I am getting the following alert on a regular basis
• Stored machine account secret is invalid. This may indicate that the machine account password was reset in Active Directory without coresponding changes being made to the TrueNAS server configuration…
and 10 minutes or later I get an alert cleared
There are no deliberate changes being made to AD.
Directory Services Monitor says healthy (and AD accounts are available in TN)
What version is this happening on?
25.04.2.1
Happened on previous as well
Yeah, I’m also seeing the same on all current 25.04 releases and 25.10 (b1).
With the directory services being partly reworked in 25.10 (b1), I hoped this would be fixed but it’s not, unfortunately.
Semi-related: I’m also no longer seeing a way (other than CLI) to refresh the directory services cache on 25.10 b1.
On 25.10 (b1), it looks like the “Status” on the Directory Services page does change to being faulted and also mentions the “Stored machine account secret is invalid. […]” error there.
It now also looks like the users and groups cache is cleared when AD is faulted that way. This is not very ideal IMO.
Usually, after waiting 10 minutes or just re-updating the AD configuration with no changes, the error goes away and AD switches back to “Healthy”, but that’s still not a fix.
@awalkerix Hope you don’t mind the ping, but you don’t happen to have any idea what could cause these spontaneous “Invalid stored machine account secret” failures?
Running a setup with 3x Windows Server 2025 domain controllers, though one is currently offline. That shouldn’t be related, but I still wanted to mention it. It does not have any FSMO roles assigned.
I believe the issue already happened before that one DC was offline as well, but I’m not 100% sure.
@NugentS In your environment, are all DCs online and operational when the error happens? Just wondering if that health check in TrueNAS maybe has some issues if one or more DCs are offline.
(Also noting that the “timeout” setting doesn’t seem to affect this. It was set to “60 seconds” on 25.04. This also caused an unchangeable config in 25.10, since the max is 40s there apparently, yet it showed no errors. Just the “Save” button could not be pressed anymore. Left and rejoined the domain on TrueNAS, so the new AD UI could be used again. Not sure if just lowering the timeout would have also done the trick.)
All DC’s are online and working (both of them)
Yeah, confirmed this issue is still happening with all 3 DCs back online.
I’ve created a ticket now and uploaded a debug file, where the issue just happened 12 minutes before taking it (and resolved itself 10 minutes later, so 2 minutes before the file was taken): NAS-137379
