Why does the Photo App and Notepad App fail after joining domain?

Question

I am aware there are dozens of topics on this issue, I really need to find why this is happening.

We have a Windows Server 2022 domain with Windows 11 Pro workstations.  Within the last 2 months we've started having random workstation errors.  When attempting to open pictures the with Photos App and text files with Notepad (new version) we get this error: "Package failed updates, dependency or conflict validations".  We have a wide range of PCs and Laptops and they all suffer from this (Dell, HP, MSI, Panasonic, Surface Pros).

We are normally able to fix this, when it occurs, on a per user profile by doing the following:

a. Uninstall photos in the Apps Settings.

b. Run windowsappruntimeinstall-x64.exe (as administrator, & disable antivirus).

c. From Admin Powershell run> Get-AppxPackage -allusers Microsoft.Windows.Photos | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

d. This usually fixes notepad and snipping tool too.  We have used the powershell to fix notepad as well, replacing Photos with Notepad.

e. If we cannot fix notepad, we just uninstall it from the Apps Settings and it defaults to the {better version} old version of Notepad.

Other things we tried without success, however this never hurts.  Should not be necessary on a fresh install.

----------sfc /scannow
----------DISM /Online /Cleanup-Image /CheckHealth
----------DISM /Online /Cleanup-Image /ScanHealth
----------DISM /Online /Cleanup-Image /RestoreHealth

TROUBLESHOOTING: We tried to narrow down the problem.  Fresh installed the latest version of Windows 11 Pro 24H2 (Late January 2025 download).  Joined it to our domain, into an OU without any computer Group Policies, and with a user in the default domain Users folder without any Group Polices assigned to the user.

We still get this problem. Yes, we can now fix it per user, when it happens.  We need a solution on how to stop it from happening.

I have attempted to open a case with Microsoft, OMG!!! They have all paths to support blocked. I'm willing to pay to have this issue fixed and I cannot even get ahold of anyone.  Any suggestions would be greatly appreciated.

Answer 1

What stands out here is that the issue begins after domain join, even on a fresh Windows 11 24H2 install and even in an OU without custom GPOs.

That strongly suggests this is not OS corruption, but an AppX / Windows App Runtime provisioning issue that is triggered by domain environment conditions.

Modern apps like:

• Photos

New Notepad

Snipping Tool

are UWP/AppX packages that depend on:

Windows App Runtime

Microsoft Store framework components

Per-user AppX provisioning

Proper package registration during first sign-in

The error:

"Package failed updates, dependency or conflict validations"

is typically seen when:

AppX registration fails for the user profile

Windows App Runtime is not properly provisioned

Store framework components are blocked or incomplete

Network or firewall prevents Store licensing handshake

Since your per-user re-registration fixes it, that indicates the base OS image is fine — the issue is occurring during profile provisioning after domain join.

Things I would check:

1. Store connectivity in the domain environment
   • Are Microsoft Store endpoints reachable?
   • Is outbound access restricted?
   • Is there SSL inspection interfering?
2. AppX provisioning state

Run: Get-AppxProvisionedPackage`` -Online | Where-Object DisplayName -like "*Windows.Photos*"

Confirm the package is properly provisioned at the image level.

3. Windows App Runtime registration

Since reinstalling WindowsAppRuntime fixes it, verify whether:

The runtime is failing to register during first sign-in

Or if updates are blocked during initial provisioning

Store auto-update policy

Even if no explicit GPOs are set, check if:

Computer Configuration → Administrative Templates → Windows Components → Store "Turn off Automatic Download and Install of updates"

is configured at domain level.

The fact that this happens across multiple hardware vendors and persists across fresh installs strongly suggests an environmental factor introduced by domain membership rather than a hardware or OS image defect.

Since per-user re-registration resolves it, the focus should be on why AppX provisioning or Windows App Runtime registration is failing during initial profile creation in the domain environment.