This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
2022-01 Cumulative Updates for Windows 10 causes an error when changing from our Parent domain to our Child domain. We receive this error: "Active Directory Domain Services: the domain could not be found because: the user name or password is incorrect" We found that if we remove the 2022-01 cumulative updates and reboot that the issue is resolved. This is happening on Windows 10 20H1, 20H2, 21H1, 21H2, and Windows 11. Is there another way we can resolve this without having to remove the Jan 2022 cumulative updates?
The February Cumulative updates did NOT correct this. I had removed the Jan updates so ADUC would work correctly, and apply the Feb updates has it broke again. Does anyone have any suggestions on how to address this? Does anyone from Microsoft moderate this forum and report issues, or is this just a place where problems go to die?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 93%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELB%3C/text%3E%3C/svg%3E)
Hi all,
i've the same problem crossdomain.
I have to uninstall the january security patch to resolve the issue.
any fix?
thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 28.000000000000004%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
I have exactly the same problem! Waiting for a fix!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
I just found a work-around here: https://community.spiceworks.com/topic/2250881-rsat-active-directory-users-and-computers
When you open AD Users and Computers connected to your primary domain, right-click the domain and instead of Change Domain, select Change Domain Controller and under "Change to" select This Domain Controller and click where it says "Type a Directory Server name"
In there, type the fqdn or IP Address of the child domain DC and hit Enter and OK. You'll receive a message that the DC is in another domain and "Do you want to manage that domain?" Select Yes and you will be connected to the child domain.
If you want to go back to your primary domain, right click on Active Directory Users and Computers at the top and select Change Domain. Select your primary domain and you're there.
The janky part is that it won't remember the domain controller, so every time you change domains you have to go through the steps of typing the fqdn or IP Address of the domain controller. It's at least a work-around.
This worked for me. Thanks for the workaround.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 27%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EML%3C/text%3E%3C/svg%3E)
Hey everyone,
We had the same issue when using cross-domain accounts. We identified the problem as one of our security policies applied to our systems in conjunction with our trust configuration.
Policy
Network security: Configure encryption types allowed for Kerberos
Settings
DES_CBC_CRC Disabled
DES_CBC_MD5 Disabled
RC4_HMAC_MD5 Disabled
AES128_HMAC_SHA1 Enabled
AES256_HMAC_SHA1 Enabled
Future encryption types Enabled
Our solution was to update our Domain Trusts with "The other domain supports Kerberos AES Encryption"
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/unsupported-etype-error-accessing-trusted-domain