OpenVPN Active Directory not updating policies


I have a pfSense router at my head end and I am trying to connect a remote user. The user can get onto the network with an openVPN connection, but the gpupdate /force fails with

'Computer policy could not be updated successfully. The following errors were enc

The processing of Group Policy failed because of lack of network connectivity to
a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has successfully processed. If you do not see a success message for seve
ral hours, then contact your administrator.
User Policy update has completed successfully.’

I can ping both the domian and the controller with the FQDN and IP. I have the VPN pushing the DNS of the domain controller.

I can

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html’

Make sure the domain server is not blocking connections that are not coming form local networks only.

Thank you, I got it working. I think it was DNS and VPN issues.

What is best practices that Lawrence system uses for remote workers on a Windows domain?

My question is do I need to connect to the VPN BEFORE they log in to the computer so that the GPO get synced? Or is it fine to connect to the VPN after they login and the sync will happen after? I have a worker that has an onsite system and a system at home. They may change their password onsite and it not get synced to offsite computer before they log in off site. Will that matter? Or the next time they sign in remotly, they will just use their new password?