Recently customer tried setup of Windows 11 24H2 in their DSfW domain.
Everything except machine group policy works. I tried the same in our environment with DSfW and I have same behaviour.
I can join Win 11 24H2 to domain,
Test-ComputerSecureChannel returns OK,
gpupdate returns successfull for User policy but error for Computer policy.
During gpupdate I can see "Impersonated user MachineName$@domain" in xadsd log and in "net cache samlogon list" I can se cached login for machine, so computer is autheticating to DSfW and samba on domain controller.
Trying the same with previous version of Win 11 does not return error, Computer policy applies normally.
Any ideas what is different in Windows 11 24H2 than in previous versions of Win 11 to block computer group policy from updating ?