Two new Windows Server 2012 R2 installs. One setup as a Domain Server. The other joins the domain. (on an account that is setup with the default stuff, but added to the Domain Admins group. (although, also did it with other non-domain admins)
Joined sever can not login to a Domain account, as it gets an error about no trust relationship with this workstation.
I tried unjoining, rebooting, rejoining, rebooting.
Unjoining, deleting the computer in the domain, rebooting both machines, rejoining and rebooting.
Nothing worked, everyone's solution was to do the above, with statements like 'so glad this no longer happens in 2012...'
Finally was able to login by checking: User Kerberos DES Encryption, as well as the This account supports 128 & 256 bit encryption.
Later to narrow them down, unchecking the DES causes it to stop working.
However, if you leave it checked, then you get a popup saying to lock and unlock your machine every few minutes - or longer, and I have no idea if I need to bother doing that or just let the message go away.
I also tried turning off the firewalls on both machines. I was also not able to do an auth against another account during an install (run this under user X\Y > Test and the test would fail unless DES is checked.
Sounds like something is broken, Kerberos just doesn't work right in Server 2012R2, with all updates installed.
Ideas?
I don't expect it matters, but I'm running both in VMs. (On a Mac, under Parallels 10, but I doubt any of that would matter.)
