Yeah, I’m also seeing the same on all current 25.04 releases and 25.10 (b1).
With the directory services being partly reworked in 25.10 (b1), I hoped this would be fixed but it’s not, unfortunately.
Semi-related: I’m also no longer seeing a way (other than CLI) to refresh the directory services cache on 25.10 b1.
On 25.10 (b1), it looks like the “Status” on the Directory Services page does change to being faulted and also mentions the “Stored machine account secret is invalid. […]” error there.
It now also looks like the users and groups cache is cleared when AD is faulted that way. This is not very ideal IMO.
Usually, after waiting 10 minutes or just re-updating the AD configuration with no changes, the error goes away and AD switches back to “Healthy”, but that’s still not a fix.
@awalkerix Hope you don’t mind the ping, but you don’t happen to have any idea what could cause these spontaneous “Invalid stored machine account secret” failures?
Running a setup with 3x Windows Server 2025 domain controllers, though one is currently offline. That shouldn’t be related, but I still wanted to mention it. It does not have any FSMO roles assigned.
I believe the issue already happened before that one DC was offline as well, but I’m not 100% sure.
@NugentS In your environment, are all DCs online and operational when the error happens? Just wondering if that health check in TrueNAS maybe has some issues if one or more DCs are offline.
(Also noting that the “timeout” setting doesn’t seem to affect this. It was set to “60 seconds” on 25.04. This also caused an unchangeable config in 25.10, since the max is 40s there apparently, yet it showed no errors. Just the “Save” button could not be pressed anymore. Left and rejoined the domain on TrueNAS, so the new AD UI could be used again. Not sure if just lowering the timeout would have also done the trick.)