[Samba] Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in
Rowland Penny
rpenny at samba.org
Tue Feb 4 13:43:52 UTC 2025
On Tue, 4 Feb 2025 13:22:46 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Tue, 4 Feb 2025 15:07:30 +0200
> Virgo Pärna via samba <samba at lists.samba.org> wrote:
>
> > And there has been some developement...
> >
> > test-computersecurechannel
> > still reports True.
> > But now
> > test-computersecurechannel -repair
> > now fails with
> > "Test-ComputerSecureChannel: Cannot reset the secure channel
> > password for the computer account in the domain. Operation failed
> > with the following exception: The user name or password is
> > incorrect."
> >
> > test-computersecurechannel -repair -Credential DOMAIN\Administrator
> > -Server dc.domain
> > also fails with same message.
> >
> > But
> > test-computersecurechannel -repair -Credential DOMAIN\Administrator
> > -Server ip_of_dc
> > succeeds...
> >
>
> that may point a way to the problem, using a fqdn will probably use
> kerberos and using the IP will probably use rpc. If that is the case,
> then there is probably a kerberos problem and doing a search on that,
> turned up this;
>
> https://nuangel.net/2025/01/windows-11-24h2-insufficient-system-resources-trying-to-login/
>
> Check that, it may be your problem.
>
> Rowland
>
>
>
After a bit more investigation, that might be the same 'fix' I pointed
to earlier, but from a different direction.
So I dug deeper and found this:
https://answers.microsoft.com/en-us/windowsclient/forum/all/after-update-to-latest-win-11-24h2-rdp-kerberos/d0f95e77-eb25-4604-bfd7-526d14a585a1?page=3
Which appears to be a lot closer to what the problem the OP is getting.
If it is, then it appears to be a Windows bug that they are not
accepting.
Rowland
More information about the samba
mailing list