Tuesday, August 6, 2019

windows server 2008 r2 - Group Policy installation failed error %%1274



OK, I have a really tough one I've already spent all morning on.



PC is a Win7 64 with SP1 and all MS Patches
Usual error everyone is familiar with:

The assignment of application Adobe Reader X MUI from policy Software Install failed. The error was : %%1274



Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274




  1. gpupdate /force /boot

  2. Done: Always wait for the network at computer startup and logon = Enabled

  3. Done: Startup policy processing wait time = 30, 120

  4. Done: Updated network card drivers

  5. Done: Deleted HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Group Policy


  6. Done: GPO permissions check: Authenticated Users have Read access

  7. Done: Share permissions check: Everyone has Full access

  8. Done: Folder permissions check: Authenticated Users have Read and
    Execute permissions

  9. Done: File Permissions check: Inherited

  10. Done: PSExec -i -s cmd.exe to make sure I have access to the network
    files

  11. Done: PSExec -i -s cmd.exe + re-run explorer.exe and manually start
    the MSIs works fine (they install)

  12. Done: I've had instances where a network share with a space in it

    didn't work, so I've added a Share name without a space but the
    installer still fails on that package (and all the others).



I've seen this happen with some WiFi cards, but this computer is using Ethernet.



Is there a way of seeing the MSIExec logs to see exactly what transpired?



As an aside, while all the old Group Policy settings have applied, some IE10 settings I added recently are also refusing to apply.


Answer




Oh dear. It took me the whole day, but I found this Windows 7 SP1 bug:
http://support.microsoft.com/kb/2459530



DHCP doesn't get an address on first request because the Windows Boot Firewall rejects the DHCP answer before the Windows Firewall has loaded and replaced it, and allows DHCP answers. In the mean time GP fails to process in that gap.



Ended up it is affecting all GP deployment on this domain (small domain).



MS, I want a refund for my time.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...