I'm really struggling with a domain logon issue that's been affecting us for about a month now. We have users trying to log into their hybrid-joined PCs, but sometimes their valid credentials just don't work. What's frustrating is that even after multiple tries, we don't see any account lockouts or failed logon attempts on our domain controllers. It almost feels like the logon gets stopped before it reaches the network card.
When users get prompted with the error "Username or password is incorrect. Try again," I know for sure they're typing the right password. I've checked this myself on affected devices. There doesn't appear to be a specific PC model, network card, or driver issue, and we haven't been able to tie it to any particular switch in our setup.
We've verified our firewall settings, tried disabling 802.1x authentication on the ports for a few affected machines, and enabled Credential Guard. Interestingly, these devices have network connectivity when they're at the login screen, and I can even run remote sessions without any issues. Both wired and wireless connections show the problem, although switching networks sometimes resolves the issue temporarily.
As far as I know, we haven't made any recent changes to Group Policy or Intune that would affect this. My team and I are stumped—any suggestions on what to check next?
3 Answers
It can be frustrating when there's no clear indicator of what's going wrong. Maybe look into any potential network issues—sometimes the connection can drop unexpectedly during authentication. Logon events in the Event Viewer might also provide some clues if you have access to the affected machines.
You might want to check if some of your domain controllers are running different versions of Windows Server. If you're mixing DCs on versions like Server 2025, 2022, and earlier, it can lead to issues with authentication. Microsoft has deprecated some older ciphers, which could cause failures when a computer with an outdated cipher tries to authenticate against a newer DC. This could explain the intermittent problems you're seeing. Try to ensure all your DCs are on the same version to avoid these kinds of conflicts!
What format are you using for username entry during logon? If you’re entering your username as DOMAINusername, that forces the authentication to use the NT username. However, if you're using UPN or email format and facing issues, it might be a global catalog problem. Sometimes the way users are identified can lead to these authentication headaches!
Tried both formats, and unfortunately neither worked out.
Good point! We do have a 2025 DC among others. I'll try shutting down the 2025 for a bit and see if it makes a difference.