152 questions
same answer on other forum topic. replied several times to same moderator but no real relpy. please fix MS. this is not an answer but a stall. (Window 11 24H2 / Can't Join Domain - Microsoft Community)
Why windows 11 24H2 causing domain user login issue?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
Hi,
Recently I have installed windows 11 24H2 x64 2024-09B upgraded from 23H2. After that domain user unable to login, unable to change password. Shows configuration information could not read from domain Controller .
*** Moved from Windows / Windows 11 / Windows update ***
Windows for business | Windows Client for IT Pros | Directory services | User logon and profiles
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
{count} votes
3 answers
Sort by: Most helpful
-
Anonymous
2024-11-16T17:27:12+00:00 -
Anonymous
2024-10-28T02:24:51+00:00 Hi SURENDRANADH M S,
Thank you for posting in the Microsoft Community Forums.
Here are some possible solutions and troubleshooting steps for the problem that domain users are unable to log on, change their passwords, and display “Unable to read configuration information from domain controllers” after Windows 11 24H2 upgrade as you mentioned:
First, check the network connection
First of all, make sure that the network connection between your computer and the domain controller is normal. You can try to ping the IP address of the domain controller to see if it can communicate normally. If there is a problem with the network connection, you need to solve the network problem before proceeding with subsequent operations.
Check the status of the domain controller
Log on to the domain controller: Log on to the domain controller using an account with administrator privileges.
Check the service status: Make sure that Net Logon, DFS Replication, DNS Server (if the domain controller also acts as a DNS server) and other related services are running.
Check the Event Viewer: Open the Event Viewer on the domain controller to see if there are any authentication or domain-related error events.
Third, check the client computer settings
DNS Settings: Ensure that the DNS settings of the client computer are correct and able to resolve the domain name of the domain controller.
Network adapter settings: Check the network adapter settings to make sure that you have not enabled any settings (such as IPv6 filtering, etc.) that may cause network communication problems.
Firewall settings: Make sure that the firewall settings are not blocking communication with the domain controller.
Reset Computer Accounts
Sometimes the computer account may have problems in the domain, resulting in the inability to authenticate correctly. You can try to reset the computer account:
Log on to the domain controller: Log on to the domain controller using an account with administrator privileges.
Open Active Directory Users and Computers: Open the Active Directory Users and Computers management tool on the domain controller.
Locate the computer account: Locate the computer account in question in the Computers container.
Reset Account: Right-click on the computer account and select Reset Account. This will reset the computer's password and allow it to re-authenticate with the domain controller.
Restart Client Computer: Restart the computer on the client computer so that it can rejoin the domain with a new password.
V. Check Group Policy and Permission Settings
Check Group Policies: Ensure that no Group Policy settings have been applied that could cause authentication problems.
Check Permissions: Ensure that domain users have sufficient permissions to log on to computers and change passwords.
Best regards
Neuvi
-
Anonymous
2024-11-17T16:17:20+00:00 Hi SURENDRANADH M S,
Based on the information you have provided, it seems that the issue you are experiencing is related to the domain controller configuration. We recommend that you check the domain controller settings and ensure that they are properly configured.
I've seen this in a couple of cases:
The domain might be configured to only use kerberos encryption methods no longer supported in 24H2
To check an endpoint:
(Get-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Kerberos\Parameters').SupportedEncryptionTypes
If this key is set, you have a Policy impacting allowed encryption types the value can be checked here: Decrypting the Selection of Supported Kerberos Encryption Types | Microsoft Community Hub
This can be set in the Default domain and/or default Domain controller policy
Before changing this setting make sure all endpoints are compatible with the new setting, adding encryption types should be fine, removing types might lock out systems that only support that algorithm.
To check configured values from the AD look into the gpo's or use this PowerShell command to retrieve active values:
Get-ADObject -Filter 'msDS-SupportedEncryptionTypes -like "*"' -Properties msDS-SupportedEncryptionTypes
We hope this information helps.
