Windows 10: Issue with update 22H2 Desktop clients not connecting to share on Trust domain

Hello! We have 2 domains in our environment managed by Server 2008 R2, Server 2016 and Server 2019 boxes. They have a two-way external trust between them and Windows 10 and 11 computers connecting to shares on both Domain A and Domain B. The computers are all connected to domain A and have no issues connecting to the shares in Domain A. Connecting to the shares on Domain B is the problem. Computers with the 22H2 update Windows 10 or 11 can no longer stay mapped to shares on domain B. We can map the share and it works for most the day, but it will randomly drop and when the computers are reb

:)

 

Client losing connectivity to domain server share

I have strange issue. There is a small domain running SBS 2003 on the server and Windows 10 Pro on all the clients. All of the client systems have a mapped network drive that is mapped to a shared folder on the server. One of the client machines keeps losing access to the network drive and can't see the server either. But it can rdp to the server and it can see the other clients and access shared folder on them. They can see this system as well and access shared folders on it. Sometimes disabling then enabling the network connection will bring back access to the server shares. I have removed it from the domain and put it back in twice but that didn't fix the issue. When I removed it from the domain I went to the server and removed the computer account from active directory and created a new pc account when adding it back to the domain. I'm stumped. It started after a round of Windows updates.

 

Trust relationship between client and domain controller faild

Our Primary Domain Controller physically failed and now is
off . Then I had to seize FSMO rolls to
additional DC in our Domain .All needed rolls seized successfully ( netdom query shows the succession ) . but now I can not get session to the shared folders on servers or any client in domain by
ip ( \ client-or-server-ip )and the message "
the trust relationship between this workstation and primary domain controller failed " is shown . plus I
have not any problem in Login to servers or clients and remote desktop is ok plus take session with name of server or client is ok
but ip is not working and the mentioned message above is given . Can any body help ???

 

Raising the windows domain and forest issues?


hi,

I run a domain that was all 2003 r2 servers. I recently upgraded all my domain controllers to windows 2012 r2.
That went off without any problems.. Our trust relationships had no issues also.

My first step was to raise the Domain and Forest levels past 2003 to 2008. This went off without a hitch.
These are the features for raising the levels to 2008:

• Features and benefits include all default Active Directory features, all features from the Windows Server 2003 domain functional level, plus:
• Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
• Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
• Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

Forest Level Windows Server 2008

• Features and benefits include all of the features that are available at the Windows Server 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.

My next step is to raise the domain and forest to 2008 r2, then 2012, and finally 2012 r2. I have been trying to find out exactly what I could expect from raising the Domain and Forest for each step.

The step involving 2008 r2 seems relatively a non issue. But getting the couple of new features seem very nice

Domain Level Windows Server 2008 R2

• All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus 2 new features

Forest Level Windows Server 2008 R2

• All of the features that are available at the Windows Server 2003 forest functional level, plus the following features:

• Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. <== New Feature very cool
• All domains subsequently added to the forest will operate at the Windows Server 2008 R2 domain functional level by default.

Here is my big concerns for the next raising of domain and forest to 2012.

Forest Level Windows Server 2012:

• All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features.
• All domains subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

Domain Level Windows Server 2012 R2: <=====Need to investigate more and why this post

• DC-side protections for Protected Users. Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:

• Authenticate with NTLM authentication <==============(what issues may arise)
• Use DES or RC4 cipher suites in Kerberos pre-authentication
• Be delegated with unconstrained or constrained delegation
• Renew user tickets (TGTs) beyond the initial 4-hour lifetime

Will this affect my exchange anywhere users with remote access authenticating either clear of NTLM???
and what would/may not to work properly day 1 when I raise the domain and forest to 2012. I cant really find anyone that can answer a straight question.

Has anyone gone through this? what problems did you have, if any , if a lot???

Any thoughts and suggestions will be much appreciated??

thanks


- - - Updated - - -

One more point... I am not sure if I posted this to the correct forum.. So if I was wrong and it should be in a different one..
PLEASE LET ME KNOW