of Group Policy: 

 

1.  Click Start , click Run , type regedit , and then click OK .   

 

2.  Expand the following subkey:  

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon  

3.  Right-click Winlogon , point to New , and then click DWORD Value .   

 

4.  To name the new entry, type GpNetworkStartTimeoutPolicyValue , and then press ENTER.   

 

5.  Right-click GpNetworkStartTimeoutPolicyValue , and then click Modify .   

 

6.  Under Base , click Decimal .   

 

7.  In the Value data box, type 60 , and then click OK .   

 

8.  Quit Registry Editor, and then restart the computer.   

 

9.  If the Group Policy startup script does not run, increase the value of the GpNetworkStartTimeoutPolicyValue registry entry.   

 

 

More Information 

 
 

The value specified should be sufficiently long enough to ensure that the connection is made. During the timeout period, Windows will check the connection status every two seconds and will continue with system startup as soon as the connection is confirmed. Therefore, erring on the high side is recommended. But be advised, if the system is legitimately disconnected (i.e., disconnected network cable, off-line server, etc), Windows will stall for the entire timeout period. 

 

This can also be defined via a group policy: 

 

Policy Location: Computer Configuration > Policies > Admin Templates > System > Group Policy 

Setting Name: Startup policy processing wait time 

Registry Key: HKLM\Software\Policies\Microsoft\Windows\System!GpNetworkStartTimeoutPolicyValue 

 

If you define the Group policy setting, then it would override the manual setting. However, if neither manual or group policy setting has been defined then the value is picked from the following registry location: 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History 

 

Since there is no time out period defined, the system now uses its own algorithm to calculate and arrive at an Average time out period and this value is stored in the above registry location. This could vary system to system and depends on various factors like previous login attempts.  

 

(Note: The Group Policy description for “Startup Policy processing wait time” is not verbose and doesn’t cover all scenarios. Just because we don’t have the policy configured currently doesn’t mean that we are going to use a default time out value of 30 seconds.) 

 
Last Updated: Oct 26, 2017 

 

From <https://support.microsoft.com/en-us/help/2421599/windows-7-clients-intermittently-fail-to-apply-group-policy-at-startup 
Internal Documentation
Customer Support Knowledge Base Software By SupportBee