I had this issue on a server. I shifted through the event log and found the pattern of events that preceded the issue, and, probably, caused it.
In short, the pattern is as follows: Windows updates run automatically as scheduled, and when reboot is initiated after the updates are finished, the computer crashes (probably during reboot sequence). When it boots up, it reports that the last shutdown was unexpected, and the issue begins to occur.
It doesn’t say anything about this particular problem, but it gives more information about SVCHOST process that starts many services, including Group Policy Client. It looks like during reboot a vital registry settings were lost during crash and Group Policy Client “don’t know” how to start. Let me explain:
There are two places to look in the registry:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services this path should contain gpsvc key (a folder), which is responsible for service parameters and configuration. I found that the key was intact, so, you do not touch anything here – just check that the key exists.
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SVCHOST This is the most important path you should look into, as it must contain the keys and values referred in the key #1. Below are descriptions what must be present there.
- There must be Multi-String value called GPSvcGroup. Server was missing it. So, you should create multi-string value named GPSvcGroup and assign it value GPSvc.
- Next, you must create a key (a folder) and name it GPSvcGroup – this key normally should be there, but, again, it was missing on the server.
- Then open newly-created GPSvcGroup folder and create 2 DWORD values:
- First called AuthenticationCapabilities and you must give it a value of 0x00003020 (or 12320 in decimal)
- Second is called CoInitializeSecurityParam and it must have value of 1.