?
Solved

"The domain is not available!"

Posted on 2009-04-30
15
Medium Priority
?
1,227 Views
Last Modified: 2012-05-06
Hey everyone!

I am getting a very strange error that I can duplicate, but can not solve.  

I've got a tablet PC (XP Pro, SP3) that I can log into using the local administrator account and a domain controller (Win2k3 Server) that I can successfully connect to through a VPN.  I am trying to add the tablet to the domain and login to the domain as a user.

So, after I successfully add the tablet to my domain, I reboot, and then proceed with my initial domain login attempt.  So, I hit Ctrl-Alt-Del, put in the username and password, select my domain from the drop down list, and check the box to "Log on using dial up connection."  When I hit "OK", after a short wait, I get a "Logon Message" window.  The message is, "The domain is not available!"  I hit "OK" and am back at the login screen again.  I can't login to the domain.  I can still login with the local administrator (only if I change the "Log on to:" to 'thiscomputer'.)

What I am expecting (as I have seen plenty of times with other tablet PC's connecting this same way), is after entering my domain credentials and hitting "OK" to perform the initial domain login, a "Network Connections" window should come up with a drop down box to select my VPN.  I hit connect, login, and then the computer eventually logs in and creates the local user profile, while downloading all the initial stuff from the server.

The error message does not provide any useful info.  Please help!

Thanks,
Nick
0
Comment
Question by:npercival
15 Comments
 
LVL 4

Expert Comment

by:dj_relentless
ID: 24276317
I thought you had to do it once connected to the network to cache the logon details before you could do it remotely.
0
 

Expert Comment

by:ramsco
ID: 24276332
Take the computer out of the domain restart,   Reset the account in Active Directory,  Log back on locally now and rejoin it back to the domain restart and you should be able to connect.  
0
 
LVL 3

Expert Comment

by:ccsistaff
ID: 24276440
unless you are using a vpn software capable of knowing when you're not on the domain (which I personally have never seen), you have to be connected to the domain for the first login after joining a domain.  DNS needs to be available for the PC to locate a domain contoller.  Since a VPN cannot be launched until after you login, your computer will never find a Domain Controller before login when remote from the network.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 39

Expert Comment

by:ChiefIT
ID: 24277218
It does sound like a DNS problem. Can you logon locally and go to the command prompt to type IPconfig /all and see what you got?  
0
 

Author Comment

by:npercival
ID: 24281575
Issue is not a DNS or user problem because this occurs before we even get to that point.  The computer joins the domain properly.  Upon logging in you have the option to select Dial-up connection which even if you are on the LAN that the Domain is on will prompt you to dial a dial up connection.  Regardless of what user ID I put in at this point it does not launch the dial-up connection which is the VPN that will allow it to connect to the domain and authenticate the user.  At this point both the domain and the computer do not know which AD account we are using since I have not connected to the VPN yet.  The VPN is straight up standard config Windows PPTP VPN.  Issue appears to be related to a model of computers that we duplicated the drives on.  One out of the 40 tablets of this model appears to be working, but the rest do not.  All have been assigned new SID and name.  

Other interesting part to this is when I do not check dial-up connection on working computers for a new AD user I get the error message "The system cannot log you on now because the domain "DOMAIN NAME" is not availabe.  While on these wierd systems when you check dial-up connection or not it gives you the message "The domain is not available!"   Very odd problem indeed.
badloginissue.jpg
goodlogin.JPG
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24288884
Is Windows firewall on?
0
 

Author Comment

by:npercival
ID: 24297621
Windows Firewall is on with the clients, but not on the AD server of course.  Turning it off does not help though...
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24304544
I am not certain why you choose a dial up connection when you are on the same lan. I can understand that when outside the LAN. It appears what you are trying to do is go from your client computer>>through the WWW>>and VPN into the server. I don't understand the intent of that. Have you considered making a LAN connection for inside the network, then a VPN connection for outside the network. If your PCs are struggling with the lan connection, it could certainly be a driver conflict or a missed configuration within the NIC properties. I think that's where I would start with is the LAN connection, then work on the VPN connection.

You have forty PCs that are not working and one that is. Do you have other makes/models of PCs that are working as you wish? I am trying to contemplate whether the issue is driver based or configuration based issues.

One thing you might try is going into safemode with network support and trying to logon. Safemode with network support will load up the microsoft windows version of a generic driver that should work for your system. That would immediately tell us if it is a driver based problem.

0
 

Author Comment

by:npercival
ID: 24310224
Issue is that unless a user is already cached on the machine it will not launch the dial-up connection vpn selection screen even when it is checked.  It just says "The domian is not available".  Problem is these 40 laptops are around the USA and they need to be able to be cached on the system remotly throught the VPN.  VPN also seems to disconnect when you logoff.
0
 

Author Comment

by:npercival
ID: 24310255
The users can login to the domain on the LAN.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24337359
I am stumped on this. I can't figure out why it would be hardware specific.
0
 

Author Comment

by:npercival
ID: 24338446
It is not hardware specific.  It has to be something that came preloaded with that windows XP installation.  
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24347544
I am wondering if this is the type of protocol you are using to contact the domain. Windows XP SP3 comes with a patch for L2TP/IPsec NAT-T update. I believe this is the default setting. Depending upon your routers configuration L2tP over IPsec may not work for you unless the router is designed to handle it. You might check the one computer that works and see what service pack it is on.
0
 
LVL 2

Accepted Solution

by:
datatechas earned 2000 total points
ID: 24567927
I see that this question is still in progress and want just to add a comment.

I had the exact same error message on a brand new Lenovo ThinkPad, and was able to solve it by removing the Lenovo Fingerprint Software. After a reboot, the original "Ctrl-Alt-Del" message was back and the "Logon using dial-up connection" function worked properly.

I previously had the same symptom: When I tried to connect to the domain for the first time, I was not able to bring up the VPN connection dialogue. The error message came instead.
0
 

Author Closing Comment

by:npercival
ID: 31576751
Great find.  Thanks so much.  We spent hours with Lenovo and Microsoft and they had no fix.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question