Windows 11 22h2 Problem with Active directory after update

Sylv___ 66

Hi,

After updating or installing a fresh Windows 11 22H2, the computer can't contact the active directory.
GPO seems to be not applied and it's impossible to reach any ressources on the network.

It seems that the user can't get a TGT from the domain controller.

When I do a klist it's empty.

With wireshark, I see at each attempt an "AS-REQ" but no "AS-REP".

> nltest /dclist:mydomain.local

Get list of DCs in domain 'mydomain.local' from '\\dc01.mydomain.local'.
Cannot DsBind to mydc.laz (\\dc01.mydomain.local).Status = 2148074320 0x80090350 SEC_E_DOWNGRADE_DETECTED.

> nltest /sc_query:mydomain.local

Flags: 30 HAS_IP HAS_TIMESERV Authentication Service: Netlogon
Trusted DC Name \\dc02.mydomain.local
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully

When I try to reach an SMB share i have this message :

The sytem cannot contact a domain controller to service the authentication request. Please try again later

All the DCs are in Windows 2016.

I'm not sure where to look to fix this. I've looked everywhere but no answer.
Can you help me please?

Thank you.

nleva 121 Reputation points

2022-11-07T21:40:56.443+00:00

Same issue here with Windows 11 22H2. One symptom of this problem is "The system cannot contact a domain controller to service the authentication request. Please try again later." when trying to access network resources.
Nathaniel Rose 1 Reputation point

2022-11-08T16:49:50.733+00:00

Chiming in to say we began seeing this as well. Bricked a few machines. Only recourse thus far has been to reimage.
Bryan Vay 11 Reputation points

2022-11-10T00:03:42.99+00:00

Also have this issue. First manifested as something like "My R: drive is disconnected..."

We can map network drives by \ipaddress\sharename but not \hostname\sharename.

nltest /dclist: gets me the same result.

When I try to gpupdate /force, I'm told no DC's can be contacted.

ONLY on W11 22h2. I have tried several Kerberos-related fixes found on Reddit, but no dice.

DC's are 2012R2 as is functional level.
nleva 121 Reputation points

2022-11-10T13:59:37.503+00:00

Is there a reason why posts in this thread seem to be getting deleted? The posts discussing upgrading DCs to 2022 and raising the domain functional level appear to be gone now.
Nathaniel Rose 1 Reputation point

2022-11-10T14:03:09.307+00:00

Perhaps that person figure out it wasn’t a consistent answer and deleted their comments…? (No clue.)
nleva 121 Reputation points

2022-11-14T13:16:13.3+00:00

We increased our domain and forest functional level from 2008 R2 to 2012 R2, but this did not solve the Windows 11 22H2 authentication issue. We'll need to upgrade our domain controllers if we want to increase the functional level further.
TheFixer 6 Reputation points

2022-11-22T01:42:26.517+00:00

I had the same issue when testing 22H2 on Windows 11.

Some of the symptoms - Unable to access DFS Shares or file shares by DNS name, GPUpdate not working, Powershell issues with AD modules and remoting, Certificate waring when using RDP

Our DCs were all running on Windows server 2019 or 2022 but the functional level was still 2012.

Raise your domain functional level to 2016+, this worked for me.
Michael Kiwaczinski 0 Reputation points

2023-08-02T17:41:39.63+00:00

Same. No Trusted relationship

Accepted answer

nleva 121 Reputation points

2022-11-14T15:54:01.437+00:00
Is anyone here using Crowdstrike Falcon Identity protection? There was a post on reddit saying this Windows 11 22H2 authentication issue is caused by falcon identity.

Release Notes | Falcon sensor for Windows 6.46.16012/6.47.16104 Hotfix Fixed an issue with Falcon Identity Protection that blocked Kerberos authentications performed by hosts running Windows 11 version 22H2. This applies to all prior supported sensor versions.
Please sign in to rate this answer.

3 people found this answer helpful.
Sylv___ 66 Reputation points

2022-11-14T16:01:27.863+00:00

We actually do use Falcon Identity Protection !
Thank you for this, I'll check that !!

Bryan Vay 11 Reputation points

2022-11-14T16:05:56.38+00:00

WOW. I'mma go looking at that as I am a customer of CSFalcon (like every module they offer). Headed to look now.

Ben 1 Reputation point

2022-11-14T16:22:13.047+00:00

We use falcon, but I removed it from my computer a few days ago thinking that was the issue also, but it didn't do anything.

Sylv___ 66 Reputation points

2022-11-14T16:24:38.283+00:00

It's the Identity Product that is installed on the Domain Controller that seems to be the problem.

https://falcon.eu-1.crowdstrike.com/support/news/release-notes-falcon-sensor-for-windows-6-46-16012-6-47-16104-hotfix

nleva 121 Reputation points

2022-11-14T16:24:48.96+00:00

Removing it from the computer won't help if it's falcon identity protection causing the issue. The falcon identity sensor is installed on the domain controller and the blocking would be occurring there, not on the pc itself.

Nathaniel Rose 1 Reputation point

2022-11-14T16:30:25.09+00:00

Yup. We're totally Crowdstrike endpoints. Thank you so much for sharing this.

Ben 1 Reputation point

2022-11-14T16:53:21.633+00:00

new update. i updated the sensors on my PC and on the DC and no dice. I haven't rebooted the DC yet. don't know if I have to do that.

Mike 11 Reputation points

2022-11-14T20:10:28.43+00:00

Updating the Falcon sensors on our DC's worked for us. We did not have to reboot them. Thanks!

Marty Bognanno 6 Reputation points

2022-11-15T15:48:37.783+00:00

I removed just the Falcon Identity Sensor from both of my Domain Controllers and now all the Windows 11 22H2 clients are working. They are authenticating and getting Group Policy as normal. I'm not sure if there is a new fix coming from CrowdStrike. The hotfix version of the client didn't take care of the issue. Only removing the Identity Sensor did the trick.

nleva 121 Reputation points

2022-11-15T15:51:45.987+00:00

Crowdstrike told me only the unified DC sensor has been updated. If your account is still uses the DC sensor separate from the falcon EDR sensor we're still waiting for an update to the standalone identity DC sensor. It might be possible to ask crowdstrike to update your account to use the new unified sensor but it requires a change on their side.

Bryan Vay 11 Reputation points

2022-11-15T16:35:47.117+00:00

Putting Identity Protection into "passthrough" mode also worked for us to solve these issues.

I have a ticket with CrowdStrike and they have yet to confirm this issue stems from this module.

nleva 121 Reputation points

2022-11-30T16:46:51.36+00:00

The fixed version of the falcon identity DC standalone sensor has been released. Version 6.48.21772. Has anyone installed it yet and can confirm the fix?

Sylv___ 66 Reputation points

2022-11-30T17:22:39.833+00:00

Nicelly seen !! I just installed it and it worked !
I did a Test-ComputerSecureChannel -Repair just in case ! (not sure if i had to do it or not, but after 1 restart it still didn't worked, I had the TGT listed but impossible to reach any sysvol share)

Thank you for keeping me updated of the fix !

Christopher Wolf 11 Reputation points

2022-11-30T20:01:54.863+00:00

We are running 2016 Functional Level with 2019 DC Servers. I can confirm that Identity Protection DC Sensor - Sensor Version6.48.21772 install has resolved our drive mapping issues.

Cristiano S.Alves 0 Reputation points

2024-01-03T17:53:48.5333333+00:00

I think it has nothing to do with antivirus or firewall. I am facing exactly the same problem here and it is certainly a problem with Windows updates. At first it was possible to deleted lastet updates in 22h2 and 23h2 versions, just delete the updates in the options and restart the computer to have it working again with samba4 domain. However something really weird is happening now. When I delete the updates and set windows updates as off, when I restart the computer it updates anyway and I can never remove them. I tried remove with powershell since there is a possibility to do so but nothing seems to work anymore. Windows 11 just keep resulting in "trust relationship between this workstation and the domain fails".

I think I have tried everything that was possible. Update samba version, enable and disable Kerberos DES options in Local policies. The only way to login to the domain is using a different Windows version like 7 or 10 which works perfectly. Problem is that all licences here is for Windows 11.

Hope Microsoft fixes it soon.
Sign in to comment

17 additional answers

Ben 1 Reputation point

2022-11-14T15:28:07.213+00:00

Stopping by to say that I'm also having the same issue after upgrade. I installed the next Beta and the Dev to see if any of them fixed it. No dice either. 2016 DC.
The issue happen on a DC 2019 as well.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Jose Miranda 1 Reputation point

2022-11-18T17:02:17.623+00:00

I had a number of systems with this issue. Tried the usual stuff: gpupdate /force -- rejoining to domain.

Solved by launching command prompt as admin, gpupdate /sync
Restarting system, logging in with a PW first (in case any MFAs out there)
Repeat if necessary.

Worked for me more than once
Please sign in to rate this answer.
Edith Emeterio 0 Reputation points

2023-03-27T22:26:41.2366667+00:00

I was hoping the gpupdate /sync would work but no go...still getting unable to connect to DC
Sign in to comment
TheFixer 6 Reputation points

2022-11-22T01:43:28.58+00:00

I had the same issue when testing 22H2 on Windows 11.

Some of the symptoms - Unable to access DFS Shares or file shares by DNS name, GPUpdate not working, Powershell issues with AD modules and remoting, Certificate waring when using RDP

Our DCs were all running on Windows server 2019 or 2022 but the functional level was still 2012.

Raise your domain functional level to 2016+, this worked for me.
Please sign in to rate this answer.
Nathaniel Rose 1 Reputation point

2022-11-22T02:03:04.753+00:00

Problem is caused by the Crowdstrike identity sensors on your domain controllers. Fix already out for the unified sensor. See rest of thread.
Sign in to comment
Aaron Jones 0 Reputation points

2023-04-13T12:34:38.55+00:00

Has anyone else managed to find a solution to this? I've tried many things in this thread including raising the domain funcitonal and forest level to 2016 but still no luck. Such a strange issue- computer just doesn't want to connect to our corporate (GPU inherited) wifi network after it upgrades from 21h2 to 22h2. Gpupdate not working either.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Share via

Windows 11 22h2 Problem with Active directory after update

17 additional answers