We are seeing the following alarms errors: 

Group Policy Check - Group Policy failed to refresh properly. error code: -1 Gpupdate errors: Group Policy update failed - internal error

Group Policy Check - Group Policy failed to refresh properly. error code: -1 Gpupdate errors: Group Policy update failed - access denied

Group Policy Check - Group Policy failed to refresh properly. error code: -1073741502 Gpupdate errors: Group Policy update failed - DLL initialization error

Group Policy Check - Group Policy failed to refresh properly. error code: -1073741523 Gpupdate errors: Group Policy update failed with code: -1073741523

The following warnings are also encountered during computer policy processing:

Windows failed to apply the {F#########E} settings. {F3##########E} settings might have its own log file. Please click on the "More information" link.

User Policy update has completed successfully.

For more detailed information, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.


What commands the Group Policy check is running on the new probe and what the expected output is for a good or a bad state?

• DX UIM 23.4.*
• ad_server 2.10 and later

Guidance

How the Probe Determines Success vs. Failure

The ad_server probe uses a robust method to check the result:

• It executes gpupdate.exe (typically with a /force argument).
• It then waits for the command to complete and inspects the process exit code that is returned by the operating system.
• An exit code of 0 is considered a success.
• Any non-zero exit code is considered a failure. The probe captures this exit code and any text sent to the standard error stream to generate the detailed alarm you are seeing.

This is a much stricter and more reliable check than simply parsing the text output. The gpupdate command can print "successfully completed" for one part of the policy (like User Policy) but still encounter critical errors in another part (like Computer Policy) and return a non-zero exit code to signal an overall failure. Your VB script might be just scanning for "success" in the text and ignoring the true exit code, which might be the reason why it didn't raise alarms.

Explanation of the Specific Errors : 

• Group Policy update failed - access denied (error code: -1)
  Reason: This is a permissions issue. The user account running the Nimsoft/UIM Robot service on that server lacks the necessary privileges (typically local administrator rights) to force a group policy update.
  Recommendation: Verify the user account that the "Nimsoft Robot Watcher" service is running as. Ensure this account is a member of the local Administrators group on the server.
• Group Policy update failed - DLL initialization error (error code: -1073741502)
  Reason: This is the Windows system error STATUS_DLL_INIT_FAILED. It means a critical system library (.dll file) that gpupdate.exe needs could not load. This often points to a problem on the server itself, such as corrupted system files or interference from an antivirus or endpoint security agent.
  Recommendation: Your server team should run the System File Checker (sfc /scannow) on this machine and check the Windows Event Logs for corresponding errors.
• Group Policy update failed with code: -1073741523
  Reason: This is the Windows system error STATUS_COMMITMENT_LIMIT. It means the server has exhausted its available virtual memory (the combination of physical RAM and the page file). The operating system could not allocate enough memory for the gpupdate process to run. This indicates a server under significant resource strain.
  Recommendation: Your server team should investigate the memory and page file usage on this machine. It may require more RAM or a larger page file.

Summary:
The probe is not generating false positives. It is correctly detecting and reporting genuine issues with Group Policy processing on those servers.