Upgraded to Windows 11 22H2 - Windows Domain login (to UCS domain) no longer possible

Hi! I am using an UCS 4.4 install in my homelab. After updating one of my computers to Windows 11 22H2 I am no longer able to log in with my domain credentials. IT only says “Password incorrect” (password is checked and indeed correct). No other domain joined clients on Windows 10 appear to have similar login problems.

Somebody also having login problems on Windows 11 22H2? Might this due to the SAMBA version on my 4.4 install? Did read something about this relating to somethin in samba which might be fixed in newer samba versions?

Thanks for help with this!

Same with me! Had to revert back to 22H1. Several workaround tested (Limiting HASHING-Algorithms of Kerberos etc.) - but no luck. Same on two computers. After reverting to 22H1 all worked well again.

I found a similar problem here: Domain login error after Windows 11 22H2 update - Bug - NethServer Community
It’s about a NAS, but they try to solve it by Updating Samba DC to 4.16!

BR
Guido

Is 4.4 still supported? I think it has officially been superseded by version 5. I haven’t updated anything to 11 yet, but I think version 5 has a much more up to date Samba.

I only have UCS 5 in my environments and yes there W11 22H2 has no Problem joining the domain also on fresh (not Upgraded W11 systems) installed W11 22H2 workstations

rg
christian

Unfortunately, upgrading to UCS 5 is not an option, as there is no support for a good Web-Mail client like horde anymore. And I didn’t found any replacement which is at least half that comfortable and not double that complicated. It would be really good to update UCS 4 once more.

NextCloud has an email client that is functional. It’s not horde of course, but I would say it’s usable. You could also run a separate instance of horde or sogo or roundcube as a vm or something. Oh, I think OX is still available and has email. Might take some research to figure out what is critical for your situation and if any of those other options would suffice.

I use Nextcloud as well, but just for Files and Calendar. The Mail Client is awful. Bad UI, no useful rules-engine, not user-friendly at all. Some users would complain and they are right. Horde separated leads to a significant configuration effort, as I don’t want to shift the whole mail-setup. I planned to start that, but I am unable find the time to do so. I’d prefer, horde would be supported longer. It’s awesome. If somebody has a fool-proof how-to for setting up Horde on Docker with the given IMAP/SMTP setup of UCS, I’d give it a try - maybe.

I setup a Sogo vm a while back and got that working with not too much effort. I was hoping to turn it into an app eventually, but life has intervened and I don’t have any time to put toward extra projects. I never had any need to try that exercise with horde, so I don’t know how difficult it would be. Sogo setup was basically just following the instructions.

I occsionally use the Nextcloud email client just because it’s there, and I don’t find it that bad, but my main clients are on my devices so it’s not something I use every day. I imagine it would be quite less capable as a primary client, but I feel that way about pretty much any web client.

Thanks Guido, I have read about this too. I am not sure if Samba >= 4.16 is available in UCS 5, so besides being outdated on my 4.4 I dont know if upgrading to 5 helps with this (UCS 5.0 Release Notes and Security and bugfix errata for Univention Corporate Server).

So I might revert to 22H1 too. For the moment.

Hi Christian, as you wrote joining is no problem with 22H2 on UCS 5 I assume login in to a domain joined computer works also? My username can`t login any longer on the upgraded Windows 11 machine. I might chekin updating to UCS 5 but I read about a min samba version of 4.16 for this to work and as UCS 5.0 Release Notes and Security and bugfix errata for Univention Corporate Server I am not sure if Samba >= 4.16 is available in UCS 5, or whether there are some backported fixes.

Seeing this too, fortunately only a couple of win11 machines out there as guinea pigs.

Seems there are patches taken back to samba 4.12 from >=4.16 but UCS 4.4 seems to be on samba 4.10.18-Univention. So unless univention backport it from 4.12 or do some out of cycle component upgrade looks like UCS 5.x is the way forward… I’ve been sitting on 4.4 waiting on cool solutions repos and apps to be compatible, looks like the time is coming.

https://bugzilla.samba.org/show_bug.cgi?id=15197

Yes it is 4.16.2

Not entirely true, you need to be running UCS 5.0-2 as this includes Samba 16.2 which includes the fix for the 2038 bug.

If anyone is interested in the whys and wherefores, this thread makes interesting reading:

So, @ all, thanks a ton for help with this! Updating to at least a 5.0-2 version of UCS should be the fix. Will evaluate the update.