Did you resolve this issue? We are seeing something very similar. We have 2019 and 2022 DCs. The 2022's are all fine. About half our 2019s are doing this.
Domain Secure Channel broken on Windows Server 2019
Hi,
Recently, we found the domain secure channel on Windows Server 2019 broken in our AD. After restart the server, the connection can be resume, but it broken again in a few hour
We tried to reset the secure channel by using Powershell (Test-computersecurechannel -repair), reset the computer account password, and also disjoin and rejoin the server from domain. Both of these method can resume the connection, but the connection will broken again.
This problem only happened on the Windows Server 2019, others OS version like 2012, 2016 don't have this issue.
Any idea?
Thanks
2 answers
Sort by: Most helpful
-
-
Geoff McKenzie 315 Reputation points
2025-01-17T07:00:47.6666667+00:00 Hi Chong and Greg,
From A quick net helpmsg....
net helpmsg 3210
This computer could not authenticate with ***, a Windows domain controller
for domain ***, and therefore this computer might deny logon requests.
This inability to authenticate might be caused by another computer on the
same network using the same name or the password for this computer account
is not recognized. If this message appears again, contact your system
administrator.
Assuming you have correctly ruled out the items in the above text then I woud suggest....
Provide some more details of your environment.
e.g. How many Domain Controllers do you have? What OS are they running? have you verified replication is in synch between all DCs? Any unusual networking configuration (NAT/FW/etc.). have you checked all warning and error events (DNS/RPC/Kerberos/Security/LDAP/etc.)? Are your DCs or affected servers Physical or VM? What Virtualisation are you using? Anything which may be different or handled differently by the OS? Do you have any other 2019 servers which are NOT affected? Have you tried another 2019 server?
Anything else which may be specific you your environment or the affected machine(s)
Regards,
Geoff