Nethserver-DC is the only DC in this environment and creating / editing the GPO’s worked indeed fine when the (only) server was running Windows Server 2008 R2. I did convert the server to a Hyper-V VM and had to do an in place upgrade (in steps) to Window Server 2019.
The RSAT tools on Windows 10 work fine in combination with Nethserver-DC. I use the RSAT tools of Windows 10 to manage group policies for a few smaller customers (different environments but all with Nethserver-DC).
I think I’ll go ahead and install the RSAT tools on a Windows 10 client and try again for this environment to edit the policies and see what happens.
I’ll look into that but I can confirm the domain works fine when I look at joining computers/servers and so on. Group policy updates also work fine. I can’t find something obvious in the event logs of the Windows 2019 server.
I believe I did have issues with promiscuous mode before - but I am not sure if that was Hyper-V or Proxmox. I’ll look into this after testing editing the policies with Windows 10.
I did try to edit some GPO’s from a Windows 10 client. Unfortunately this gives the same error message.
I did also sniff the DNS requests. Could it be DNS? The following records (red dot) aren’t being resolved (please see the screenshot).
I run Proxmox at home with Nethserver and Nethserver-DC. It’s wonderful.
Although I like Proxmox… I just can’t run Proxmox for this specific environment unfortunately.
It looks like the problem isn’t Hyper-V but permissions. When I create a new GPO, then I am able to edit the GPO.
I just created a backup of the GPO “Printers”. Next I did remove the GPO. Next I did restore the GPO… and voila! I am able to edit the GPO (again)! The only caveat is that I have to link the GPO to the OU.
I don’t know the cause of this specific problem but this work around solves the problem: I just create a backup of the GPOs which I can’t edit and then I just restore and link those GPOs again. I just have to pay attention of the links.