hi there,
I have been running builds of 24H2 successfully all year. When 25H2 became available I downloaded the image and created the option to use 25H2 in my build.
For 2 weeks I was able to successfully build 25H2 laptops using the same svc account in the task sequence step to check AD group membership as we use to do the domain join. We check laptop has been put in a direct access group.
I use the same svc account in SCCM for both 24H2 and 25H2 and all was ok until... 7th October SCCM 2503 hot fix rollup was installed, new application deployments to Software Centre etc were carried out without issue after the install but no 25H2 builds were done. We release our Windows updates 1 week after patch Tuesday so Windows updates were done across server estate on 21st October.
The following week the 25H2 builds started failing - the error message in the TS step is 'the user has not been granted the requested logon type' - yet it is a domain admin level account.
At this point I am not certain if this is a SCCM issue or a Windows Server 2025 security update issue. We know MS have been fettling security in Server 2025 and Windows 11 25H2.
We created a new svc account that can domain join and read AD groups but neither 24H2 or 25H2 will complete the 'Ensure DirectAccess Clients group membership' step
Is anyone else experiencing this?
I have been running builds of 24H2 successfully all year. When 25H2 became available I downloaded the image and created the option to use 25H2 in my build.
For 2 weeks I was able to successfully build 25H2 laptops using the same svc account in the task sequence step to check AD group membership as we use to do the domain join. We check laptop has been put in a direct access group.
I use the same svc account in SCCM for both 24H2 and 25H2 and all was ok until... 7th October SCCM 2503 hot fix rollup was installed, new application deployments to Software Centre etc were carried out without issue after the install but no 25H2 builds were done. We release our Windows updates 1 week after patch Tuesday so Windows updates were done across server estate on 21st October.
The following week the 25H2 builds started failing - the error message in the TS step is 'the user has not been granted the requested logon type' - yet it is a domain admin level account.
At this point I am not certain if this is a SCCM issue or a Windows Server 2025 security update issue. We know MS have been fettling security in Server 2025 and Windows 11 25H2.
We created a new svc account that can domain join and read AD groups but neither 24H2 or 25H2 will complete the 'Ensure DirectAccess Clients group membership' step
Is anyone else experiencing this?
