Group policy application errors

I recently encountered a server that was having problems applying group policy. I encountered the following errors:

Log: Application
Source: Group Policy Registry
Event ID: 8194
Message:The client-side extension could not remove user policy settings for 'GPONAME {n-n-n-n-n}' because it failed with error code '0x8007000d The data is invalid.' See trace file for more details.
Log: System
Source: GroupPolicy
Event ID: 1085
Message: Windows failed to apply the Group Policy Registry settings. Group Policy Registry settings might have its own log file. Please click on the "More information" link.

The More info link is useless -don’t waste your time. Also, it would appear there is no trace file. Searching for these errors on Google will get you suggestions about deleting GPOs on the Domain controller, but the thing is, I need this GPO.

To diagnose this issue, you will first need to enable Group Policy tracing. On the machine having the problems, open up the local group policy editor (run gpedit.msc) and browse to:

Computer Policy \ Administrative Templates \ System \ Group Policy \ Logging and tracing

This contains a list of all the Group Policy Modules / extensions. Select the one that matches the error message in the system event log. (In my case, it was Registry Policy Processing)
enable the policy, change Tracing to “On” and click Ok.

Now open an elevated (Run as Administrator) command prompt, and type gpupdate. This should get the errors to throw again, but this time it will write out a trace file.

You should be able to find that trace file in C:\ProgramData\GroupPolicy\Preference\Trace\User.log. Open it up and look for a line containing “The data is Invalid”. You should see something like the following:

GPH data file : C:\ProgramData\Microsoft\Group Policy\History\{...-...-...-...-...}\S-1-5-21-...-...-...-...\Preferences\Registry\Registry.xml
Completed parse of GPH XML. [ hr = 0x8007000d "The data is invalid." ]
Completed remove GPH. [ hr = 0x8007000d "The data is invalid." ]
Leaving ProcessGroupPolicyExRegistry() returned 0x8007000d

The filename after GPH data file is the corrupt file. Most likely is is an empty XML File. I just renamed the folder C:\ProgramData\Microsoft\Group Policy\History\{guid}\{sid} to be {sid}.bak.

(Note: you may need to change your folder options to be able to access the file)

Now run gpupdate again, and it should recreate the history file with the correct contents. Problem solved!

Finally, remember to disable the tracing.

6 thoughts on “Group policy application errors”

Si on April 21, 2011 at 7:34 am said:

I had this issue on a 2008 RODC and spent weeks trying to find the cause of the issue. Your solution worked perfectly. Thanks!

Reply ↓
Andreas Zuckerhut on June 10, 2011 at 5:24 am said:

Thanks for this detailed blog on troubleshooting that error.
Couldn’t find anything else that would help me solve this problem.

Reply ↓
Jason on July 15, 2011 at 11:49 am said:

It also worked for us to just delete everything under c:\programdata\Microsoft\Group Policy\History\* … then gpupdate /force. Much faster than trying to find the corrupt .xml file or whatever. 🙂

Reply ↓
Nancy on December 13, 2011 at 3:51 am said:

Hi Jason,
What causes this failure to occur?
Thanks,
Nancy

Reply ↓
Dirk on August 29, 2012 at 5:22 pm said:

Awesome stuff, fixed my problem on a 2008 DC. This was only DC with an issue, 7 others in same forest were fine. Strange but glad its gone for now.

Reply ↓
Linda on January 9, 2013 at 2:36 am said:

I had also looked all over the shop for the solution to this problem and your step by step instructions worked perfectly thank you

Reply ↓