[Samba] Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in

Virgo Pärna virgo.parna at mail.ee
Fri Jan 31 08:42:12 UTC 2025


On 30.01.2025 21:44, Rowland Penny via samba wrote:
> 
> A post on reddit on a similar subject lead to this:
> 
> https://learn.microsoft.com/en-us/answers/questions/2086759/insufficient-system-resources-exist-to-complete-th
> 
> Perhaps it will help.

	Interesting. Different error (I'm getting invalid username/password), 
but is worth checking. PC does not have Bitlocker fortunately. And all 
the VM-s I have tested are running in same Win 11 PC. I'll try clearing 
TMP on next office day (currently working remotely).
	Credential guard is not available, because it is not Windows 11 
Enterprise (it is Pro). And re-enabling Core Protection did change 
anything (had this disabled, because Smart Card reader drived does not 
work with 24H2 otherwise).
	And just changing algorithms allowed for Kerberos  had no effect.

	Strange thing was, that when I tested it Windows 11 22H2 test machine 
(that I today upgraded to 23H2) and enabled debug log on Windows 
NETLOGON service, then in that log it complained:
01/30 15:28:23 [ERROR] [1320] NlpStoreKeyInDS: Unable to get computer DN: 5
01/30 15:28:23 [ERROR] [1320] NlProvisionMachineAuthKey: Unable to store 
auth key in DS: 5
01/30 15:28:23 [ERROR] [7044] NetpLdapBind: ldap_bind failed on 
dc.domain: 49: Invalid Credentials

	But using Wireshark to capture ldap traffic I did not see anything, 
that would look like authentication failure for me.


-- 
Virgo Pärna
virgo.parna at mail.ee



More information about the samba mailing list