[Samba] Windows 11 logon issue

Jonathan Hunter jmhunter1 at gmail.com
Sat Jul 13 13:27:45 UTC 2024 

Thank you Rowland as always :)

On Mon, 8 Jul 2024 at 09:13, Rowland Penny via samba
<samba at lists.samba.org> wrote:
> > I recently noticed that two separate Windows 11 machines joined to my
> > domain are not letting me log in to them as a domain user. In the
> > Windows Security event log I can see 'Audit Failure' - 'An account
> > failed to log on'. Details shown are: 'Account for which logon failed'
>
> This is very probably a Windows issue, '0XC000006D' is
> STATUS_LOGON_FAILURE, which is 'The user name or password is
> incorrect.', but. as you don't seem to have a SID, might mean your
> win11 computer cannot, for some reason, contact the DC, so have you
> tried the standard Windows fix ? Also known as turning it off and on
> again ;-)

I did indeed.. and since it is affecting three Windows 11 clients
here, I thought I'd "go for broke" and remove one of them from the
domain and re-join it, to see if that sorts it out.

Interestingly, I can't now rejoin this machine to the domain since it
is rejecting my domain user with (presumably) the same sort of error
when I put in my credentials. (Not sure if it makes a difference that
these are credentials that were previously cached on the machine
whilst it was previously domain joined.. I imagine not)

I think my next two avenues of investigation will be

- Spin up a new Windows 11 VM and see if I can join it to the domain;
both before and after applying the latest Windows updates - it would
be interesting to see if I can reproduce it this way, or if it's
something to do with only an existing machine already domain joined..

- Increase debugging on my DCs. I suspect I'll need to follow
https://wiki.samba.org/index.php/Client_specific_logging or similar,
to avoid a high level of unrelated traffic in the logs on the DCs.

I'll report back..

> I think you can ignore the 'NT_STATUS_TIME_DIFFERENCE_AT_DC', Samba
> seems to return it as an error code as a backstop, try turning up the
> loglevel to 2 on the DCs, that should make another error message pop
> out.

Thanks. Log level 2 has made no difference, I think I'll need to go much higher.

Cheers,

Jonathan

-- 
"If we knew what it was we were doing, it would not be called
research, would it?"
      - Albert Einstein

More information about the samba mailing list