Hello mark aldridge,
Welcome to Microsoft Q&A. Thanks for posting your query
The error message "The system cannot contact a domain controller to service the authentication request" suggests that the client's machine is unable to reach a domain controller to validate with the Kerberos ticket. Here are some possible causes and solutions
Check the network connectivity that the VM has the proper connectivity with domain controllers. You can test this by pinging the domain controller.
Check that the DNS settings on the VM are correctly configured to resolve the domain controllers. Incorrect DNS settings can prevent your system from locating the domain controller.
Ensure that the domain controller is up and running. You can check the status of the domain controller in the Azure portal.
Ensure that the client machine is properly configured for Kerberos authentication. that is correct DNS server settings, time synchronization, and Kerberos configuration.
Make sure that no firewall is blocking that preventing the authentication process. make sure that necessary ports for Kerberos authentication such as port 88 for Kerberos and port 389 for LDAP are open.
Some steps to do Troubleshoot:
On the server and the client machine, flush the DNS cache and restart the DNS server service.
Check the Event Viewer on both the client machine and the domain controller for relevant error messages.
Once try unjoining the client machine from the domain and then re-joining it.
Recheck the registry key is correctly set without any typos
Ensure that the network security groups (NSGs) associated with your VM and subnet you can refer this Microsoft documentation if you have any issues.
Hope the above information helps! Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.