I am working on a strange GPO issue I noticed with Windows 10 clients.
There is a GPO containing .cloudapp.net domain added to the 'Site to zone assignment list' setting in 'trusted sites zone' (value 2). While running a gpupdate /force I get this error:
The following warnings were encountered during user policy processing:Windows failed to apply the Internet Explorer Zonemapping settings. Internet Explorer Zonemapping settings might have its own log file. Please click on the "More information" link.For more detailed information, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
I have enabled debug logging on one of the problematic machine and found this in logs:
Line 3882: GPSVC(394.13d0) 10:26:40:749 ProcessGPOList: Extension Internet Explorer Zonemapping returned 0x57.Line 3883: GPSVC(394.13d0) 10:26:40:765 ProcessGPOList: Extension Internet Explorer Zonemapping doesn't support rsop loggingLine 3887: GPSVC(394.13d0) 10:26:40:765 ProcessGPOs(User): Extension Internet Explorer Zonemapping ProcessGroupPolicy failed, status 0x57.
0x57 points me to ERROR_INVALID_PARAMETER winerror.h error. If I change the domain name to *.cloudapp1.net, gpupdate /force works fine without any errors.
I can see *.cloudapp.net entry created in registry as well at following location:HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
However, there is no entry is created here for cloudapp.net domain:HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
gpsvc.log file entry:GPSVC(394.b50) 08:42:06:893 SetRegistryValue: *.cloudapp.net => 2 [OK]
If I change the domain name to .cloudapp1.net I can see entries on both of these locations:HKEYCURRENTUSER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cloudapp1.netHKEYCURRENTUSER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
I am still puzzled how GPO logging shows it as an invalid parameter error when it works fine if I add 1 as suffix.To eliminate the possibility of other setting messing up around, I created a brand new GPO with just 'site to zone assignment list' setting and *.cloudapp.net domain but clients still gets error.
Any help or pointers would be appreciated.
Thanks in advance.
GPO Issue with 'Site to zone assignment list'
- 518 Views
- Last Post 14 May 2016