"Windows cannot connect to the domain, either because the controller is down or otherwise unavailable..."

Posted on 2008-11-10
Last Modified: 2012-06-27
Hi All,

I have a domain called company.local on windows 2003 server.  I have various XP pcs connected to the domain which work fine.  I have one PC failed so I installed Nortons ghost on a good pc and created a image.  I reinstalled the faulty pc with this image then i renamed this pc to dell023 i did this by taking the pc of the domain and putting it on a workgroup rebooted then changed name then put it back on the domain rebooted. I was able to logon to the domain for a short while. Now everytime i logon i keep on getting this error and the only option i get is to click ok then it takes me back to the logon screen:

"Windows cannot connect to the domain, either because domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact your network administrator for assistance.".

I have deleted the computer that i cloned and the original from computers on the DC then reboot my computers but i still get this error.  I can ping the pc from the dc using there names.  I cannot find how to resolve this, i have seen a few articles on this to unplug the nic cable and try loggin on but i have tried to logon to this more than 10 times as the article suggests so i dont hink this will work.

Any help would be great.

Question by:hsood2001
    LVL 70

    Accepted Solution

    I suspect that you did not use SYSPREP or otherwise chnage the SID of the computers - so you now have multiple machines, cloned from the same image, with different names but with the SAME SID and this is casing the issues you describe.

    To correct the problem, remobe the machines from the domain, log in as the local administrator and run NEWSID and generate a new SID before adding them back to the domain

    NewSID can be downloaded from
    LVL 5

    Expert Comment

    Have you checked your IP address settings. Does your Primary DNS point to your domain.  Does nslookup command on the comman prompt return you your domain name??

    Author Comment

    I did not use sysprep. I need to clone another machine what is the correct procedure to doing this?

    How can i remove it from the domain as i cannot logon locally to the machine.  Do i also need to remove
    the computers from the windows 2003 domain controller? do i need to run newsid on both my original and clone machine?

    Thanks for your help.
    LVL 70

    Assisted Solution

    Why can you not log on locally - just use the local admin username/password - make sure that the option box displays ........ (this computer), not the name of the domain

    You need to run NewSID on each machine that tou clone from the original
    LVL 70

    Assisted Solution

    ... the "approved method for preparing a machine for cloning" is:-

    First you need to setup a PC and install Windows and any applications on it that you want. You can then configure it as desired. It is worth spending a bit of time and effort on this as it will form the basis for all computers cloned from this one.

    Set up a dummy user account, log on using this account and set up the desktop, menus shortcuts, screen savers, map drives etc and all the other stuff that you want to standardize for new users. When all is to your liking, log off from the dummy account.. You can then copy the profile you have just created so that it becomes the default for all new users. To do this you need to log on as an administrator, You will first need to go to the Control Panel, and in Administrative tools, Folder Options, on the View Option make sure that the option to Show Hidden Files and Folders is selected. It is also a good idea to make sure that the Hide Extensions for known file types is NOT selected so you can identify files more easily later on. Then exit the control panel. Right click on My Computer and select Properties, Advanced, and click on SETTINGS under User profiles. Select the dummy profile and then COPY TO another user option. Copy the dummy profile to C:\Documents and Settings\Default User making sure that you change the 'Permitted to use' option to 'Everyone' so that the new users will have the necessary permissions on the profile. Confirm the action replacing the existing default profile when prompted.

    The next stage is to prepare the PC for imaging, this involves creating an answer file for the mini-setup and running sysprep.

    You will first need to install the deployment tools from the Windows CD onto the machine. Insert the Windows CD, navigate to the \Support\Tools folder and double click on the file. Select all of the files in Deploy,cab, right click, extract, and extract all the files to a folder called C:\sysprep. (the folder name is important)

    Run the SetupMgr program from C:\Sysprep and  select a new answer file, for a sysprep install for Windows. Select, Yes fully automate.  and go through and supply all the relevant information. If you select a fully automated installation as suggested you will not be able to leave some entries like computer name and product key blank but if you want to enter them at install time, dont worry too much now, just type in something and you can remove it in the next step.

    After completing the answer file save it as C:\Sysprep\sysprep.inf. and close the dialog box. If you want to edit it the sysprep file, you can right click on sysprep.inf and select Open With& Notepad.  You can then change bits. For example if you want to be prompted for the computer name at install time change the line that reads


    As the values are now blank, you will be prompted for them at install

    One you are happy, it might be a good idea to copy the C:\Sysprep folder to a removable device such as a USB memory stick as the whole of the C:\sysprep folder will be permanently deleted later on in the process.

    Now we need to run Sysprep. Double click on Sysprep.exe. Make sure that the Mini-setup option IS selected and NoSidGen is NOT selected and the SHUTDOWN option is selected before pressing RESEAL.

    Windows will then strip the SIDs and other identifies out of Windows and prepare it for imaging. Windows will then shutdown. Once Windows is shutdown you need to start the PC booting from either a floppy disk or CD that contains your third party imaging program. This can be Symantec Ghost, Acronis, Drive Image similar.

    You then need to copy the image file to a removable disk, CDs/DVDs network drive or whatever.

    You then need to start the new PC, boot that from the floppy disk or CD that contains your third party imaging program and copy the image that you image of the first PC to the new PC.

    When the image has been copied you can reboot the new PC. Windows will start and go through the mini-setup and configure itself using the sysprep.inf file that you created. If you left any of the required options, like computer name blank, you will be prompted to type them in.  Otherwise setup will be automatic. As its only re-configuring, not reinstalling the mini-setup takes about 5mins, at then end of which you will have a new computer which is identical to the first one but with a different name and different SIDs. All of the software and configurations will be preserved.

    Author Comment

    Thanks for you help.

    So i need to run the newsid utility on each new machine that is cloned from the original do i also need to remove these computers from the AD computers?

    I have found that i am getting the error on both my original and the cloned machine. so i rem ove these from the computers in AD and then run newsid?


    LVL 70

    Assisted Solution

    So long as you run it on the ALL the cloned machines then that will do the job, they will then all have unique SIDs and be different from the original machine. The original machine is in conflict as it has the same SID as the other machines, - it would not hurt to do this as well.

    Best to remove the machines from the domain by logging on locally and using the Computer Name tab to remove them from the domain, Delete the computer account in ADUC, then run NewSID and join them back to the domain.

    Author Comment

    Thanks for your help.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
    Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now