use nltest /sc_query:domain_name instead.
This will provide the secure channel between the member server and domain controller that user authentication leverages (at least in a single-domain environment, where computers and users are part of the same AD domain).
Btw. even nltest /sc_query is not entirely reliable, since it can be renegotiated over time
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin