Unable to Logon to Win2003 Domain AD Due to Windows Cannot Connect to the Domain Error

»»»Unable to Logon to Win2003 Domain AD Due to Windows Cannot Connect to the Domain Error
The computer and user account has been created and existed in a Windows 2003 domain Active Directory (AD) where a domain controller (DC) running Microsoft Windows 2003 Server operating system. However, you may encounter the following error message when a domain user tries to authenticate and logon to the domain from a workstation which can be running on Windows XP (with or without SP2) operating system or any other OS:

Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear contact your System Administrator for assistance.

The symptom or error may appear when a PC is replaced with another computer with the same computer name without first deleting the duplicate computer name from the domain Active Directory service before joining the new workstation to the domain with that duplicate name. The symptom may appear immediately or after a few successful log-ons. The cause of the error will probably due to security identifier (SID) issues. Another possible cause for the error is that the computer account for the workstation is accidentally deleted.

The resolution and workaround to solve the above error in above condition is as below.

  1. Login to the Windows 2003 domain controller, and delete the computer account object from the Active Directory by using Microsoft Management Console (MMC) which you can always access from “Manage Your Server”.
  2. Log-in to the PC workstation as local administrator. If you cannot logon as local administrator, try to unplug the network cable and logon to the computer by using a domain administrator user that used to logon on the PC before, by using cached logon credentials feature.
  3. Go to Control Panel, then click on System icon, then go to Computer Name tab.
  4. Unjoin the computer from the domain by clicking on “Change”. You should see that Domain button is now selected. Remember your domain name in the text box. Select (Click) on “Workgroup” to remove the computer from the domain, and put any workgroup name in the text box (e.g. workgroup).
  5. Click OK to exit.
  6. Restart the computer (optional)
  7. Go back to the Control Panel, launch System properties and then go to Computer Name tab, and click on “Change”.
  8. Rejoin the domain by uncheck the Workgroup button and select (check) Domain button, and put in the domain name noted above into the text box.
  9. Click OK to exit.
  10. Reboot the PC.

This should solve the unable to logon to domain error, without changing or losing the user profiles on AD.

By | 2016-12-09T08:41:23+00:00 December 9th, 2016|Categories: Windows|Tags: , |18 Comments

About the Author:

LK is a technology writer for Tech Journey with background of system and network administrator. He has be documenting his experiences in digital and technology world for over 15 years.Connect with LK through Tech Journey on Facebook, Twitter or Google+.
  • ian

    nice one – this helped me loads – you are the bomb

  • Alex

    Thank you for this great tip. I only burned 2 hours before I found this.

  • Shane

    I did this fix and it work for a little while but then after about a week the same user came back with the same issue. I've rejoined the same computer from the domain many times befroe but it keeps coming back. Any one have any ideals?

    • NimanthaW

      Delete and recreate the computer account.

  • Nick

    Worked great for me! Could have been a huge issue. It was our Terminal Server that had the issue (aprox 50 users) so it would have been a hell if I had not found this before the next work day. Hopefully I don't have the re-occurring issue like Shane above me has posted…

    Many Thanks!

  • soscode

    i had same issue with shane.

  • Garth

    I am too tired …. five days later …. but thankyou, thankyou, thankyou …. it worked ! F*@!ing Microsoft !!!!

    PS. It shouldn't be this hard!

  • Pete

    AWESOME! Like another poster I burned about an hour and a half before finding this fix. Rock on!

  • lol, you can just unjoin the pc from the domain and rejoin. That will fix this issue. He/she is correct about the DC as the problem just not the fastest solution to the fix. If you spent more than 5 min on this problem time to look for a new profession. Have a good one!!

  • Richard

    John presumably feels very high and mighty now, but should probably consider that not everyone who experiences this problem is dealing with a simple Windows XP Pro box. Try involving centrally managed thin clients, perhaps with firmware refreshing going on, and see if you should be the one researching a new profession.

  • Desdemona

    If the problem keeps on reoccuring then check ADUC for matching DNS names. I don't know how your naming system works, but its easy for me to search for possible matches since we use the computers S/N in the name (part of it). I had that problem with a workstation and found a bogus name in ADUC that was similar and had the exact same DNS name.

    We have a large number of workstations and quite a few techs of different levels working on them, so sadly this is not a completely isolated event.

  • Malcolm

    Shane you probably have that computer and another computer with the same name on the domain. Try taking it off the domain and giving it a different name but make sure you add the name in your directory. Then, add it back to the domain. Hope this helps.

  • Leslie York

    I've rebooted after changing from the domain to the workgroup and used the example workgroup name. Now I can't log on to the machine AT ALL. Before trying this fix, I could get on if I disconnected my network cable. Now I can't even logon while disconnected. Thanks for making my problem worse!!

  • Eric

    Un-joining and re-joining the domain worked for me! Thanks!

  • rahmath ali

    Hi,

    I did this fix, but I forgot to delete the account from AD, and I tried this solution, but I lost my profile when I logged in again.

    specially I lost my outlook express account which, I am using as external mails.

    Any one there to help me to get back my profile.

    Waiting for a quick reply.

    Thanks In advance.

    SYED

  • Sam

    rahmath ali,

    You should be able to see the profiles listed. You will need to search within the name you used when logging in if you browse to

    C:WindowsApplication DataOutlook Express{GUID}

    or

    C:Documents and SettingsUserLocal SettingsApplication DataIdentities{GUID}MicrosoftOutlook Express

    Depends on what version of Windows…

    – Sam

  • rahul

    this solution is temporary. i need a permenant solution for better envoirnment. people came back to me for same issue.What is the actual issue ?

  • TJ Botten

    If you have ISA running on server 2003 SBS don't forget to check the RPC filter, for some reason it wont allow connection when connecting with Win7 64-bit. Disable it until you are on the domain and then re-enable it.

STAY IN TOUCH

close-link