Cannot access template. Error code = 3
One of our clients reported that newly created policies are not being applied on several member servers in a domain. I have run gpupdate /force command and checked logs on the server. I have discovered an error in applying group policy objects on the problematic server.
What is interesting, there was no error reported in applying Group Policy objects.
The error was:
Security policy cannot be propagated. Cannot access the template. Error code = 3. Along with this information, there was UNC path to the policy object that was not found on the DC.
After that, I have checked the path specified in the error, but I wasn’t able to access it as this policy was missing on that particular Domain Controller. When I have compared the same path on 2 different domain controllers I have found out that this “problematic” DC doesn’t have all the required policies in its SYSVOL folder. 2 policies were missing.
I have run repadmin /syncall command on the problematic DC in order to see if there are any issues in replication between domain controllers.
The replication went without errors, but the SYSVOL folder still wasn’t synched. In order to temporarily fix this problem, I had to change the Domain Controller this server was pointed to.
To Switch Domain Controller please do the following:
Run CMD on the server where group policy is not applying properly. Now type:
/Server:%Servername% /SC_RESET:%DomainName\DomainControllerName%
Change %Servername% and %DomainName\DomainControllerName% with your data, then run gpupdate /force again. The policy should be applied now and there should be no more errors in the event viewer regarding this issue.
Once I discover the source of the problem with this Domain Controller I will update the post.