Windows 11 24H2 unable to log into domain after applying security or cumulative updates

Question

We have several brand-new PCs that came with Windows 11 24H2 installed. After the initial setup, they worked fine for a day or two until Windows updated. After that, users are unable to log into the domain (we can't sign you in with this credential because your domain isn't available...) After uninstalling the update(s), all works fine again. This occurs with any security or cumulative update after KB5048667. I'm seeing constant event 7023*/DNS Client terminated with the following error: Access is denied* in the System Log. The last update that I was able to install without breaking things was KB5048667. Anything that's come after that has caused the domain login issue. I've got updates paused right now but need to find a solution. Thanks for any input!

*** Moved from Windows / Windows 11 / Performance and system failures ***

Answer 1

I ran into the exact same issue as @Sarah_429. Reverting to 23H2 brought back the ability to log into my domain (WS 2022, with CIS L2 hardening applied). While 24H2 was on there, it also seemed to break smartcard auth for me.

This last week, my test system force-updated to 24H2 (I forgot to block updates via GPO/reg), and using recovery to go back to 23H2 was no longer an option. What ended up fixing it for me on this one system was to leave the domain, reboot, and then rejoin it. Still a PITA if it affects many endpoints.

Answer 2

I tried leaving/rejoining the domain on my test system. It did not work for me - when I tried to rejoin, I got an error saying no domain controllers could be contacted. DNS Client will not start, so I'm basically stuck unless I uninstall updates and freeze Windows Update.