No logon servers available to service the logon request

Current config

SLES 12 SP1 (soone to be SP2) is a VM in a SLES 12 SP1 host
Samba setup with several shares (SmbServer1)
Clients are Win 10 Pro joined to the Samba domain
smb.conf file has 'server max protocol = NT1'
All Windows 10 PC can login and get drive mappings to their shares.

One VM is a Win 10 Pro (acting as a server for one client app) (lets call this WinServer2), joined to the domain and has it own share for some of the users to map to. The share rights are setup with domain\user rights.

I want to use a higher 'server max protocol' on the samba server.

If I change the 'server max protocol' to SMB2, then the Win 10 pro clients do connect and have mapped drives to SmbServer1, but the map drive to WinServer2 will not be made. If the users open win explorer address of \\WinServer2, then a message pop with 'No logon servers available to service the logon request'. So the fix is to set the SmbServer1 smb.conf to 'server max protocol = NT1' but this make everything slow. Really hoping to use a higher SMB protocal on SmbServer1.
This wiki explains why


Was thinking that the WinServer2 can use a lower protocol talking to SmbServer1 for auth be still serve the share to its clients as SM3.

The Win10 PC do talk to SmbServer1 with protocol/dialect 1.5 and talk to WinServer2 with protocol/dialect 3. This is confirmed with powershell command get-smbconnection

What is the best way for WinServer2 to provide a share with auth of domain\user which the users are defined on SmbServer1 while have SmbServer1 can have a higher protocol (perferably SMB3) to the rest of the Win10 clients and users?