Rowland Penny
2025-Feb-04 13:22 UTC
[Samba] Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in
On Tue, 4 Feb 2025 15:07:30 +0200 Virgo P?rna via samba <samba at lists.samba.org> wrote:> And there has been some developement... > > test-computersecurechannel > still reports True. > But now > test-computersecurechannel -repair > now fails with > "Test-ComputerSecureChannel: Cannot reset the secure channel password > for the computer account in the domain. Operation failed with the > following exception: The user name or password is incorrect." > > test-computersecurechannel -repair -Credential DOMAIN\Administrator > -Server dc.domain > also fails with same message. > > But > test-computersecurechannel -repair -Credential DOMAIN\Administrator > -Server ip_of_dc > succeeds... >that may point a way to the problem, using a fqdn will probably use kerberos and using the IP will probably use rpc. If that is the case, then there is probably a kerberos problem and doing a search on that, turned up this; https://nuangel.net/2025/01/windows-11-24h2-insufficient-system-resources-trying-to-login/ Check that, it may be your problem. Rowland
Rowland Penny
2025-Feb-04 13:43 UTC
[Samba] Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in
On Tue, 4 Feb 2025 13:22:46 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Tue, 4 Feb 2025 15:07:30 +0200 > Virgo P?rna via samba <samba at lists.samba.org> wrote: > > > And there has been some developement... > > > > test-computersecurechannel > > still reports True. > > But now > > test-computersecurechannel -repair > > now fails with > > "Test-ComputerSecureChannel: Cannot reset the secure channel > > password for the computer account in the domain. Operation failed > > with the following exception: The user name or password is > > incorrect." > > > > test-computersecurechannel -repair -Credential DOMAIN\Administrator > > -Server dc.domain > > also fails with same message. > > > > But > > test-computersecurechannel -repair -Credential DOMAIN\Administrator > > -Server ip_of_dc > > succeeds... > > > > that may point a way to the problem, using a fqdn will probably use > kerberos and using the IP will probably use rpc. If that is the case, > then there is probably a kerberos problem and doing a search on that, > turned up this; > > https://nuangel.net/2025/01/windows-11-24h2-insufficient-system-resources-trying-to-login/ > > Check that, it may be your problem. > > Rowland > > >After a bit more investigation, that might be the same 'fix' I pointed to earlier, but from a different direction. So I dug deeper and found this: https://answers.microsoft.com/en-us/windowsclient/forum/all/after-update-to-latest-win-11-24h2-rdp-kerberos/d0f95e77-eb25-4604-bfd7-526d14a585a1?page=3 Which appears to be a lot closer to what the problem the OP is getting. If it is, then it appears to be a Windows bug that they are not accepting. Rowland
Apparently Analagous Threads
- Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in
- Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in
- Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in
- Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in
- Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in