What to do if GPO updates are failing

Under some circumstances, Group Policy Object (GPO) updates from Windows 2012 domain controllers might fail, which leads to nothing being visible under the Central Access Policy Settings section of the output for the vserver cifs group-policy show-defined command. You should know how to correct this issue if it occurs.

Underlying cause Remedy

When ONTAP attempts to connect to the Windows 2012 domain controller to perform the GPO update, the connection might fail with the error error 0xc00000bd (NT STATUS_DUPLICATE_NAME).

This error occurs when the server name used to make the connection is different from the NetBIOS name of the CIFS server. There are various reasons this might occur, including the use of aliases. Additionally, ONTAP pads the NetBIOS name used when connecting to the domain controller to make the name length equal to 15 characters. This can make it appear that the CIFS server name and the NetBIOS name are different.

  1. Disable NetBIOS name checking on the Windows server by adding the following registry key with the value set to 1:

    "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\DisableStrictNameChecking"

    To learn more about this registry key, contact Microsoft Support.

    Microsoft Support

  2. Reboot the domain controller.