Koozali.org formerly Contribs.org

Domain joined PC's can no longer Login since Win 10 1809 update

Domain joined PC's can no longer Login since Win 10 1809 update
« on: January 28, 2019, 05:24:11 PM »
Hi all,

We have a server that is the DC for our network. Last week one of the PC's got stuck in a loop at login with the Win 10 taskbar just flashing on and off as if explorer was crashing and restarting over and over. Local machine account logins work but any domain accounts all fail. then this week a second PC updated to 1809 and now that is experiencing the same issue so we are pretty convinced its an 1809 issue. What surprises me is that if this was a widespread issue I would have expected a lot more on here about it but searches don't turn anything up.

What we have tried:-

1. Enabling SMB 1 on the windows 10 machine.
2. config setprop smb ServerMaxProtocol SMB2
 expand-template /etc/smb.conf
 service smb restart
3. Logging in as sme administrator on the PC (This worked once on the first PC but now gets the same result and didn't work on the second PC at all).
4. Adding the Domain User/Domain Admins/Domain Guests groups

I can't see anything that looks relevant in the samba logs or windows event viewer.

Any suggestions or advice would be appreciated

Kind regards
Ian

Offline ReetP

  • *
  • 1,828
Re: Domain joined PC's can no longer Login since Win 10 1809 update
« Reply #1 on: January 29, 2019, 01:51:34 AM »
There are masses of stuff on the interwebs about it, a few long threads here, and some bugs.

A good search will help you, and latest Win 10 updates should have fixed it if you read the threads here.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Re: Domain joined PC's can no longer Login since Win 10 1809 update
« Reply #2 on: January 30, 2019, 03:46:49 PM »
There are masses of stuff on the interwebs about it, a few long threads here, and some bugs.

A good search will help you, and latest Win 10 updates should have fixed it if you read the threads here.

I am not seeing anything about this exact issue. I can find stuff about joining a domain being broken in Win 10 1803, but this is 1809 and the problem isn't about joining a domain, its about a previously domain joined computer, no longer able to login. There are no newer updates available either. I searched the InterWeb (again!) but still I can't find anything regarding this issue, only stuff about joining a domain in 1803.

Offline ReetP

  • *
  • 1,828
Re: Domain joined PC's can no longer Login since Win 10 1809 update
« Reply #3 on: January 30, 2019, 05:51:50 PM »
I am not seeing anything about this exact issue. I can find stuff about joining a domain being broken in Win 10 1803, but this is 1809 and the problem isn't about joining a domain, its about a previously domain joined computer, no longer able to login. There are no newer updates available either. I searched the InterWeb (again!) but still I can't find anything regarding this issue, only stuff about joining a domain in 1803.

Hmmmm. There must be an error somewhere.

On SME have a look in /var/log/secure and /var/log/samba/*

You can increase the default log level (I had to modify the wiki page and add this info here https://wiki.contribs.org/DB_Variables_Configuration#Samba_global_settings_.28smbd.29)

Code: [Select]
config setprop smb LogLevel 3
signal-event workgroup-update

That should give you some increased logging on SME

I'm afraid I have no idea how to increase logging on Windows as I have no Windows machines (Yay........!)

You'll have to go and have a read around for that.

Just for reference regarding MaxProtocol from smb.conf for samba 3 as installed on SME:

Quote
max protocol (G)

The value of the parameter (a string) is the highest protocol level that will be supported by the server.

Possible values are :

           ·   CORE: Earliest version. No concept of user names.
           ·   COREPLUS: Slight improvements on CORE for efficiency.
           ·   LANMAN1: First
                modern version of the protocol. Long filename support.
           ·   LANMAN2: Updates to Lanman1 protocol.
           ·   NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.
           ·   SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and newer.

Normally this option should not be set as the automatic negotiation phase in the SMB protocol takes care of choosing the appropriate protocol.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Re: Domain joined PC's can no longer Login since Win 10 1809 update
« Reply #4 on: January 30, 2019, 05:54:54 PM »
Hi - passing thru...  A quick search using this string ...

https://www.google.com/search?q=Domain+joined+PC%27s+can+no+longer+Log+In+since+Win+10+1809+update+%22since+Win+10+1809+update%22&lr=&hl=en&tbs=qdr:y&sa=X&as_q=&spell=1&ved=0ahUKEwjIj6iS9ZXgAhVxmK0KHSr_BNYQBQgUKAA

yields a number of potential links that MAY be helpful.  I don't have 1809, and did not want update win7 clients in Jan 2019 for other similar reasons.  The following link (from this search) may help you get out of the woods...

https://social.technet.microsoft.com/Forums/en-US/a251c06a-e68b-4269-9b1d-0fb3e9e08db3/after-updating-to-win-10-1809-i-can-no-longer-see-my-other-private-network-computers-from-explorer?forum=win10itpronetworking

This may help you find the domain controller, maybe not (no testing environment at hand).  Just a thought only, YMMV.  Good luck.

Offline ReetP

  • *
  • 1,828
Re: Domain joined PC's can no longer Login since Win 10 1809 update
« Reply #5 on: January 30, 2019, 06:03:36 PM »
Every day that goes by I relish in the fact I dumped Windows..... best decision I ever made :-)
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation