"The domain is not available!"

Hey everyone!

I am getting a very strange error that I can duplicate, but can not solve.  

I've got a tablet PC (XP Pro, SP3) that I can log into using the local administrator account and a domain controller (Win2k3 Server) that I can successfully connect to through a VPN.  I am trying to add the tablet to the domain and login to the domain as a user.

So, after I successfully add the tablet to my domain, I reboot, and then proceed with my initial domain login attempt.  So, I hit Ctrl-Alt-Del, put in the username and password, select my domain from the drop down list, and check the box to "Log on using dial up connection."  When I hit "OK", after a short wait, I get a "Logon Message" window.  The message is, "The domain is not available!"  I hit "OK" and am back at the login screen again.  I can't login to the domain.  I can still login with the local administrator (only if I change the "Log on to:" to 'thiscomputer'.)

What I am expecting (as I have seen plenty of times with other tablet PC's connecting this same way), is after entering my domain credentials and hitting "OK" to perform the initial domain login, a "Network Connections" window should come up with a drop down box to select my VPN.  I hit connect, login, and then the computer eventually logs in and creates the local user profile, while downloading all the initial stuff from the server.

The error message does not provide any useful info.  Please help!

Thanks,
Nick
npercivalAsked:
Who is Participating?
 
datatechasConnect With a Mentor Commented:
I see that this question is still in progress and want just to add a comment.

I had the exact same error message on a brand new Lenovo ThinkPad, and was able to solve it by removing the Lenovo Fingerprint Software. After a reboot, the original "Ctrl-Alt-Del" message was back and the "Logon using dial-up connection" function worked properly.

I previously had the same symptom: When I tried to connect to the domain for the first time, I was not able to bring up the VPN connection dialogue. The error message came instead.
0
 
dj_relentlessCommented:
I thought you had to do it once connected to the network to cache the logon details before you could do it remotely.
0
 
ramscoCommented:
Take the computer out of the domain restart,   Reset the account in Active Directory,  Log back on locally now and rejoin it back to the domain restart and you should be able to connect.  
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
ccsistaffCommented:
unless you are using a vpn software capable of knowing when you're not on the domain (which I personally have never seen), you have to be connected to the domain for the first login after joining a domain.  DNS needs to be available for the PC to locate a domain contoller.  Since a VPN cannot be launched until after you login, your computer will never find a Domain Controller before login when remote from the network.
0
 
ChiefITCommented:
It does sound like a DNS problem. Can you logon locally and go to the command prompt to type IPconfig /all and see what you got?  
0
 
npercivalAuthor Commented:
Issue is not a DNS or user problem because this occurs before we even get to that point.  The computer joins the domain properly.  Upon logging in you have the option to select Dial-up connection which even if you are on the LAN that the Domain is on will prompt you to dial a dial up connection.  Regardless of what user ID I put in at this point it does not launch the dial-up connection which is the VPN that will allow it to connect to the domain and authenticate the user.  At this point both the domain and the computer do not know which AD account we are using since I have not connected to the VPN yet.  The VPN is straight up standard config Windows PPTP VPN.  Issue appears to be related to a model of computers that we duplicated the drives on.  One out of the 40 tablets of this model appears to be working, but the rest do not.  All have been assigned new SID and name.  

Other interesting part to this is when I do not check dial-up connection on working computers for a new AD user I get the error message "The system cannot log you on now because the domain "DOMAIN NAME" is not availabe.  While on these wierd systems when you check dial-up connection or not it gives you the message "The domain is not available!"   Very odd problem indeed.
badloginissue.jpg
goodlogin.JPG
0
 
ChiefITCommented:
Is Windows firewall on?
0
 
npercivalAuthor Commented:
Windows Firewall is on with the clients, but not on the AD server of course.  Turning it off does not help though...
0
 
ChiefITCommented:
I am not certain why you choose a dial up connection when you are on the same lan. I can understand that when outside the LAN. It appears what you are trying to do is go from your client computer>>through the WWW>>and VPN into the server. I don't understand the intent of that. Have you considered making a LAN connection for inside the network, then a VPN connection for outside the network. If your PCs are struggling with the lan connection, it could certainly be a driver conflict or a missed configuration within the NIC properties. I think that's where I would start with is the LAN connection, then work on the VPN connection.

You have forty PCs that are not working and one that is. Do you have other makes/models of PCs that are working as you wish? I am trying to contemplate whether the issue is driver based or configuration based issues.

One thing you might try is going into safemode with network support and trying to logon. Safemode with network support will load up the microsoft windows version of a generic driver that should work for your system. That would immediately tell us if it is a driver based problem.

0
 
npercivalAuthor Commented:
Issue is that unless a user is already cached on the machine it will not launch the dial-up connection vpn selection screen even when it is checked.  It just says "The domian is not available".  Problem is these 40 laptops are around the USA and they need to be able to be cached on the system remotly throught the VPN.  VPN also seems to disconnect when you logoff.
0
 
npercivalAuthor Commented:
The users can login to the domain on the LAN.
0
 
ChiefITCommented:
I am stumped on this. I can't figure out why it would be hardware specific.
0
 
npercivalAuthor Commented:
It is not hardware specific.  It has to be something that came preloaded with that windows XP installation.  
0
 
ChiefITCommented:
I am wondering if this is the type of protocol you are using to contact the domain. Windows XP SP3 comes with a patch for L2TP/IPsec NAT-T update. I believe this is the default setting. Depending upon your routers configuration L2tP over IPsec may not work for you unless the router is designed to handle it. You might check the one computer that works and see what service pack it is on.
0
 
npercivalAuthor Commented:
Great find.  Thanks so much.  We spent hours with Lenovo and Microsoft and they had no fix.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.