Laptop can't connect to domain: "Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable.."

A remote user left the company and sent me back her laptop.  It absolutely will not login to the domain with any credentials.  Returns error:

"Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact your system administrator for assistance."

I believe she installed SP3 recently, just an fyi.  She never had issues logging into domain while in the office or when she was remote.
What I've done so far:
-Check for AD computer account - it was in fact not in AD although it was in DNS.  I added the computer account to AD.
- Tried booting into safe mode - still will not login.
- Tried logging into the local computer workgroup.

I can't get into this machine!
TIA.
kialnAsked:
Who is Participating?
 
MarkMichaelCommented:
Hi

To help clarify things a little...
The computer was joined to the domain, when it was connected and working, the remote worker was using 'cached credentials' stored on the laptop. When the laptop is unable to connect to a domain to authorise, windows will attempt to authorise the password inputted to a local encrypted copy of the password that it knows works for that account. If this is successful, you are able to login. (This was possible when you unplugged it from the network, simply because when you plugged the laptop back into the network, it tried to authenticate to the domain, but was unable to, due to no computer account, or a new account added to which the SIDs are not correct).

So, after removing the computer from the domain, you are now working on a 'standalone PC'. You should then attempt to login with the LOCAL (not a domain account) administrator account for that specific laptop. Use this profile to change the laptop from a Workgroup laptop to a domain laptop. The new computer account will get created in AD automatically and the laptop SID and computer account SID will synchronise.

Once this has occurred, you should be able to login with the old credentials once again...

0
 
ZeusiCommented:
Has the laptop been joined to the domain? If it hasn't try booting the laptop up without the network cable plugged in. Once booted, plug the network cable back in and try joining the laptop to the domain then. Make sure you don't have the computer name in AD before joining it to the domain network.
0
 
kialnAuthor Commented:
I removed the computer account from AD and then followed your instructions.  Still same error message.
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
ZeusiCommented:
Have you removed the laptop from the domain so the laptop is in a workgroup?
0
 
Lukasz ChmielewskiCommented:
you should be able to login as a local administrator (with knowing the password). detach the workstation from the domain, reattach it

see it this helps
0
 
fuzzymallets1Commented:
Add the domain controller's IP address to the primary DNS settings of the laptop.
0
 
ZeusiCommented:
As what fuzzymallets1 has said. Add the ip address of the PDC into the network configuration of the notebook. And rejoin the laptop to the PDC by changing the laptop to a workgroup. Restart the laptop and then rejoin it to the domain. Thats the only way that I can see of fixing the issue
0
 
kialnAuthor Commented:
I unplugged the cable and was then able to log in (why is that?  I had tried logging in exact same way before with cable!)
I removed it from domain and changed it to workgroup - now it won't login once again!
0
 
ZeusiCommented:
What is happening is that the laptop is having trouble trying to logon to the domain. Are you running dhcp on your network? If so change the ip to dhcp. Logon to the laptop under an admin account and then try rejoining to the domain network. Let me know how you go
0
 
kialnAuthor Commented:
I cannot login to the machine now at all!  Same initial error.
0
 
MarkMichaelCommented:
If you do not know what the administrator password for the laptop is, you may be a little stuck. Therefore, you will require an administrator password recovery tool.

Please read this link:
http://www.petri.co.il/forgot_administrator_password.htm

What you should have done first, was use an account on that laptop to change the local administrator account to something you remember, before dis-joining the laptop from the domain.
0
 
kialnAuthor Commented:
I have been attempting to login with the local admin account (as before) but it's not working.  I know the password because I created it.
The credentials I used to log in before were a user account with admin rights on the local machine, not the domain - why would that stop working?
0
 
MarkMichaelCommented:
Have you tried using COMPUTERNAME\administrator as the username?
I'm going to bed now, i'll reply in the morning if no one else has helped by then.
Goodluck.
0
 
haaniCommented:
If nothing else works you could use a software like ERD Commander and reset the local admin password and log in using that account. you can then remove the laptop from the domain and join it to the domain again and you should be able to log in with the domain account
0
 
rockyfortCommented:
Everyone knows that Microsoft had purchased ERD commander but here is that link to the new name and how to download it. (Free 30 day trial)
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.winternals&tid=50c0a566-ac69-44c9-a583-67a8ca282519&cat=en_US_74E5E148-DC8E-32E5-B6D2-0F96A4A890A3&lang=en&cr=US&sloc=&p=1
0
 
kialnAuthor Commented:
Hi all,
Nothing worked.  It wasn't an issue with not knowing the password because I knew it.
Since I had spent so much time on it and there was nothing I needed on that laptop I simply re-imaged it.  I would've liked to have known what the issue actually was but time constraints won out over curiosity!
Thanks for all your help - I really appreciate it!
0
 
MarkMichaelCommented:
Hi

We have told you why this wasn't allowing you to login.
The SID's on the laptop were different to the NEW computer account you created. So, you were unable to login to the domain with it, even if it was still joined. If you deleted the account at all, without rejoining the PC to the domain, your SIDs were not matched, hence not allowing you to login. That is why it worked while you had the cable disconnected. It was using cached credentials.

Resetting the LOCAL administrator account and turning the laptop to Workgroup mode first before rejoining would have worked.
0
 
kialnAuthor Commented:
I get what you have told me.  I'm just saying I ran out of time to spend on it.

If you remember, I was able to log in with the local account once I disconnected the cable.  At that point, following advice given, I removed the computer from the domain.  I rebooted and then was not able to log in with the same credentials I had just used moments before.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.