locked
Can't do first time login on domain joined Win10 Pro RRS feed

  • Question

  • Hi All,

    I have no more ideas therefore I ask your help.

    We have few notebooks, running win10pro and all are joined to an sbs2011 controlled domain. Two of them were in a state that I decided to reinstall Windows on them. So I was waiting for the 2016 aug update pack to come out, created the installation media and did the first reinstall without problems. It joined to the domain and during the first login, the user profile has been created as usual. Few days after I tried to do exactly the same on the 2nd laptop. Windows installed seamlessly, drivers too. When I tried to join it to the domain I saw that it's a home version. I thought this could be because this laptop was originally bought with Win8 Home on it, has been upgraded to Win10 then purchased the pro pack through Windows store. So I upgraded the freshly installed win10 home again to pro through the store. After restart I could join this machine to the domain without problems, it appeared on the server's management console as well. But when I try to log in first time to Windows with any of the domain users, it says wrong username or password and the new user profile is not created. If I log in using the local account created during the installation, I can log into the server with VPN, I can see my emails when using OWA, I can see the Network shares when trying to Access it directly. I just simply can't do the first login with a domain user.

    All Network users are allowed to Access this newly joined pc as normal user.

    I did already plenty similar domain joined installations, but never faced such a problem. Do You have any idea?

    Thank you in advance and sorry for my English.


    Sunday, August 14, 2016 6:57 AM

Answers

  • If you have an Windows 10 iso (mine was multiple editions) and you mount the iso after upgrading to pro and run the setup.exe windows will perform an upgrade and install the rest of the features for Pro. After running this setup I was able to login to my domain account. You can also use the iso from the media creation tool.

    Hope this works for you as well.

    • Proposed as answer by White Buffalo Wednesday, August 31, 2016 11:41 AM
    • Unproposed as answer by White Buffalo Wednesday, August 31, 2016 11:41 AM
    • Proposed as answer by DRUAC Tuesday, September 13, 2016 12:04 AM
    • Marked as answer by Kate LiMicrosoft employee Wednesday, September 14, 2016 9:59 AM
    Wednesday, August 31, 2016 11:41 AM

All replies

  • Seems that there's a mismatch between the different Win10 versions. Home editions cannot join a domain. I believe that's what part of your installed system think it is that cannot log in. The other part think it is the Pro version.

    If you run Winver in a command window, what does it report?


    Best regards, George

    Sunday, August 14, 2016 10:45 AM
  • Winver sais it is Windows 10 Pro 1607 (build: 14393.51)
    After installation it is a home version, but upgrading to Pro (with windows store or entering the key of the pro upgrade) it can and it does join the domain. The problem is, that after this step, I can't log into the domain while the lan communication is up and working.

    Sunday, August 14, 2016 11:12 AM
  • Not even as admin?

    Best regards, George

    Sunday, August 14, 2016 11:44 AM
  • No. I tried many domain accounts including the admin account. I always get the answer that wrong username or password. And I get it immediatelly, without delay. I think this means that the client can communicate with the server, otherwise it would answer that there are no servers available for authentication. I tried to unplug the Ethernet cable and in that case I got that reply.
    Sunday, August 14, 2016 1:15 PM
  • Try domain\username instead of just username

    Best regards, George

    Sunday, August 14, 2016 1:31 PM
  • I tried that too of course, but no difference. :(

    BR, Kornél

    Sunday, August 14, 2016 2:20 PM
  • What about doing a Wireshark session with a working computer and compare it with a failed one?

    Best regards, George

    Sunday, August 14, 2016 2:31 PM
  • Thank you George for your tip, but I am afraid, that's not my level. Now I installed and tried wireshark from my home to the office and saw that there are hundreds of packet changes during the startup of a VPN connection. I am sure that there is communication between the pc and the server, the bottleneck is the data that goes in the packets, why the login attempt is denied. And I think (I hope) they are pretty well encrypted. Anyhow as I never used wireshark and never had to go down to such a deep level, just to set up a simple client. Maybe an expert can read between those hundreds of lines, but I can't, and I hope there is some easier way to find the problem that prevent the account to be created in the standard way.

    BR, Kornél

    Sunday, August 14, 2016 3:04 PM
  • Yes there are simpler solutions :)

    To learn Wireshark you need to invest many hours. I didn't know your skill so I just suggested it.

    My fav solution to people having problem with Windows 10: Upgrade to Windows 7! It's not a joke! I'm serious here!


    Best regards, George

    Sunday, August 14, 2016 3:08 PM
  • Thank you George, believe me, I would if I could, but unfortunatelly it's not an option.

    Googling a litte in the thema, I can read more and more posts with similar problems, so I think it is not only mine. I hope MS will react soon and make a patch for this issue. Until that we can use this laptop with a local user account, opening the network share as it is a home Windows version. Outlook 2016 works fine too, just needed a bit more work when the profile was created.

    Have a nice day, Kornél.

    Monday, August 15, 2016 12:37 PM
  • Currently having the exact same issue with the same windows build! You are not alone its driving me crazy!
    • Edited by TechYYC Monday, August 15, 2016 4:05 PM
    Monday, August 15, 2016 4:05 PM
  • I am having the exact same issue. Reinstalled the OS on a laptop with the media creation tool. There was no option for Pro and it never asked for a product key. Luckily I had the product key from before reinstall and used it to upgrade to pro. Joined the domain just fine but when I try to login with my domain admin account I get an instant Username/Password Incorrect message. Disconnect the laptop from the network and I get the no authorization servers error. I also tried to use some dism commands to repair the image to no avail. The only thing I stumbled on, and I am not even sure if this is related, but I got this error in event viewer when trying to login to a domain account.

    The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
     and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    This is way beyond my knowledge of windows. I did some googling on this and found some solutions like making changes to registry and granting permissions. Thing is, these ID's don't even exist in DCOM. Hope this helps anyone also trying to troubleshoot this issue.

    Wednesday, August 31, 2016 2:36 AM
  • If you have an Windows 10 iso (mine was multiple editions) and you mount the iso after upgrading to pro and run the setup.exe windows will perform an upgrade and install the rest of the features for Pro. After running this setup I was able to login to my domain account. You can also use the iso from the media creation tool.

    Hope this works for you as well.

    • Proposed as answer by White Buffalo Wednesday, August 31, 2016 11:41 AM
    • Unproposed as answer by White Buffalo Wednesday, August 31, 2016 11:41 AM
    • Proposed as answer by DRUAC Tuesday, September 13, 2016 12:04 AM
    • Marked as answer by Kate LiMicrosoft employee Wednesday, September 14, 2016 9:59 AM
    Wednesday, August 31, 2016 11:41 AM
  • Worked like a charm!
    Tuesday, September 13, 2016 12:04 AM
  • Yes, this worked for me too... BUT, it takes twice as long to upgrade each computer!  The reason being that you have to purchase the upgrade from the Store and let it run.  It finishes "successfully" only to leave you without all of the Pro features.  On one PC I was able to join the domain but not login just like the OP; on another, the Domain box was grayed out with the message that you need Pro - and yet on both PCs the About and System Info showed "Windows 10 Pro"... how frustrating!

    I've got something like 30 computers to do and I can't spend that much time on each one.  Iin case you wonder, it's because business owners buy Home because it is cheaper but, of course, pay dearly later on the have them upgraded to Pro for the domain.  With Windows 7, 8 and 8.1 it was easy - purchase the key and do the upgrade once.

    I called MS support and was told that there is no key that I'm able t see or find which means that I can't just buy the upgrade key and then do the proper install from the ISO.  Even if you try to extract the key with the command line tools, the key that is given is essentially is garbage.

    Is there any way to speed up the process? 

    Friday, October 14, 2016 6:27 AM
  • There is a known issue where domain logons from domain joined RS1 Pro computers upgraded from home edition fail with the on-screen error "the user name or password is incorrect" after entering a valid password.

     Is that a match for your computer? Can the same account logon from Win10 computers that installed Win10 Pro directly?

     If so, a fix is said to be coming at the end of this month.
      Microsoft support is aware of a workaround where you edit the registry as a workaround until then.

    Friday, October 14, 2016 2:42 PM
  • Links Please?
    Monday, October 17, 2016 6:58 PM
  • I don't suppose you know how they did the registry fix do you?

    I have just upgraded 15 client computers from home to pro using the app store and I'm experiencing the exact same problem. My client has just bought a server which is all setup and ready but can't use it as none of their computers can login.

    I have tried white buffalo's fix but get an unknown product key error so the updates don't apply. I was using a Win 10 x 64 Pro OEM iso.

    Thursday, October 20, 2016 4:16 PM
  • Do you have a link to the registry fix?
    Tuesday, October 25, 2016 6:33 PM
  • Had the same issue.....

    Tried all the google ideas and no luck including fresh install, in place upgrade. All no good.

    My colleague started a spiceworks ticket

    https://community.spiceworks.com/topic/1782745-joined-windows-10-to-domain-now-i-can-t-login-in-to-domain?page=2

    We tried the registry fix mentioned here

    https://static.spiceworks.com/attachments/post/0017/3602/Windows10%20Home%20to%20Pro%20Upgrade%20Issue.pdf

    Apart from having a minor issue and just selecting the "ContolSet001" and then drilling down instead of the full "ContolSet001\Control\ProductOptions" - this worked for us.

    Now i will not go into my experience with MS support on this issue - a bad war story for another day. useless.


    Friday, October 28, 2016 4:50 AM
  • My apologies for not checking back sooner or posting the workaround.  The fix is in KB3197954 which released today.  The workaround is fairly simple, except that the change must be made offline using Win PE.

    1. Boot from Win PE
    2. Select 'Repair your computer'
    3. Troubleshoot
    4. Command Prompt
    5. type Regedit.exe
    6. Select HKLM and load a hive by going to File -> Load Hive
    7. Browse to C:\Windows\System32\config , select the file named as SYSTEM
    8. Give it an easy name to find, like ZZZZZZ
    9. Go to the loaded hive and then to the path ContolSet001\Control\ProductOptions
    10. Edit the Multi-String value data under ProuductSuite
    11. You will notice Terminal Server and Personal under it.

    12. Remove Personal

      Note: The system protects this reg key blocking all writes to it. This workaround only works if run from Win PE.

    13. Select the ZZZZZZ hive and click File -> Unload Hive

    14. Exit and continue to windows 10  and login to the domain

    Friday, October 28, 2016 7:17 PM
  • My solution was to run the pro upgrade again looks like the windows update took it partly back to home version. After running the upgrade again I was able to log back on
    Saturday, April 28, 2018 6:32 AM