I'm at my wit's end with a bizarre issue we're facing in our environment. We have four domain controllers running Windows Server 2019, a mix of around 800 Windows 10 and 11 clients, and Azure AD Connect for hybrid identity. Every day, about 5-10 users report "random" password failures even though they're certain their passwords are correct. Strangely, if they retry immediately, it works.
After logging everything and analyzing Kerberos events, I've found these failures occur in precise 37-minute cycles, without fail. I've ruled out issues with time synchronization, replication, Kerberos policy, DNS, and various other potential causes. The pattern coincidentally started when we added a new DC, which I've since demoted and removed, but the failures continued.
I'm trying to figure out if there's some timer or scheduled task that runs every 37 minutes in our setup, or something else that's causing these authentication hiccups. Has anyone experienced something similar or have any insights into obscure timers or third-party software that could be responsible? I'm ready to explore any and all suggestions!
5 Answers
What about scheduled tasks on your system? Years ago, I encountered a situation where old tasks continued running after a certain feature was disabled. Maybe dive into that and see if something is triggered at a similar interval.
Have you thought about shutting down each domain controller one at a time for at least 90 minutes? If it's a fixed 37-minute cycle, that might help identify which DC is causing the issue by breaking the cycle for two rounds without it online.
Have you looked at the event logs on the client machines? They might give you more context about the errors. Also, is there any chance that a service or application using those AD credentials is malfunctioning, causing these bad requests at regular intervals?
Have you checked if any Kerberos encryption changes were made? Also, ensure that the latest patches are applied on the DCs. Sometimes changes in encryption settings can lead to odd behavior.
The Azure AD Connect sync could be the culprit. It has a typical interval of about 30 minutes. Maybe there's something going wrong there? You can adjust or even disable it temporarily to see if the issue persists. Check out the documentation on the sync scheduler for more info.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures