Issue: Adsys fails to get user policy list when joined to Child Domain but user is member of Universal Group in Parent Domain

[fme-scottyno]

Is there an existing issue for this?

• I have searched the existing issues and found none that matched mine

Describe the issue

I Built New AD 2019 Domains in a lab (FFL 2016). td.corp (Forest Root) and child.td.corp (Child). Both running dns, td.corp is a ca and dhcp server as well. Created 2 users, child-admin, child-user in the child domain. The child-admin is member of enterprise admins (located in the td.corp domain) and child-user only has 'domain users' membership in the child domain. The child-user account works and pulls policies without an issue. the child-admin@child.td.corp login fails. Removed the enterprise admins group and it works. Created a new universal group in parent domain called parentgroup to make sure it wasn't anything specific to enterprise admins group and added the child-admin user to it.... and it fails again.
also using ldaps but referrals are trying the unencrypted port of the GC during lookups. both 3268 and 3269 work with telnet. Both domain servers are GC in the Forest.

Steps to reproduce it

1. create Parent Domain
2. create child domain
3. add universal group in the parent domain
4. add user in the child domain with membership to the universal group of parent domain
5. join child domain using realm / sssd using domain admin account of child domain
6. getent passwrd child-user@child.td.corp works
7. groups child-user@child.parent.domain enumerates parent universal group properly
8. sudo login child-admin@child.parent.domain to produce failure.
9. remove parent universal group from child account and try login again. No failure.

Ubuntu users: System information

Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Sun Jan 11 17:54:16 2026
Dependencies:
adduser 3.137ubuntu1
apparmor 4.0.1really4.0.1-0ubuntu0.24.04.5
apt 2.8.3
apt-utils 2.8.3
base-passwd 3.6.3build1
bind9-dnsutils 1:9.18.39-0ubuntu0.24.04.2
bind9-host 1:9.18.39-0ubuntu0.24.04.2
bind9-libs 1:9.18.39-0ubuntu0.24.04.2
ca-certificates 20240203
cifs-utils 2:7.0-2ubuntu0.2
cracklib-runtime 2.9.6-5.1build2
dbus 1.14.10-4ubuntu4.1
dbus-bin 1.14.10-4ubuntu4.1
dbus-daemon 1.14.10-4ubuntu4.1
dbus-session-bus-common 1.14.10-4ubuntu4.1
dbus-system-bus-common 1.14.10-4ubuntu4.1
dbus-user-session 1.14.10-4ubuntu4.1
dconf-gsettings-backend 0.40.0-4ubuntu0.1
dconf-service 0.40.0-4ubuntu0.1
debconf 1.5.86ubuntu1
debconf-i18n 1.5.86ubuntu1
desktop-file-utils 0.27-2build1
dirmngr 2.4.4-2ubuntu17.4
distro-info 1.7build1
distro-info-data 0.60ubuntu0.5
dmidecode 3.5-3ubuntu0.1
dmsetup 2:1.02.185-3ubuntu3.2
dosfstools 4.2-1.1build1
dpkg 1.22.6ubuntu6.5
e2fsprogs 1.47.0-2.4exp1ubuntu4.1
e2fsprogs-l10n 1.47.0-2.4exp1ubuntu4.1
eject 2.39.3-9ubuntu6.4
file 1:5.45-3build1
fuse3 3.14.0-5build1
gcc-14-base 14.2.0-4ubuntu224.04
gir1.2-girepository-2.0 1.80.1-1
gir1.2-glib-2.0 2.80.0-6ubuntu3.6
gnupg 2.4.4-2ubuntu17.4
gnupg-l10n 2.4.4-2ubuntu17.4
gnupg-utils 2.4.4-2ubuntu17.4
gpg 2.4.4-2ubuntu17.4
gpg-agent 2.4.4-2ubuntu17.4
gpg-wks-client 2.4.4-2ubuntu17.4
gpgconf 2.4.4-2ubuntu17.4
gpgsm 2.4.4-2ubuntu17.4
gpgv 2.4.4-2ubuntu17.4
gsettings-desktop-schemas 46.1-0ubuntu1
gvfs 1.54.4-0ubuntu124.04.1
gvfs-common 1.54.4-0ubuntu124.04.1
gvfs-daemons 1.54.4-0ubuntu124.04.1
gvfs-libs 1.54.4-0ubuntu124.04.1
init-system-helpers 1.66ubuntu1
iso-codes 4.16.0-1
keyboxd 2.4.4-2ubuntu17.4
keyutils 1.6.3-3build1
krb5-locales 1.20.1-6ubuntu2.6
ldap-utils 2.6.7+dfsg-1exp1ubuntu8.2
libacl1 2.3.2-1build1.1
libapparmor1 4.0.1really4.0.1-0ubuntu0.24.04.5
libapt-pkg6.0t64 2.8.3
libargon2-1 020190702+dfsg-4build1
libassuan0 2.5.6-1build1
libatasmart4 0.19-5build3
libaudit-common 1:3.1.2-2.1build1.1
libaudit1 1:3.1.2-2.1build1.1
libavahi-client3 0.8-13ubuntu6
libavahi-common-data 0.8-13ubuntu6
libavahi-common3 0.8-13ubuntu6
libbasicobjects0t64 0.6.2-2.1build1
libblkid1 2.39.3-9ubuntu6.4
libblockdev-crypto3 3.1.1-1ubuntu0.1
libblockdev-fs3 3.1.1-1ubuntu0.1
libblockdev-loop3 3.1.1-1ubuntu0.1
libblockdev-mdraid3 3.1.1-1ubuntu0.1
libblockdev-nvme3 3.1.1-1ubuntu0.1
libblockdev-part3 3.1.1-1ubuntu0.1
libblockdev-swap3 3.1.1-1ubuntu0.1
libblockdev-utils3 3.1.1-1ubuntu0.1
libblockdev3 3.1.1-1ubuntu0.1
libbsd0 0.12.1-1build1.1
libbytesize-common 2.10-1ubuntu2
libbytesize1 2.10-1ubuntu2
libbz2-1.0 1.0.8-5.1build0.1
libc6 2.39-0ubuntu8.6
libcap-ng0 0.8.4-2build2
libcap2 1:2.66-5ubuntu2.2
libcares2 1.27.0-1.0ubuntu1
libcollection4t64 0.6.2-2.1build1
libcom-err2 1.47.0-2.4exp1ubuntu4.1
libcrack2 2.9.6-5.1build2
libcrypt1 1:4.4.36-4build1
libcryptsetup12 2:2.7.0-1ubuntu4.2
libdb5.3t64 5.3.28+dfsg2-7
libdbus-1-3 1.14.10-4ubuntu4.1
libdconf1 0.40.0-4ubuntu0.1
libdebconfclient0 0.271ubuntu3
libdevmapper1.02.1 2:1.02.185-3ubuntu3.2
libdhash1t64 0.6.2-2.1build1
libduktape207 2.7.0+tests-0ubuntu3
libedit2 3.1-20230828-1build1
libevent-core-2.1-7t64 2.1.12-stable-9ubuntu2
libexpat1 2.6.1-2ubuntu0.3
libext2fs2t64 1.47.0-2.4exp1ubuntu4.1
libfdisk1 2.39.3-9ubuntu6.4
libffi8 3.4.6-1build1
libfuse3-3 3.14.0-5build1
libgcc-s1 14.2.0-4ubuntu224.04
libgck-2-2 4.2.0-5
libgcr-4-4 4.2.0-5
libgcrypt20 1.10.3-2build1
libgirepository-1.0-1 1.80.1-1
libglib2.0-0t64 2.80.0-6ubuntu3.6
libglib2.0-data 2.80.0-6ubuntu3.6
libgmp10 2:6.3.0+dfsg-2ubuntu6.1
libgnutls30t64 3.8.3-1.1ubuntu3.4
libgpg-error-l10n 1.47-3build2.1
libgpg-error0 1.47-3build2.1
libgpgme11t64 1.18.0-4.1ubuntu4
libgpm2 1.20.7-11
libgssapi-krb5-2 1.20.1-6ubuntu2.6
libgudev-1.0-0 1:238-5ubuntu1
libhogweed6t64 3.9.1-2.2build1.1
libicu74 74.2-1ubuntu3.1
libidn2-0 2.3.7-2build1.1
libini-config5t64 0.6.2-2.1build1
libipa-hbac0t64 2.9.4-1.1ubuntu6.3
libjansson4 2.14-2build2
libjson-c5 0.17-1build1
libjson-glib-1.0-0 1.8.0-2build2
libjson-glib-1.0-common 1.8.0-2build2
libk5crypto3 1.20.1-6ubuntu2.6
libkeyutils1 1.6.3-3build1
libkmod2 31+20240202-2ubuntu7.1
libkrb5-3 1.20.1-6ubuntu2.6
libkrb5support0 1.20.1-6ubuntu2.6
libksba8 1.6.6-1build1
libldap-common 2.6.7+dfsg-1exp1ubuntu8.2
libldap2 2.6.7+dfsg-1exp1ubuntu8.2
libldb2 2:2.8.0+samba4.19.5+dfsg-4ubuntu9.4
liblmdb0 0.9.31-1build1
liblocale-gettext-perl 1.07-6ubuntu5
liblz4-1 1.9.4-1build1.1
liblzma5 5.6.1+really5.4.5-1ubuntu0.2
libmagic-mgc 1:5.45-3build1
libmagic1t64 1:5.45-3build1
libmaxminddb0 1.9.1-1build1
libmd0 1.1.0-2build1.1
libmount1 2.39.3-9ubuntu6.4
libmpfr6 4.2.1-1build1.1
libncursesw6 6.4+20240113-1ubuntu2
libnettle8t64 3.9.1-2.2build1.1
libnfsidmap1 1:2.6.4-3ubuntu5.1
libnghttp2-14 1.59.0-1ubuntu0.2
libnl-3-200 3.7.0-0.3build1.1
libnl-route-3-200 3.7.0-0.3build1.1
libnpth0t64 1.6-3.1build1
libnspr4 2:4.35-1.1build1
libnss-sss 2.9.4-1.1ubuntu6.3
libnss-systemd 255.4-1ubuntu8.12
libnss3 2:3.98-1build1
libntfs-3g89t64 1:2022.10.3-1.2ubuntu3
libnvme1t64 1.8-3ubuntu1
libp11-kit0 0.25.3-4ubuntu2.1
libpam-modules 1.5.3-5ubuntu5.5
libpam-modules-bin 1.5.3-5ubuntu5.5
libpam-pwquality 1.4.5-3build1
libpam-runtime 1.5.3-5ubuntu5.5
libpam-sss 2.9.4-1.1ubuntu6.3
libpam-systemd 255.4-1ubuntu8.12
libpam0g 1.5.3-5ubuntu5.5
libparted2t64 3.6-4build1
libpath-utils1t64 0.6.2-2.1build1
libpcre2-8-0 10.42-4ubuntu2.1
libpolkit-agent-1-0 124-2ubuntu1.24.04.2
libpolkit-gobject-1-0 124-2ubuntu1.24.04.2
libpopt0 1.19+dfsg-1build1
libproc2-0 2:4.0.4-4ubuntu3.2
libpwquality-common 1.4.5-3build1
libpwquality1 1.4.5-3build1
libpython3-stdlib 3.12.3-0ubuntu2.1
libpython3.12-minimal 3.12.3-1ubuntu0.9
libpython3.12-stdlib 3.12.3-1ubuntu0.9
libpython3.12t64 3.12.3-1ubuntu0.9
libreadline8t64 8.2-4build1
libref-array1t64 0.6.2-2.1build1
libsasl2-2 2.1.28+dfsg1-5ubuntu3.1
libsasl2-modules 2.1.28+dfsg1-5ubuntu3.1
libsasl2-modules-db 2.1.28+dfsg1-5ubuntu3.1
libsasl2-modules-gssapi-mit 2.1.28+dfsg1-5ubuntu3.1
libseccomp2 2.5.5-1ubuntu3.1
libsecret-1-0 0.21.4-1build3
libsecret-common 0.21.4-1build3
libselinux1 3.5-2ubuntu2.1
libsemanage-common 3.5-1build5
libsemanage2 3.5-1build5
libsepol2 3.5-2build1
libsmartcols1 2.39.3-9ubuntu6.4
libsmbclient0 2:4.19.5+dfsg-4ubuntu9.4
libsqlite3-0 3.45.1-1ubuntu2.5
libss2 1.47.0-2.4exp1ubuntu4.1
libssl3t64 3.0.13-0ubuntu3.6
libsss-certmap0 2.9.4-1.1ubuntu6.3
libsss-idmap0 2.9.4-1.1ubuntu6.3
libsss-nss-idmap0 2.9.4-1.1ubuntu6.3
libstdc++6 14.2.0-4ubuntu224.04
libsystemd-shared 255.4-1ubuntu8.12
libsystemd0 255.4-1ubuntu8.12
libtalloc2 2.4.2-1build2
libtasn1-6 4.19.0-3ubuntu0.24.04.1
libtdb1 1.4.10-1build1
libtevent0t64 0.16.1-2build1
libtext-charwidth-perl 0.04-11build3
libtext-iconv-perl 1.7-8build3
libtext-wrapi18n-perl 0.06-10
libtinfo6 6.4+20240113-1ubuntu2
libtirpc-common 1.3.4+ds-1.1build1
libtirpc3t64 1.3.4+ds-1.1build1
libudev1 255.4-1ubuntu8.12
libudisks2-0 2.10.1-6ubuntu1.3
libunistring5 1.1-2build1.1
libuuid1 2.39.3-9ubuntu6.4
libuv1t64 1.48.0-1.1build1
libvolume-key1 0.3.12-7build2
libwbclient0 2:4.19.5+dfsg-4ubuntu9.4
libwrap0 7.6.q-33
libxml2 2.9.14+dfsg-1.3ubuntu3.6
libxxhash0 0.8.2-2build1
libyaml-0-2 0.2.5-1build1
libzstd1 1.5.5+dfsg2-2build1.1
logsave 1.47.0-2.4exp1ubuntu4.1
lsb-release 12.0-2
lsof 4.95.0-1build3
media-types 10.1.0
mount 2.39.3-9ubuntu6.4
netbase 6.4
networkd-dispatcher 2.2.4-1
nfs-common 1:2.6.4-3ubuntu5.1
ntfs-3g 1:2022.10.3-1.2ubuntu3
openssl 3.0.13-0ubuntu3.6
parted 3.6-4build1
passwd 1:4.13+dfsg1-4ubuntu3.2
perl-base 5.38.2-3.2ubuntu0.2
pinentry-curses 1.2.1-3ubuntu5
polkitd 124-2ubuntu1.24.04.2
procps 2:4.0.4-4ubuntu3.2
psmisc 23.7-1build1
python-apt-common 2.7.7ubuntu5.1
python3 3.12.3-0ubuntu2.1
python3-apt 2.7.7ubuntu5.1
python3-dbus 1.3.2-5build3
python3-gi 3.48.2-1
python3-gpg 1.18.0-4.1ubuntu4
python3-ldb 2:2.8.0+samba4.19.5+dfsg-4ubuntu9.4
python3-markdown 3.5.2-1
python3-minimal 3.12.3-0ubuntu2.1
python3-pkg-resources 68.1.2-2ubuntu1.2
python3-pygments 2.17.2+dfsg-1
python3-samba 2:4.19.5+dfsg-4ubuntu9.4
python3-sss 2.9.4-1.1ubuntu6.3
python3-talloc 2.4.2-1build2
python3-tdb 1.4.10-1build1
python3-yaml 6.0.1-2build2
python3.12 3.12.3-1ubuntu0.9
python3.12-minimal 3.12.3-1ubuntu0.9
readline-common 8.2-4build1
rpcbind 1.2.6-7ubuntu2
samba-dsdb-modules 2:4.19.5+dfsg-4ubuntu9.4
samba-libs 2:4.19.5+dfsg-4ubuntu9.4
sed 4.9-2build1
sensible-utils 0.0.22
session-migration 0.3.9build1
sgml-base 1.31
shared-mime-info 2.4-4
sssd 2.9.4-1.1ubuntu6.3
sssd-ad 2.9.4-1.1ubuntu6.3
sssd-ad-common 2.9.4-1.1ubuntu6.3
sssd-common 2.9.4-1.1ubuntu6.3
sssd-dbus 2.9.4-1.1ubuntu6.3
sssd-ipa 2.9.4-1.1ubuntu6.3
sssd-krb5 2.9.4-1.1ubuntu6.3
sssd-krb5-common 2.9.4-1.1ubuntu6.3
sssd-ldap 2.9.4-1.1ubuntu6.3
sssd-proxy 2.9.4-1.1ubuntu6.3
systemd 255.4-1ubuntu8.12
systemd-dev 255.4-1ubuntu8.12
systemd-hwe-hwdb 255.1.6
systemd-resolved 255.4-1ubuntu8.12
systemd-sysv 255.4-1ubuntu8.12
systemd-timesyncd 255.4-1ubuntu8.12
tar 1.35+dfsg-3build1
tzdata 2025b-0ubuntu0.24.04.1
ubuntu-advantage-desktop-daemon 1.11ubuntu0.1
ubuntu-keyring 2023.11.28.1
ubuntu-pro-client 37.1ubuntu024.04
ubuntu-pro-client-l10n 37.1ubuntu0~24.04
ucf 3.0043+nmu1
udev 255.4-1ubuntu8.12
udisks2 2.10.1-6ubuntu1.3
uuid-runtime 2.39.3-9ubuntu6.4
wamerican 2020.12.07-2
xdg-user-dirs 0.18-1build1
xml-core 0.19
zlib1g 1:1.3.dfsg-3.1ubuntu2.1
DistroRelease: Ubuntu 24.04
InstallationDate: Installed on 2026-01-10 (2 days ago)
InstallationMedia: Ubuntu 24.04.3 LTS "Noble Numbat" - Release amd64 (20250805.1)

Non Ubuntu users: System information

Environment

• adsys version: 0.16.3-24.04.2
• Distribution: Ubuntu
• Distribution version: 24.04.4 LTS

Log files

localuser@test-ub-02:~$ sudo login child-admin@child.td.corp
[sudo] password for localuser:
Password:
Welcome to Ubuntu 24.04.3 LTS (GNU/Linux 6.14.0-37-generic x86_64)

• Documentation: https://help.ubuntu.com
• Management: https://landscape.canonical.com
• Support: https://ubuntu.com/pro

Expanded Security Maintenance for Applications is not enabled.

0 updates can be applied immediately.

11 additional security updates can be applied with ESM Apps.
Learn more about enabling ESM Apps service at https://ubuntu.com/esm

Applying machine settings
Applying user settings
ERROR Error from server: error while updating policy: can't get policies for "child-admin@child.td.corp": failed to retrieve the list of GPO (exited with 1): exit status 1
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
auth_audit: 10
auth_json_audit: 10
kerberos: 10
drs_repl: 10
smb2: 10
smb2_credits: 10
dsdb_audit: 10
dsdb_json_audit: 10
dsdb_password_audit: 10
dsdb_password_json_audit: 10
dsdb_transaction_audit: 10
dsdb_transaction_json_audit: 10
dsdb_group_audit: 10
dsdb_group_json_audit: 10
Processing section "[printers]"
Processing section "[print$]"
pm_process() returned Yes
Security token SIDs (1):
SID[ 0]: S-1-5-18
Privileges (0xFFFFFFFFFFFFFFFF):
Privilege[ 0]: SeMachineAccountPrivilege
Privilege[ 1]: SeTakeOwnershipPrivilege
Privilege[ 2]: SeBackupPrivilege
Privilege[ 3]: SeRestorePrivilege
Privilege[ 4]: SeRemoteShutdownPrivilege
Privilege[ 5]: SePrintOperatorPrivilege
Privilege[ 6]: SeAddUsersPrivilege
Privilege[ 7]: SeDiskOperatorPrivilege
Privilege[ 8]: SeSecurityPrivilege
Privilege[ 9]: SeSystemtimePrivilege
Privilege[ 10]: SeShutdownPrivilege
Privilege[ 11]: SeDebugPrivilege
Privilege[ 12]: SeSystemEnvironmentPrivilege
Privilege[ 13]: SeSystemProfilePrivilege
Privilege[ 14]: SeProfileSingleProcessPrivilege
Privilege[ 15]: SeIncreaseBasePriorityPrivilege
Privilege[ 16]: SeLoadDriverPrivilege
Privilege[ 17]: SeCreatePagefilePrivilege
Privilege[ 18]: SeIncreaseQuotaPrivilege
Privilege[ 19]: SeChangeNotifyPrivilege
Privilege[ 20]: SeUndockPrivilege
Privilege[ 21]: SeManageVolumePrivilege
Privilege[ 22]: SeImpersonatePrivilege
Privilege[ 23]: SeCreateGlobalPrivilege
Privilege[ 24]: SeEnableDelegationPrivilege
Rights (0x 0):
added interface ens18 ip=172.30.3.212 bcast=172.30.3.255 netmask=255.255.255.0
added interface ens18 ip=172.30.3.212 bcast=172.30.3.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name child-dc-01.child.td.corp<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Ticket in credentials cache for child-admin@CHILD.TD.CORP will expire in 35991 secs
gensec_update_send: gssapi_krb5[0x96244c0]: subreq: 0x95eaf20
gensec_update_send: spnego[0x96219c0]: subreq: 0x96629f0
gensec_update_done: gssapi_krb5[0x96244c0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x95eaf20/source4/auth/gensec/gensec_gssapi.c:1059]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0x95eb100)] timer[(nil)] finish[source4/auth/gensec/gensec_gssapi.c:1070]
gensec_update_done: spnego[0x96219c0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x96629f0/auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x9662bd0)] timer[(nil)] finish[auth/gensec/spnego.c:2116]
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
gensec_update_send: gssapi_krb5[0x96244c0]: subreq: 0x95eaf20
gensec_update_send: spnego[0x96219c0]: subreq: 0x96629f0
gensec_update_done: gssapi_krb5[0x96244c0]: NT_STATUS_OK tevent_req[0x95eaf20/source4/auth/gensec/gensec_gssapi.c:1059]: state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state (0x95eb100)] timer[(nil)] finish[source4/auth/gensec/gensec_gssapi.c:1077]
gensec_update_done: spnego[0x96219c0]: NT_STATUS_OK tevent_req[0x96629f0/auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x9662bd0)] timer[(nil)] finish[auth/gensec/spnego.c:2116]
gendb_search_v: NULL (&(objectSid=\01\04\00\00\00\00\00\05\15\00\00\00@G\05h\0A\E9\BDr\8B\04K\F5)(objectClass=domain)) -> 1
source4/dsdb/common/util_groups.c:161: dsdb_search for <GUID=00956787-eebe-4676-8784-acb864c8f775> failed: LDAP error 10 LDAP_REFERRAL - <0000202B: RefErr: DSID-0310084A, data 0, 1 access points
ref 1: 'gc._msdcs.td.corp:3268'

ldap://gc._msdcs.td.corp:3268/
Traceback (most recent call last):
File "", line 306, in
File "", line 284, in main
File "", line 159, in get_token
samba.NTSTATUSError: (3221225700, 'This error indicates that the requested operation cannot be completed due to a catastrophic media failure or an on-disk data structure corruption.')

Failure setting user credentials

Application settings

Please redact/remove sensitive information:

Paste the contents of your adsys.yaml file here, if you created one.
No Yaml file created

Additional information

Running on Server 2019 standard (with gui) Forest/domain functional level 2016. Very basic setup however I did join using --use-ldaps. All certs check out. DNS is resolving all of the srv records. SSSD Config below:

[sssd]
domains = child.td.corp
config_file_version = 2
services = nss, pam

[domain/child.td.corp]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = CHILD.TD.CORP
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = child.td.corp
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = ad
auth_provider = ad
debug_level = 9
ad_use_ldaps = True
ad_enable_gc = True

Double check your logs

• I have redacted any sensitive information from the logs