I'm facing an issue where some users can't log into their computers after the devices go to sleep or when they lock them. Even though they are entering the correct credentials, the system immediately says they're incorrect. This problem is also occurring on one of our virtual machines. We're working with a managed service provider to troubleshoot but haven't pinpointed the cause yet. The only way for users to regain access is by restarting their machines.
We've spotted some logs that might be relevant, specifically the "security-Kerberos" event ID 4 and "User Device Registration" Event IDs 304 and 307. No recent changes have been made on our domain controller, and this started after refreshing some computers to Windows 11. We've even deleted all group policies to eliminate potential conflicts. Additionally, this seems to happen regardless of whether users are connected via Ethernet or WiFi at both our locations.
Has anyone experienced this issue before? Any ideas on what to investigate next? I suspect it might relate to DNS, but I'm unsure where to check on our DNS server. Any help would be great!
2 Answers
It sounds like you might be dealing with a Kerberos authentication issue. Since it began after your Windows 11 upgrade, it’s worth checking your time settings across the devices. Kerberos is sensitive to time discrepancies—ensure that all machines are synchronized with the domain controller. Also, review the DNS records to ensure that the domain names are resolving correctly.
If you haven't already, try exploring the group policies related to sleep or power settings. Sometimes specific policies can conflict with log-in attempts post-sleep mode. Also, consider checking the event viewer for any more specific error entries when the failed login occurs; that might help narrow it down.
Absolutely, examining group policies is a solid step. I had to tweak some of our power settings to fix a similar issue with locked PCs.
Good call! I had a similar issue a while back, and time sync was the root cause. Make sure your NTP server is correctly set up on all devices.