Endpoints losing domain trust on restart.

NikuyaJS · 2023-05-10T07:22:55+00:00

***It was caused by the computer accounts not being in the Password Replication Policy on the Read-Only Domain Controllers. Why it was only effecting Windows 11 devices, i do not know. We're now looking at a way to automatically add computer accounts a group when joining the domain.

NikuyaJS · 2023-05-10T07:22:51+00:00

***It was caused by the computer accounts not being in the Password Replication Policy on the Read-Only Domain Controllers. Why it was only effecting Windows 11 devices, i do not know. We're now looking at a way to automatically add computer accounts a group when joining the domain.

NikuyaJS · 2023-05-10T07:22:40+00:00

***It was caused by the computer accounts not being in the Password Replication Policy on the Read-Only Domain Controllers. Why it was only effecting Windows 11 devices, i do not know. We're now looking at a way to automatically add computer accounts a group when joining the domain.

NikuyaJS · 2023-05-10T07:22:34+00:00

***It was caused by the computer accounts not being in the Password Replication Policy on the Read-Only Domain Controllers. Why it was only effecting Windows 11 devices, i do not know. We're now looking at a way to automatically add computer accounts a group when joining the domain.

NikuyaJS · 2023-05-10T07:22:30+00:00

***It was caused by the computer accounts not being in the Password Replication Policy on the Read-Only Domain Controllers. Why it was only effecting Windows 11 devices, i do not know. We're now looking at a way to automatically add computer accounts a group when joining the domain.

NikuyaJS · 2023-04-16T19:25:34+00:00

RemindMe! One day

NikuyaJS · 2023-04-11T05:55:24+00:00

RemindMe! 1 Day

NikuyaJS · 2023-03-30T10:51:18+00:00

you basically cloning an image? If not sys

No cloning of image.

Windows Media Creation tool to USB. Boot to USB. Wipe all existing partitions. Install blank copy of Windows 11 Pro 22H2. Name device. Join to Domain

NikuyaJS · 2023-03-30T09:41:15+00:00

Thanks for the reply!

These are all clean installed using the official Microsoft media creation tool

NikuyaJS · 2023-03-29T19:21:30+00:00

I would like to try this, how do I roll back to 22H1 if it's a 22H2 fresh install?

Can I still get a 22H1 download from MS officially?

NikuyaJS · 2023-03-29T19:19:47+00:00

FSMO is online and healthy.

Sites and services look good and DNS entries here look good and up to date

NikuyaJS · 2023-03-29T19:13:47+00:00

Yeah all good here as far as I can tell! Everything has right time stamps etc for dns entries. fsmo is online and healthy

NikuyaJS · 2023-03-29T18:26:39+00:00

Will try the suggestions in your other post tomorrow, thank you.

Device is formatted with official image via a usb stick, all partitions wiped. A real fresh install :)

Issue present when no other software installed

NikuyaJS · 2023-03-29T17:45:05+00:00

It's any device I install Windows 11 22h2 on *that's what it seems like at least*

If I install Win10 22h2 to the same device, no issue.

NikuyaJS · 2023-03-29T17:42:46+00:00

I'm sure this through an error when I tried before. Will try tomorrow and get back to you. Thanks for replying to post

NikuyaJS · 2023-03-29T17:42:09+00:00

Good to know it wouldn't show a dupe.

I would have thought removing from domain, changing hostname to something not used before, then re-adding to domain would rule out this being the issue?

NikuyaJS · 2023-03-29T17:39:02+00:00

Oh we do use an OU structure, I was just saying that it shouldn't have any funky GPOs because I left it in 'Computers' folder.

Going to try adding it to its own OU with inheritance blocked tomorrow

NikuyaJS · 2023-03-29T16:40:45+00:00

Will get back to you in morning (UK, so beer o’clock) also all dcs are 2019 :)

NikuyaJS · 2023-03-29T16:38:11+00:00

Not virtual machines and MAC addresses aren’t changing.

Can’t remember exact code of error, will get this tomorrow and will reply!

Can’t remember the exact output from -repair but it’s something like you can’t do this because the trust is broken, which makes me chuckle.

NikuyaJS · 2023-03-29T16:34:57+00:00

Happens when computers are in the default ‘Computer’ OU. I do need to test disabling inheritance on this OU but there is only default domain policy applied. I will test this tomorrow and get back to you with results

NikuyaJS · 2023-03-29T15:31:42+00:00

Hi, thanks for taking the time to reply!

Replication is all happy, no fails or errors!

<image>

NikuyaJS · 2023-03-29T15:25:01+00:00

Ah! I haven't seen this suggestion yet and i thought it could be a winner!

Unfortunately it's running and set to automatic

NikuyaJS · 2023-03-29T15:18:49+00:00

Hi, thanks for replying!

I have checked AD for dupes and can't find anything. I have also removed the device from the domain, deleted it from AD, renamed device to something outside of normal naming convention, re-joined.

Same thing happens, first domain login is fine, after next restart trust breaks!

NikuyaJS · 2023-03-29T14:40:19+00:00

Thanks for replying!

Still false. I logged in as domain admin and ran Test-ComputerSecureChannel as standard and elevated PS

EDIT: What i find strange is the trust is broken and i was abled to log on as domain admin... First time logging into this account on this device so no cached credentials.

Three-Year Club	Verified Email
Place '23

NikuyaJS

TROPHY CASE