Windows 11 24H2: “insufficient system resources” trying to login

I’ve talked about running a SAMBA Domain Controller before. It definitely has its ups and downs, but damn Microsoft loves being hostile to SAMBA.

I have deployed multiple computers with Windows 11, including the latest 24H2 update, but we recently had a specific Device, a Microsoft Surface Pro 9 to be precise, which received the 24H2 update “naturally” via Windows Update.

As soon as it rebooted, the user ran in to an issue.

Upon trying to login, the user was greeted with the following error:
“insufficient system resources exist to complete the requested service.”

Correct password, incorrect password, no password – it didn’t matter. Domain users immediately showed the error. I was, however, able to login as a local user.

Eventually I came across a post on learn.microsoft.com from Neil Greatorex which helped me resolve the issue.

To fix it on a one-off instance, you can login to the computer as a local user:

  • Windows Key + R to open the Run dialogue
  • Run gpedit.msc
  • Under Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
  • scroll down to Network Security: Configure encryption types allowed by Kerberos.
  • Check boxes for: RC4_HMAC_MD5, AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future Encryption Types.

Then reboot the computer.

After the reboot, try logging in as the domain user and it should work for you!

  • To prevent this on a broader scale across my network, I opened Group Policy Management, went to the policy under my domain that I wanted to edit, right clicked on the policy and selected Edit, then went to:
  • Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options
  • Double clicked on Network Security: Configure encryption types allowed by Kerberos
  • Then checked the box to “Define these policy settings”
  • Once again checked the boxes for RC4_HMAC_MD5, AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future Encryption Types then clicked OK.

Hopefully this prevents the issue from happening to any more computers as time goes on!