In the past I've been able to open "Active Directory Users and Computers" to manage the users and computers on our Windows Server 2008 R2 box. We just recently made some changes to our Group Policy to log authentication sucess/failure and enabled the Windows Firewall (I'm assuming the Firewall may be the culprit).
Now when I try to open "Active Directory Users and Computers" I get the following error:
When I run dcdiag.exe it passes all of the tests except for System Log. For that one it throws all kinds of errors about Group Policy Settings. For example:
An error event occurred. EventID: 0x00000406 Time Generated:
12/23/2014 09:44:58
Event String: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
I'm at a loss and am not sure what to do or to look for next.
EDIT:
I turned off the Firewall in the Group Policy and rebooted the machine. I can now access the Active Directory Users and Computers. So now I'm left wondering which ports/rules I need to enable for a Domain Controller and Active Directory? When I looked at the firewall before it already had a bunch of Active Directory and DNS rules in place with allowed traffic.
I found that the firewall's built-in rules aren't always accurate and sufficient.
I researched a little this subject once, and found this article.
This are the ports the article says are generally required:
Note that you might need to block some or open others.