Unable to Logon to Windows 2003 Domain Due to Windows Cannot Connect to the Domain Error

Last Updated: April 18, 2008

Issue

Some administrators have reported issues with Windows XP workstations that are joined to a Windows 2003 Active Directory domain. These workstations are part of the domain, however, when a domain user tries to authenticate and logon to the domain from one of these workstations they cannot login and receive the following error message:

Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear contact your System Administrator for assistance.

This error is received even though the computer account for the workstation and user account for the user both exist. This error may appear when a computer is replaced with another computer with the same computer name without first deleting the duplicate computer name from Active Directory before joining the new workstation to the domain with the same duplicate name.

This symptom may either appear immediately at the first try, or after a few successful logons. The cause of the error is usually related to a security identifier (SID) issue. Another possible cause for the error is that the computer account for the workstation was accidentally deleted from Active Directory.

Another cause for the error is using Norton Ghost or any other similar disk cloning software. This happens when the administrator has cloned one XP machine and reproduced it to many other new computers without first using and running Microsoft's SYSPREP utility.

In most cases, the error typically relates to the computer account, not the user account in Active Directory.

Solution

  1. Login to the Microsoft Windows Server 2003 Domain Controller, open DSA.MSC (Active Directory Users and Computers management console)
  2. Delete the affected computer account object from the domain.
  3. Login to the Microsoft Windows XP workstation as a local administrator. If you cannot logon as local administrator, try to disconnect the network cable and login to the computer by using a domain administrator user that was used to logon on the computer before. This will be made possible because of the cached logon credentials feature that remembers the last 10 successful logons.
  4. Go to Control Panel, then click on System icon, then go to Computer Name tab.
  5. Remove the computer from the domain by clicking the Change button. You should see that Domain button is now selected. Remember your domain name shown in the text box. Select the Workgroup radio button to remove the computer from the domain, and put any workgroup name in the text box (e.g. workgroup).
  6. Click OK to exit and reboot the computer.
  7. After the computer restarts, go back to Control Panel > System > Computer Name tab, and click Change.
  8. Rejoin the domain by clicking on the Domain button. Enter the domain name noted in step 5.
  9. You might be prompted to enter the credentials of one of the Domain Admin users. This can be bypassed if one of the Domain Admins manually creates a computer account in Active Directory Users and Computers for the workstation you're about to join.
  10. Click OK to exit.
  11. Reboot the computer.