Windows 11 22h2 Problem with Active directory after update

Sylv___ 66

Hi,

After updating or installing a fresh Windows 11 22H2, the computer can't contact the active directory.
GPO seems to be not applied and it's impossible to reach any ressources on the network.

It seems that the user can't get a TGT from the domain controller.

When I do a klist it's empty.

With wireshark, I see at each attempt an "AS-REQ" but no "AS-REP".

> nltest /dclist:mydomain.local

Get list of DCs in domain 'mydomain.local' from '\\dc01.mydomain.local'.
Cannot DsBind to mydc.laz (\\dc01.mydomain.local).Status = 2148074320 0x80090350 SEC_E_DOWNGRADE_DETECTED.

> nltest /sc_query:mydomain.local

Flags: 30 HAS_IP HAS_TIMESERV Authentication Service: Netlogon
Trusted DC Name \\dc02.mydomain.local
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully

When I try to reach an SMB share i have this message :

The sytem cannot contact a domain controller to service the authentication request. Please try again later

All the DCs are in Windows 2016.

I'm not sure where to look to fix this. I've looked everywhere but no answer.
Can you help me please?

Thank you.

nleva 121 Reputation points

2022-11-07T21:40:56.443+00:00

Same issue here with Windows 11 22H2. One symptom of this problem is "The system cannot contact a domain controller to service the authentication request. Please try again later." when trying to access network resources.
Nathaniel Rose 1 Reputation point

2022-11-08T16:49:50.733+00:00

Chiming in to say we began seeing this as well. Bricked a few machines. Only recourse thus far has been to reimage.
Bryan Vay 11 Reputation points

2022-11-10T00:03:42.99+00:00

Also have this issue. First manifested as something like "My R: drive is disconnected..."

We can map network drives by \ipaddress\sharename but not \hostname\sharename.

nltest /dclist: gets me the same result.

When I try to gpupdate /force, I'm told no DC's can be contacted.

ONLY on W11 22h2. I have tried several Kerberos-related fixes found on Reddit, but no dice.

DC's are 2012R2 as is functional level.
nleva 121 Reputation points

2022-11-10T13:59:37.503+00:00

Is there a reason why posts in this thread seem to be getting deleted? The posts discussing upgrading DCs to 2022 and raising the domain functional level appear to be gone now.
Nathaniel Rose 1 Reputation point

2022-11-10T14:03:09.307+00:00

Perhaps that person figure out it wasn’t a consistent answer and deleted their comments…? (No clue.)
nleva 121 Reputation points

2022-11-14T13:16:13.3+00:00

We increased our domain and forest functional level from 2008 R2 to 2012 R2, but this did not solve the Windows 11 22H2 authentication issue. We'll need to upgrade our domain controllers if we want to increase the functional level further.
TheFixer 6 Reputation points

2022-11-22T01:42:26.517+00:00

I had the same issue when testing 22H2 on Windows 11.

Some of the symptoms - Unable to access DFS Shares or file shares by DNS name, GPUpdate not working, Powershell issues with AD modules and remoting, Certificate waring when using RDP

Our DCs were all running on Windows server 2019 or 2022 but the functional level was still 2012.

Raise your domain functional level to 2016+, this worked for me.
Michael Kiwaczinski 0 Reputation points

2023-08-02T17:41:39.63+00:00

Same. No Trusted relationship

Accepted answer

nleva 121 Reputation points

2022-11-14T15:54:01.437+00:00
Is anyone here using Crowdstrike Falcon Identity protection? There was a post on reddit saying this Windows 11 22H2 authentication issue is caused by falcon identity.

Release Notes | Falcon sensor for Windows 6.46.16012/6.47.16104 Hotfix Fixed an issue with Falcon Identity Protection that blocked Kerberos authentications performed by hosts running Windows 11 version 22H2. This applies to all prior supported sensor versions.
Please sign in to rate this answer.

3 people found this answer helpful.
Sylv___ 66 Reputation points

2022-11-14T16:01:27.863+00:00

We actually do use Falcon Identity Protection !
Thank you for this, I'll check that !!

Bryan Vay 11 Reputation points

2022-11-14T16:05:56.38+00:00

WOW. I'mma go looking at that as I am a customer of CSFalcon (like every module they offer). Headed to look now.

Ben 1 Reputation point

2022-11-14T16:22:13.047+00:00

We use falcon, but I removed it from my computer a few days ago thinking that was the issue also, but it didn't do anything.

Sylv___ 66 Reputation points

2022-11-14T16:24:38.283+00:00

It's the Identity Product that is installed on the Domain Controller that seems to be the problem.

https://falcon.eu-1.crowdstrike.com/support/news/release-notes-falcon-sensor-for-windows-6-46-16012-6-47-16104-hotfix

nleva 121 Reputation points

2022-11-14T16:24:48.96+00:00

Removing it from the computer won't help if it's falcon identity protection causing the issue. The falcon identity sensor is installed on the domain controller and the blocking would be occurring there, not on the pc itself.

Nathaniel Rose 1 Reputation point

2022-11-14T16:30:25.09+00:00

Yup. We're totally Crowdstrike endpoints. Thank you so much for sharing this.

Ben 1 Reputation point

2022-11-14T16:53:21.633+00:00

new update. i updated the sensors on my PC and on the DC and no dice. I haven't rebooted the DC yet. don't know if I have to do that.

Mike 11 Reputation points

2022-11-14T20:10:28.43+00:00

Updating the Falcon sensors on our DC's worked for us. We did not have to reboot them. Thanks!

Marty Bognanno 6 Reputation points

2022-11-15T15:48:37.783+00:00

I removed just the Falcon Identity Sensor from both of my Domain Controllers and now all the Windows 11 22H2 clients are working. They are authenticating and getting Group Policy as normal. I'm not sure if there is a new fix coming from CrowdStrike. The hotfix version of the client didn't take care of the issue. Only removing the Identity Sensor did the trick.

nleva 121 Reputation points

2022-11-15T15:51:45.987+00:00

Crowdstrike told me only the unified DC sensor has been updated. If your account is still uses the DC sensor separate from the falcon EDR sensor we're still waiting for an update to the standalone identity DC sensor. It might be possible to ask crowdstrike to update your account to use the new unified sensor but it requires a change on their side.

Bryan Vay 11 Reputation points

2022-11-15T16:35:47.117+00:00

Putting Identity Protection into "passthrough" mode also worked for us to solve these issues.

I have a ticket with CrowdStrike and they have yet to confirm this issue stems from this module.

nleva 121 Reputation points

2022-11-30T16:46:51.36+00:00

The fixed version of the falcon identity DC standalone sensor has been released. Version 6.48.21772. Has anyone installed it yet and can confirm the fix?

Sylv___ 66 Reputation points

2022-11-30T17:22:39.833+00:00

Nicelly seen !! I just installed it and it worked !
I did a Test-ComputerSecureChannel -Repair just in case ! (not sure if i had to do it or not, but after 1 restart it still didn't worked, I had the TGT listed but impossible to reach any sysvol share)

Thank you for keeping me updated of the fix !

Christopher Wolf 11 Reputation points

2022-11-30T20:01:54.863+00:00

We are running 2016 Functional Level with 2019 DC Servers. I can confirm that Identity Protection DC Sensor - Sensor Version6.48.21772 install has resolved our drive mapping issues.

Cristiano S.Alves 0 Reputation points

2024-01-03T17:53:48.5333333+00:00

I think it has nothing to do with antivirus or firewall. I am facing exactly the same problem here and it is certainly a problem with Windows updates. At first it was possible to deleted lastet updates in 22h2 and 23h2 versions, just delete the updates in the options and restart the computer to have it working again with samba4 domain. However something really weird is happening now. When I delete the updates and set windows updates as off, when I restart the computer it updates anyway and I can never remove them. I tried remove with powershell since there is a possibility to do so but nothing seems to work anymore. Windows 11 just keep resulting in "trust relationship between this workstation and the domain fails".

I think I have tried everything that was possible. Update samba version, enable and disable Kerberos DES options in Local policies. The only way to login to the domain is using a different Windows version like 7 or 10 which works perfectly. Problem is that all licences here is for Windows 11.

Hope Microsoft fixes it soon.
Sign in to comment

17 additional answers

Sylv___ 66 Reputation points

2022-11-07T09:07:22.717+00:00

Thank you for your messages !
I hope Microsoft will understand quickly the issue and fix it !

So weird it's still not on the bug list ...
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Marcel Wagner 1 Reputation point

2022-11-07T09:47:13.637+00:00

Same here, I did the Windows 11 22H2 Update in a foreign network without contact to the DomainController. Now, I can't log in anymore to my notebook, when I am connected with the domain network ;-(, I have no access to any domain ressources! I can only work with my notebook, when I disconnect the network cable and do the login....
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Ryan Pertusio (H) 1 Reputation point

2022-11-10T04:23:32.12+00:00

I opened a ticket with MS on this. If I have anything meaningful to share, I'll post an update. I provided a link to this thread.
Please sign in to rate this answer.
Sylv___ 66 Reputation points

2022-11-10T09:41:26.513+00:00

Thank you !
I'm looking forward for the answer of Microsoft !

nleva 121 Reputation points

2022-11-10T13:06:35.163+00:00

Also hoping you get a good response from Microsoft support. Someone in the reddit thread spent days troubleshooting this issue with Microsoft Support and it was no help at all. Maybe if you point them to these posts they will realize it's not just you and others are having the same issue too.

Ryan Pertusio (H) 1 Reputation point

2022-11-15T21:57:46.577+00:00

@Sylv___ I've put my Microsoft case "on hold". We're indeed using the Crowdstrike Unified sensor on our domain controllers, which as @nleva pointed out, is a possible contributor to this problem. (Thanks nleva!)

Sylv___ 66 Reputation points

2022-11-16T07:58:06.667+00:00

Yes thank you @Ryan Pertusio (H) !!
I think we found the problem now ! Sadly i'm not with the Unified Sensor so I have to wait... But we're on the good way !

Aaron Jones 0 Reputation points

2023-04-13T12:32:04.8366667+00:00

Did you hear back and manage to find a solution? Nothing else in this thread seems to have worked.
Sign in to comment
SPembo 6 Reputation points

2022-11-10T08:21:57.1+00:00
It's possible also worth mentioning that also:

rollback did also resolve

Installing update before joining domain was fine

Test-ComputerSecureChannel -Verbose show issue on affected updated machines

Reset-ComputerMachinePassword although appeared to work, didn't fix issue (made things worse for rolled back machine, but command worked after rollback)
Please sign in to rate this answer.
nleva 121 Reputation points

2022-11-10T13:04:12.407+00:00

Joining the domain after Windows 11 22H2 was installed did not solve it for us. We got a new computer that was preloaded with Windows 11 22H2 and had the issue as soon as we joined the domain.

Mike 11 Reputation points

2022-11-10T15:52:39.427+00:00

Same here. We tried joining after the update and had no success.
Sign in to comment

Share via

Windows 11 22h2 Problem with Active directory after update

17 additional answers