[Samba] Windows 11 logon issue

Jonathan Hunter jmhunter1 at gmail.com
Fri Jan 2 04:12:16 UTC 2026 

To close out an old thread (no denvercoder9 here!) - I have tracked this
down to https://bugzilla.samba.org/show_bug.cgi?id=15694

Most of my DCs are still on 32-bit OSs as they've been running for some
time.

When I upgraded to samba 4.19 or later, this triggered the above bug. In a
nutshell, Windows 11 clients (post-22H2) started sending ticket requests
with very long lifetimes, which is larger than 32-bits.. but samba hadn't
been checking until this version. So I have hit both issues together, and
the only fix (other than downgrading samba quite some way) is to move to a
64-bit OS on my samba DCs, or wait some months for a fix for bug 15694
(that may never be released, possibly).

I did check a laptop at the one site with a 64-bit DC, and that worked fine
with Windows 11, so I think that proves the point.

Hopefully this thread can be of use to others who run into the same issue!

On Sat, 13 Jul 2024 at 14:27, Jonathan Hunter <jmhunter1 at gmail.com> wrote:

> Thank you Rowland as always :)
>
> On Mon, 8 Jul 2024 at 09:13, Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > > I recently noticed that two separate Windows 11 machines joined to my
> > > domain are not letting me log in to them as a domain user. In the
> > > Windows Security event log I can see 'Audit Failure' - 'An account
> > > failed to log on'. Details shown are: 'Account for which logon failed'
> >
> > This is very probably a Windows issue, '0XC000006D' is
> > STATUS_LOGON_FAILURE, which is 'The user name or password is
> > incorrect.', but. as you don't seem to have a SID, might mean your
> > win11 computer cannot, for some reason, contact the DC, so have you
> > tried the standard Windows fix ? Also known as turning it off and on
> > again ;-)
>
> I did indeed.. and since it is affecting three Windows 11 clients
> here, I thought I'd "go for broke" and remove one of them from the
> domain and re-join it, to see if that sorts it out.
>
> Interestingly, I can't now rejoin this machine to the domain since it
> is rejecting my domain user with (presumably) the same sort of error
> when I put in my credentials. (Not sure if it makes a difference that
> these are credentials that were previously cached on the machine
> whilst it was previously domain joined.. I imagine not)
>
> I think my next two avenues of investigation will be
>
> - Spin up a new Windows 11 VM and see if I can join it to the domain;
> both before and after applying the latest Windows updates - it would
> be interesting to see if I can reproduce it this way, or if it's
> something to do with only an existing machine already domain joined..
>
> - Increase debugging on my DCs. I suspect I'll need to follow
> https://wiki.samba.org/index.php/Client_specific_logging or similar,
> to avoid a high level of unrelated traffic in the logs on the DCs.
>
> I'll report back..
>
> > I think you can ignore the 'NT_STATUS_TIME_DIFFERENCE_AT_DC', Samba
> > seems to return it as an error code as a backstop, try turning up the
> > loglevel to 2 on the DCs, that should make another error message pop
> > out.
>
> Thanks. Log level 2 has made no difference, I think I'll need to go much
> higher.
>
> Cheers,
>
> Jonathan
>
> --
> "If we knew what it was we were doing, it would not be called
> research, would it?"
>       - Albert Einstein
>


-- 
"If we knew what it was we were doing, it would not be called research,
would it?"
      - Albert Einstein

More information about the samba mailing list