Ran into a problem where I am unable to connect to any AAD-joined Windows servers using AAD credentials. Local admin credentials still work fine. Ran the following command on the server:
Which shows the server as AAD-joined. NSlookups within the server for our domain name return the Domain Controller IP addresses on my network. It appears the AAD is set up properly as the server is recognized as a device connected to the AAD. When trying to disconnect/reconnect the server to the domain, it appears that the server is still located under WORKGROUP, but attempting to join to the domain gives an error that indicates the server is already AAD-joined. I am unable to disconnect/reconnect the server to the domain due to this.
When attempting to RDP into the server, the local admin accounts work fine. Using AAD credentials give the following errors:
"The sign in method you are trying to use isn't allowed. For more info, contact your network administrator."
"Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied."
The first error is more common. The second occurs with a newly-created admin account where it first asks me to change the password. Upon successful password change, that error pops up.
Please note that NLA is disabled on the server, and the AAD credentialed accounts that I am trying to use for RDP are actually loaded into the server's "Remote Desktop Users" localgroup (via command line).
In terms of infrastructure, the AAD is on a different network than the resource group containing the VM. The AAD network is 10.1.0.0/24 while the VM net is 10.0.0.0/16. The two networks are peered together and connectivity is working fine. I do not think this is the issue.
Please reach out with any advice or troubleshooting steps you may know that can help out. I'm not opposed to burning this configuration down and starting anew (it is a testing infrastructure).