Same Issue here, two times Windows Server 2019 (build 1809) cluster and one Windows Server 2022 (build 2009) cluster , different domains,
Error 1207 every hour; it works fine till mid september 2022.
Patches installed since lastPwdSet @ Svr2019 kb5016623, kb2016737, kb5012170
- AD Permissions checked
- Port 464 checked
- add new roles checked
- october patched installed
- ClusterLog -> RotatePassword Exit 5
Update: Oct 17 2022
- Traffic checked with Wireshark
I have a little hope that time is not running out till we get it fixed cause:
"Question: If a workstation does not change its password, will it not be allowed to log onto the network?
Answer: Machine account passwords as such do not expire in Active Directory. " see the link below
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/machine-account-password-process/ba-p/396026
Update: Oct 18 2022
- Talked to Microsoft Support - there will be a patch soon. next month they said. AaronB1160
- disabled GPO for the cluster nodes and objects (MSFT Windows Server 2019/2022 Security Compliance Baseline) to clear the Value "Deny access to this computer from network)
- unfortunatly still errors
Update: Nov 17 2022
- Microsoft delivered a private patch to us, it was only for testing purpose on Server 2022 and it worked.
- They are working on a patch for public release.
Update: Jan 2 2023
I'v got mail from MS on dec 22, short version: please test KB5020032 (preview)
https://support.microsoft.com/de-de/topic/22-november-2022-kb5020032-betriebssystembuild-20348-1311-vorschau-7ca1be57-3555-4377-9eb1-0e4d714d9c68
It was to late, the server 2022 cluster already installed the december patches the same night and the error was gone. (KB5021249)
MFisherIT
We are still waiting for the Server 2019 solution.
MS wrote: please install KB5021237 and KB5022554
I'll give an update asap.
Update: Jan 13 2023
We installed KB5022286 on a Server 2019 Clusters and it looks like the problem is solved.