Situation: The client just configures Local Administrator Password Solution (LAPS) on their domain. It works for a while. Now, most domain computers don’t install LAPS and LAPS doesn’t change the administrator password.
Troubleshooting: 1. gpresult /R shows the LAPS policy has been applied to the computer.
Applied Group Policy Objects
—————————–
LAPS GPO
Default Domain Policy
Local Group Policy
2. The Event Viewer shows Event ID: 1112
The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
Resolution 1: Enable the Specify startup policy processing wait time
- On the Domain Controller, run Group Policy Management
2. Right click on the policy you want to modify, for example LAPS GPO in our example, click on Edit.
3. Navigate to:
Computer Configuration > Policies > Administrative Templates > System > Group Policy.
4. Enable the Specify startup policy processing wait time or Startup policy processing wait time. Set Amount of time to wait (in seconds): = 90 or more for a test.
Resolution 2: Enable Always wait for the network at computer startup and logon
- Repeat resolution 1 step 1 and 2.
- In a GPO that applies to that computer, add the following setting:
- Computer Settings
- Administrative Templates
- System
- Logon
- Always wait for the network at computer startup and logon – Enabled
3. Check Enabled
Resolution 3: Make sure the computer can access the LAPS software and have permissions. For example, you may assign everyone to access the LAPA shared folder for a test.
Resolution 4: And I just found another different cause of this error. If you have “Spanning Tree” configured on the ethernet switch connected to the problem workstation, it will delay activation of the switch port when the PC boots up. Disabling Spanning Tree for the switch port or enabling “Spanning Tree Portfast” for the switchport solved this problem on a few of my workstations.