[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


"Windows cannot connect to the domain, either because the controller is down or otherwise unavailable..."

Posted on 2008-11-10
Medium Priority
Last Modified: 2012-06-27
Hi All,

I have a domain called company.local on windows 2003 server.  I have various XP pcs connected to the domain which work fine.  I have one PC failed so I installed Nortons ghost on a good pc and created a image.  I reinstalled the faulty pc with this image then i renamed this pc to dell023 i did this by taking the pc of the domain and putting it on a workgroup rebooted then changed name then put it back on the domain rebooted. I was able to logon to the domain for a short while. Now everytime i logon i keep on getting this error and the only option i get is to click ok then it takes me back to the logon screen:

"Windows cannot connect to the domain, either because domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact your network administrator for assistance.".

I have deleted the computer that i cloned and the original from computers on the DC then reboot my computers but i still get this error.  I can ping the pc from the dc using there names.  I cannot find how to resolve this, i have seen a few articles on this to unplug the nic cable and try loggin on but i have tried to logon to this more than 10 times as the article suggests so i dont hink this will work.

Any help would be great.

Question by:hsood2001
  • 4
  • 3
LVL 70

Accepted Solution

KCTS earned 500 total points
ID: 22920520
I suspect that you did not use SYSPREP or otherwise chnage the SID of the computers - so you now have multiple machines, cloned from the same image, with different names but with the SAME SID and this is casing the issues you describe.

To correct the problem, remobe the machines from the domain, log in as the local administrator and run NEWSID and generate a new SID before adding them back to the domain

NewSID can be downloaded from http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx

Expert Comment

ID: 22920521
Have you checked your IP address settings. Does your Primary DNS point to your domain.  Does nslookup command on the comman prompt return you your domain name??

Author Comment

ID: 22920746
I did not use sysprep. I need to clone another machine what is the correct procedure to doing this?

How can i remove it from the domain as i cannot logon locally to the machine.  Do i also need to remove
the computers from the windows 2003 domain controller? do i need to run newsid on both my original and clone machine?

Thanks for your help.
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

LVL 70

Assisted Solution

KCTS earned 500 total points
ID: 22920799
Why can you not log on locally - just use the local admin username/password - make sure that the option box displays ........ (this computer), not the name of the domain

You need to run NewSID on each machine that tou clone from the original
LVL 70

Assisted Solution

KCTS earned 500 total points
ID: 22920808
... the "approved method for preparing a machine for cloning" is:-

First you need to setup a PC and install Windows and any applications on it that you want. You can then configure it as desired. It is worth spending a bit of time and effort on this as it will form the basis for all computers cloned from this one.

Set up a dummy user account, log on using this account and set up the desktop, menus shortcuts, screen savers, map drives etc and all the other stuff that you want to standardize for new users. When all is to your liking, log off from the dummy account.. You can then copy the profile you have just created so that it becomes the default for all new users. To do this you need to log on as an administrator, You will first need to go to the Control Panel, and in Administrative tools, Folder Options, on the View Option make sure that the option to Show Hidden Files and Folders is selected. It is also a good idea to make sure that the Hide Extensions for known file types is NOT selected so you can identify files more easily later on. Then exit the control panel. Right click on My Computer and select Properties, Advanced, and click on SETTINGS under User profiles. Select the dummy profile and then COPY TO another user option. Copy the dummy profile to C:\Documents and Settings\Default User making sure that you change the 'Permitted to use' option to 'Everyone' so that the new users will have the necessary permissions on the profile. Confirm the action replacing the existing default profile when prompted.

The next stage is to prepare the PC for imaging, this involves creating an answer file for the mini-setup and running sysprep.

You will first need to install the deployment tools from the Windows CD onto the machine. Insert the Windows CD, navigate to the \Support\Tools folder and double click on the Deploy.cab file. Select all of the files in Deploy,cab, right click, extract, and extract all the files to a folder called C:\sysprep. (the folder name is important)

Run the SetupMgr program from C:\Sysprep and  select a new answer file, for a sysprep install for Windows. Select, Yes fully automate.  and go through and supply all the relevant information. If you select a fully automated installation as suggested you will not be able to leave some entries like computer name and product key blank but if you want to enter them at install time, dont worry too much now, just type in something and you can remove it in the next step.

After completing the answer file save it as C:\Sysprep\sysprep.inf. and close the dialog box. If you want to edit it the sysprep file, you can right click on sysprep.inf and select Open With& Notepad.  You can then change bits. For example if you want to be prompted for the computer name at install time change the line that reads


As the values are now blank, you will be prompted for them at install

One you are happy, it might be a good idea to copy the C:\Sysprep folder to a removable device such as a USB memory stick as the whole of the C:\sysprep folder will be permanently deleted later on in the process.

Now we need to run Sysprep. Double click on Sysprep.exe. Make sure that the Mini-setup option IS selected and NoSidGen is NOT selected and the SHUTDOWN option is selected before pressing RESEAL.

Windows will then strip the SIDs and other identifies out of Windows and prepare it for imaging. Windows will then shutdown. Once Windows is shutdown you need to start the PC booting from either a floppy disk or CD that contains your third party imaging program. This can be Symantec Ghost, Acronis, Drive Image similar.

You then need to copy the image file to a removable disk, CDs/DVDs network drive or whatever.

You then need to start the new PC, boot that from the floppy disk or CD that contains your third party imaging program and copy the image that you image of the first PC to the new PC.

When the image has been copied you can reboot the new PC. Windows will start and go through the mini-setup and configure itself using the sysprep.inf file that you created. If you left any of the required options, like computer name blank, you will be prompted to type them in.  Otherwise setup will be automatic. As its only re-configuring, not reinstalling the mini-setup takes about 5mins, at then end of which you will have a new computer which is identical to the first one but with a different name and different SIDs. All of the software and configurations will be preserved.

Author Comment

ID: 22921069
Thanks for you help.

So i need to run the newsid utility on each new machine that is cloned from the original do i also need to remove these computers from the AD computers?

I have found that i am getting the error on both my original and the cloned machine. so i rem ove these from the computers in AD and then run newsid?


LVL 70

Assisted Solution

KCTS earned 500 total points
ID: 22921115
So long as you run it on the ALL the cloned machines then that will do the job, they will then all have unique SIDs and be different from the original machine. The original machine is in conflict as it has the same SID as the other machines, - it would not hurt to do this as well.

Best to remove the machines from the domain by logging on locally and using the Computer Name tab to remove them from the domain, Delete the computer account in ADUC, then run NewSID and join them back to the domain.

Author Comment

ID: 22921137
Thanks for your help.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Learn about cloud computing and its benefits for small business owners.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question