Active Directory Group Policy Objects (GPO) are not applied when a user logs on to a machine booting from a vDisk.
Startup / logon scripts that are invoked using Group Policies are not running.
However, the policies apply successfully with the next refresh cycle (90 minutes by default) or if forced using the gpupdate /force command.
The target device’s event log shows failure entries related to Security / Kerberos and Group Policy (Event ID 1030 and Event ID 1097), caused by a time difference from the domain controller.
This issue occurs in environments where Standard Image Mode is used for vDisks and the machines are in a country that uses Daylight Savings Time.
The vDisk image has been created during summertime. Once the environment has been changed to wintertime, all machines that use this vDisk will have one hour time difference to the rest of the environment (most importantly to the AD domain controllers).
The time is later synchronized with the domain controller, which is why the GPO is applied at the next refresh cycle.
Because the vDisk is in Standard Image Mode and changes to it are not persistent, the same problem occurs at every reboot.
Boot the vDisk in Private Mode after the Daylight Saving Time change has occurred and correct the time zone setting. Shut down and switch back to Standard Image Mode. The time change has now been saved with the image.
Time zone information is saved in the registry at HKLM\System\CurrentControlSet\Control\TimeZoneInformation
When switching between summertime and wintertime, the value ActiveTimeBias is changed. A vDisk in Standard Image Mode loses this change at every reboot.