Windows Server 2025 Domain Controller: Trust Relationship with Windows 11 is lost

Posted on 2025-02-05 by guenni

Windows[German]Another "Beware of Windows 11 and Windows Server 2025" article for administrators who are considering the migration. There seems to be a problem with domain controllers on Windows Server 2025. Windows 11 clients seem to lose the trust relationship after 30 days and have problems renewing passwords.

Advertising

A note from a reader

Thomas H. already pointed out the problem to me in an email on January 21, 2024 (thanks for that) and wrote that there was a problem with the trust relationship of Windows 11 systems with Windows Server 2025 DCs. Computer passwords cannot be renewed with certain Windows 11 versions. His suggestion was to perhaps briefly address this here in the blog, which I am now doing.

Discussion at Microsoft

In his e-mail, Thomas pointed me to the discussion Server 2025 Domain Controllers – Trust relationship issues on workstations after 30 days as "pwdLastSet" value unable to be updated at Microsoft Answers.

The thread creator writes that he has four domain controllers in his environment that have already been updated to Windows Server 2025. There are also just over 30 other domain controllers that are still running Windows Server 2022. It therefore appears to be a larger environment.

During operation, it has now been discovered that the domain controllers that have been upgraded to Windows Server 2025 have an error. All workstations (clients) running via these domain controllers are no longer able to update their pwdLastSet value when the 30-day limit is reached.

This means that the trust relationship with the domain is lost after 30 days. The administrator asks if this is a known bug of Windows Server 2025 and if there are any known fixes for this issue?

Advertising

The Microsoft Answers forum thread in question already has five pages, and the problem has been confirmed by many administrators. However, there is a very inhomogeneous picture. While some administrators write that clients with Windows 11 22H2 and 23H2 are affected, other users also report problems with Windows Server 2019 and Windows Server 2022 as well as Windows 10 as a client.

An administrator states that he solves the problem with Windows 11 23H2 or 24H2 so that he can update the password via PowerShell. There are further discussions and log excerpts in the linked thread. At the moment it does not look like there is a solution. Maybe go through the relevant thread before you rush into the problem.

Advertising
This entry was posted in issue, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).