Problem: GPO Processing Errors (Event ID 1129) and Version Conflicts between AD and SYSVOL

Knowledge Base Community
, , , , ,
1

GPO Processing Errors (Event ID 1129) and Version Conflicts between AD and SYSVOL

Problem

During a review of Group Policy Objects (GPOs) on a Windows client using gpresult, errors were detected for two GPOs. The question arises: what is the root cause of these errors and how can they be resolved?

Investigation

An initial assumption was that the issue might be related to network connectivity problems between the Windows client and the domain controller. However, the XML event log alone does not clearly indicate whether the root cause lies on the Windows client side or the Samba/Domain Controller side.

Observed Event (XML)

The following event was recorded on the affected client:

Event ID: 1129
Source: Microsoft-Windows-GroupPolicy
ErrorCode: 1222
ErrorDescription: Das Netzwerk ist nicht vorhanden oder wurde nicht gestartet.

This indicates that Group Policy processing failed due to missing network connectivity to a domain controller. The message suggests that this condition may be temporary and that successful processing will occur once connectivity is restored.

Full output from the XML File:

XML Ereignis: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-GroupPolicy' Guid='{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}'/><EventID>1129</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2026-03-26T08:10:54.7219633Z'/><EventRecordID>4464</EventRecordID><Correlation ActivityID='{01d22683-5d6f-4edb-abc2-0f2589ba7217}'/><Execution ProcessID='1976' ThreadID='2172'/><Channel>System</Channel><Computer>vad-pc-124.mpimf.mpg.de</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='SupportInfo1'>1</Data><Data Name='SupportInfo2'>2285</Data><Data Name='ProcessingMode'>2</Data><Data Name='ProcessingTimeInMilliseconds'>0</Data><Data Name='ErrorCode'>1222</Data><Data Name='ErrorDescription'>Das Netzwerk ist nicht vorhanden oder wurde nicht gestartet. </Data></EventData></Event>

Further analysis of the gpresult output revealed two distinct issues affecting the following GPOs:

  • Disable W Defender MAPS
  • Telemetry

1. AD/SYSVOL Version Conflict

A discrepancy was identified between the version numbers stored in Active Directory (AD) and those present in the SYSVOL directory (where GPO files are physically stored).

Examples:

  • Disable W Defender MAPS → AD Version: 5, SYSVOL Version: 6
  • Disable W Telemetry → AD Version: 23, SYSVOL Version: 24

This is a classic synchronization issue. The client detects the mismatch and aborts processing of the affected GPOs.

2. Network Timeout (Error 1129 / 0x54B)

The error code 0x54B indicates that the domain controller could not be contacted in time during system startup. In most cases, this happens because the client system boots faster than the network stack or DNS services become fully available.

Root Cause

The issue is caused by a combination of two independent factors:

  1. Replication inconsistency between Active Directory and SYSVOL, leading to mismatched GPO version numbers.
  2. Delayed network initialization on the client, causing temporary unavailability of the domain controller during Group Policy processing.

Solution

1. Resolve AD/SYSVOL Version Conflict

To fix the version mismatch:

  1. Open the Group Policy Management Console (GPMC).
  2. Select the affected GPO.
  3. Make a minimal change (e.g., add or modify a comment in the Delegation tab).
  4. Save the change to trigger a version increment and replication.

This forces synchronization between AD and SYSVOL and resolves the inconsistency.

Result:
After applying this change to both affected GPOs, the version numbers were aligned again and the conflict was resolved.

2. Ensure Network Availability During Startup

To prevent network-related GPO processing errors:

  1. Configure the following policy in a higher-level GPO:
Computer Configuration
 → Administrative Templates
   → System
     → Logon
       → Always wait for the network at computer startup and logon
  1. Set this policy to Enabled.

This ensures that the client waits for a fully initialized network connection before applying GPOs.

3. Force Policy Update on the Client

After applying the fixes, run the following commands on the affected client:

ipconfig /flushdns
gpupdate /force

This clears cached DNS entries and forces immediate reprocessing of Group Policies.

Summary

The issue was caused by a combination of GPO replication inconsistencies and network timing problems during client startup. By resolving the AD/SYSVOL version mismatch and ensuring proper network initialization, Group Policy processing can be restored reliably.