For well know reasons myself and many here recommend to - if possible - deploy VBR and especially it’s repos outside of the Windows domain.
Certain issues come as a downside with doing that:
Maintaining multiple local admin logins, remote-UAC (LocalAccountTokenFilterPolicy), firewall behavior outside of domain networks etc. being some of those.
Recently I stumbled upon a situation were we could not establish a connection from a non-domain-joined VBR server to a newly deployed non-domain-joined Windows 2019 repo server. Other older proxies/repos to the same VBR were available and functioning.
From the VBR server the admin$ share of the to-be-connected new repo was not accessible (“invalid login”).
VBR also stated “invalid login” during Windows server onboarding. But from another (domain joined) Windows system in the same (direct, non-routed) network, the repo’s admin$ share was well available with the same user/pw.
Of course no Windows firewall whatsoever was active.
Very strange.
Has anyone seen something alike already? I would welcome more ideas to troubleshoot. Case is open, but I assume it’s basically a Windows issue as the admin$ share is already not accessible.
Thanks,
Michael

