solved: see after point 8now the third day of finding the solution:
Win10 machine, current win10 build - network with several win10 clients and koozali sme server 10.1.
1. Changed domain of workstation pc to an other Server in same network (i tried Zentyal AD).
2. left new domain and want to go back to the previous koozali-smeserver domain by standard win10 process using my admin account and correct pw.
3. always get error: "An account with this name exists in active directory. Reuse of the account was blocked by a security policy."
4. Tryed adding, removing, adding, re... NetJoinLegacyAccountReuse = 0x1 to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
4a: tried latest win10samba.reg
5. changed PC name several times und tryed again: same result
6. restartet pc: several times
7. have read:
https://support.microsoft.com/en-gb/topic/kb5020276-netjoin-domain-join-hardening-changes-2b65a0f3-1f4c-42ef-ac0f-1caaf421baf88: Followed behavior since August 13, 2024 behavior
=> Under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options, double-click Domain controller: Allow computer account re-use during domain join.
Added local admin-group and local users group (not admin user) of workstation.
ran: gpupdate /force , restart pc.
still same error. does anyone know how to solve the problem?
SOLUTION FOUND:edit /etc/samba/smb.conf
Delete all rows mit workstation names you ever used for this workstation. The try agamin to connect to domain. Success.
Content of c:\windows\debug\netsetup.log08/25/2024 10:35:55:402 -----------------------------------------------------------------
08/25/2024 10:35:55:402 NetpValidateName: checking to see if 'PC01' is valid as type 1 name
08/25/2024 10:35:55:402 NetpCheckNetBiosNameNotInUse for 'PC01' [MACHINE] returned 0x0
08/25/2024 10:35:55:402 NetpValidateName: name 'PC01' is valid for type 1
08/25/2024 10:35:55:402 -----------------------------------------------------------------
08/25/2024 10:35:55:402 NetpValidateName: checking to see if 'PC01' is valid as type 5 name
08/25/2024 10:35:55:402 NetpValidateName: name 'PC01' is valid for type 5
08/25/2024 10:35:55:402 -----------------------------------------------------------------
08/25/2024 10:35:55:402 NetpValidateName: checking to see if 'STGSMCM' is valid as type 3 name
08/25/2024 10:35:55:464 NetpCheckDomainNameIsValid [ Exists ] for 'STGSMCM' returned 0x0
08/25/2024 10:35:55:464 NetpValidateName: name 'STGSMCM' is valid for type 3
08/25/2024 10:36:02:433 -----------------------------------------------------------------
08/25/2024 10:36:02:433 NetpDoDomainJoin
08/25/2024 10:36:02:433 NetpDoDomainJoin: using current computer names
08/25/2024 10:36:02:433 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios) returned 0x0
08/25/2024 10:36:02:433 NetpDoDomainJoin: NetpGetComputerNameEx(DnsHostName) returned 0x0
08/25/2024 10:36:02:433 NetpMachineValidToJoin: 'PC01'
08/25/2024 10:36:02:433 OS Version: 10.0
08/25/2024 10:36:02:433 Build number: 19045 (19041.vb_release.191206-1406)
08/25/2024 10:36:02:433 SKU: Windows 10 Pro
08/25/2024 10:36:02:433 Architecture: 64-bit (AMD64)
08/25/2024 10:36:02:433 NetpMachineValidToJoin: status: 0x0
08/25/2024 10:36:02:433 NetpJoinDomain
08/25/2024 10:36:02:433 HostName: PC01
08/25/2024 10:36:02:433 NetbiosName: PC01
08/25/2024 10:36:02:433 Domain: STGSMCM
08/25/2024 10:36:02:433 MachineAccountOU: (NULL)
08/25/2024 10:36:02:433 Account: STGSMCM\admin
08/25/2024 10:36:02:433 Options: 0x25
08/25/2024 10:36:02:433 NetpValidateName: checking to see if 'STGSMCM' is valid as type 3 name
08/25/2024 10:36:02:495 NetpCheckDomainNameIsValid [ Exists ] for 'STGSMCM' returned 0x0
08/25/2024 10:36:02:495 NetpValidateName: name 'STGSMCM' is valid for type 3
08/25/2024 10:36:02:495 NetpDsGetDcName: trying to find DC in domain 'STGSMCM', flags: 0x1020
08/25/2024 10:36:03:215 NetpDsGetDcName: found DC '\\STGSVR01' in the specified domain
08/25/2024 10:36:03:215 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
08/25/2024 10:36:03:215 NetpDisableIDNEncoding: using FQDN STGSMCM from dcinfo
08/25/2024 10:36:03:215 NetpDisableIDNEncoding: DnsDisableIdnEncoding(UNTILREBOOT) on 'STGSMCM' succeeded
08/25/2024 10:36:03:215 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
08/25/2024 10:36:04:246 NetpJoinDomainOnDs: status of connecting to dc '\\STGSVR01': 0x0
08/25/2024 10:36:04:246 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: STGSMCM
08/25/2024 10:36:04:246 NetpProvisionComputerAccount:
08/25/2024 10:36:04:246 lpDomain: STGSMCM
08/25/2024 10:36:04:246 lpHostName: PC01
08/25/2024 10:36:04:246 lpMachineAccountOU: (NULL)
08/25/2024 10:36:04:246 lpDcName: STGSVR01
08/25/2024 10:36:04:246 lpMachinePassword: (null)
08/25/2024 10:36:04:246 lpAccount: STGSMCM\admin
08/25/2024 10:36:04:246 lpPassword: (non-null)
08/25/2024 10:36:04:246 dwJoinOptions: 0x25
08/25/2024 10:36:04:246 dwOptions: 0x40000003
08/25/2024 10:36:05:261 NetpLdapBind: ldap_bind failed on STGSVR01: 49: Ungültige Anmeldeinformationen
08/25/2024 10:36:05:277 NetpCheckForDomainSIDCollision: returning 0x0(0).
08/25/2024 10:36:05:277 NetpCreateComputerObjectInDs: DC passed '\\STGSVR01' doesn't have writable DS 0x101
08/25/2024 10:36:05:277 NetpProvisionComputerAccount: LDAP creation failed: 0x32
08/25/2024 10:36:05:277 NetpJoinCreatePackagePart: status:0x32.
08/25/2024 10:36:05:277 NetpJoinDomainOnDs: Function exits with status of: 0x32
08/25/2024 10:36:05:277 NetpJoinDomainOnDs: status of disconnecting from '\\STGSVR01': 0x0
08/25/2024 10:36:05:277 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on 'STGSMCM' returned 0x0
08/25/2024 10:36:05:277 NetpJoinDomainOnDs: NetpResetIDNEncoding on 'STGSMCM': 0x0
08/25/2024 10:36:05:277 NetpDoDomainJoin: status: 0x32
08/25/2024 10:36:05:277 -----------------------------------------------------------------
08/25/2024 10:36:05:277 NetpDoDomainJoin
08/25/2024 10:36:05:277 NetpDoDomainJoin: using current computer names
08/25/2024 10:36:05:277 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios) returned 0x0
08/25/2024 10:36:05:277 NetpDoDomainJoin: NetpGetComputerNameEx(DnsHostName) returned 0x0
08/25/2024 10:36:05:277 NetpMachineValidToJoin: 'PC01'
08/25/2024 10:36:05:277 OS Version: 10.0
08/25/2024 10:36:05:277 Build number: 19045 (19041.vb_release.191206-1406)
08/25/2024 10:36:05:277 SKU: Windows 10 Pro
08/25/2024 10:36:05:277 Architecture: 64-bit (AMD64)
08/25/2024 10:36:05:277 NetpMachineValidToJoin: status: 0x0
08/25/2024 10:36:05:277 NetpJoinDomain
08/25/2024 10:36:05:277 HostName: PC01
08/25/2024 10:36:05:277 NetbiosName: PC01
08/25/2024 10:36:05:277 Domain: STGSMCM
08/25/2024 10:36:05:277 MachineAccountOU: (NULL)
08/25/2024 10:36:05:277 Account: STGSMCM\admin
08/25/2024 10:36:05:277 Options: 0x27
08/25/2024 10:36:05:277 NetpValidateName: checking to see if 'STGSMCM' is valid as type 3 name
08/25/2024 10:36:05:339 NetpCheckDomainNameIsValid [ Exists ] for 'STGSMCM' returned 0x0
08/25/2024 10:36:05:339 NetpValidateName: name 'STGSMCM' is valid for type 3
08/25/2024 10:36:05:339 NetpDsGetDcName: trying to find DC in domain 'STGSMCM', flags: 0x1020
08/25/2024 10:36:05:511 NetpDsGetDcName: found DC '\\STGSVR01' in the specified domain
08/25/2024 10:36:05:511 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
08/25/2024 10:36:05:511 NetpDisableIDNEncoding: using FQDN STGSMCM from dcinfo
08/25/2024 10:36:05:511 NetpDisableIDNEncoding: DnsDisableIdnEncoding(UNTILREBOOT) on 'STGSMCM' succeeded
08/25/2024 10:36:05:511 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
08/25/2024 10:36:05:511 NetpJoinDomainOnDs: status of connecting to dc '\\STGSVR01': 0x0
08/25/2024 10:36:05:511 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: STGSMCM
08/25/2024 10:36:05:511 NetpProvisionComputerAccount:
08/25/2024 10:36:05:511 lpDomain: STGSMCM
08/25/2024 10:36:05:511 lpHostName: PC01
08/25/2024 10:36:05:511 lpMachineAccountOU: (NULL)
08/25/2024 10:36:05:511 lpDcName: STGSVR01
08/25/2024 10:36:05:511 lpMachinePassword: (null)
08/25/2024 10:36:05:511 lpAccount: STGSMCM\admin
08/25/2024 10:36:05:511 lpPassword: (non-null)
08/25/2024 10:36:05:511 dwJoinOptions: 0x27
08/25/2024 10:36:05:511 dwOptions: 0x40000003
08/25/2024 10:36:06:511 NetpLdapBind: ldap_bind failed on STGSVR01: 49: Ungültige Anmeldeinformationen
08/25/2024 10:36:06:527 NetpCheckForDomainSIDCollision: returning 0x0(0).
08/25/2024 10:36:06:527 NetpCreateComputerObjectInDs: DC passed '\\STGSVR01' doesn't have writable DS 0x101
08/25/2024 10:36:06:527 NetpProvisionComputerAccount: LDAP creation failed: 0x32
08/25/2024 10:36:06:527 NetpProvisionComputerAccount: Retrying downlevel per options
08/25/2024 10:36:06:527 NetpManageMachineAccountWithSid: NetUserAdd on 'STGSVR01' for 'PC01$' failed: 0x8b0
08/25/2024 10:36:06:527 NetpManageMachineAccountWithSid: The computer account already exists in Active Directory.Re-using the account was blocked by security policy.
08/25/2024 10:36:06:527 NetpProvisionComputerAccount: retry status of creating account: 0xaac
08/25/2024 10:36:06:527 NetpJoinCreatePackagePart: status:0xaac.
08/25/2024 10:36:06:527 NetpJoinDomainOnDs: Function exits with status of: 0xaac
08/25/2024 10:36:06:527 NetpJoinDomainOnDs: status of disconnecting from '\\STGSVR01': 0x0
08/25/2024 10:36:06:527 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on 'STGSMCM' returned 0x0
08/25/2024 10:36:06:527 NetpJoinDomainOnDs: NetpResetIDNEncoding on 'STGSMCM': 0x0
08/25/2024 10:36:06:527 NetpDoDomainJoin: status: 0xaac