Windows Computers Intune joined, have intermittent disconnect to AD/ print services.

Hello Jon (Admin)

Based on the symptoms you described, the intermittent connectivity to the print servers often points to credential handling between Windows Hello for Business (WHfB) and the on-premises domain controllers. Since WHfB relies on key-based authentication rather than traditional passwords, certain legacy services (like print servers) may not fully recognize the credential flow, especially if Kerberos tickets are not being issued consistently. I recommend verifying that your domain controllers are properly configured to support WHfB key trust or certificate trust models, and ensuring that the print servers are updated to handle Kerberos authentication. Additionally, reviewing event logs on both the client and DC side can help pinpoint whether ticket issuance or replication between the two DCs is contributing to the failures. Setting up Azure Kerberos could indeed provide a more seamless bridge, but it’s worth confirming the on-premises configuration first to avoid introducing unnecessary complexity.

If this guidance helps move you forward, please consider hitting “Accept Answer” 🙂 - it’s always appreciated!

Harry.

The issues you are experiencing with Windows computers joined to Intune, particularly the intermittent disconnects to Active Directory (AD) and print services, may stem from several factors. Here are some considerations and potential solutions:

1. Windows Hello for Business (WHfB) Configuration: Since all users have Windows Hello for Business set up, ensure that the configuration is correct and that the devices are properly registered with the AD. Misconfigurations can lead to authentication issues.
2. Kerberos Authentication: If you are considering setting up Kerberos on Azure, ensure that the Kerberos configuration is compatible with your on-premises AD. Kerberos relies on proper ticket granting and may require adjustments in your AD settings to ensure seamless communication.
3. Network Connectivity: Check the network connectivity between the Windows computers and the domain controllers. Intermittent network issues can lead to authentication failures. Ensure that there are no firewall rules or network policies that could be blocking traffic.
4. Credential Caching: The caching of credentials may play a role in the intermittent authentication issues. If users are frequently prompted for credentials, consider reviewing the credential manager settings and policies related to credential caching.
5. Active Directory Domain Controller Health: Since you have two domain controllers, verify that both are functioning correctly. Issues with the primary DC can cause authentication problems for clients. Regularly check the health of your DCs and ensure they are replicating properly.
6. Event Logs: Review the event logs on both the client machines and the domain controllers for any errors or warnings that could provide more insight into the authentication failures.
7. User-Based Authentication: As cloud-native endpoints do not support machine authentication, ensure that your applications and services are configured to use user-based authentication instead of machine accounts. This could alleviate some of the issues related to accessing resources.

By addressing these areas, you may be able to resolve the intermittent disconnects and authentication issues with your Windows computers.

References:

• Cloud-native endpoints and on-premises resources
• Authentication and access to on-premises resources
• Don't use machine authentication