Some IT admins report issues with Windows XP workstations that are joined to a Windows 2003 Active Directory domain. These workstations are part of the domain, however, when a domain user tries to authenticate and logon to the domain from one of these workstations they cannot login and receive the following error message:
Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear contact your System Administrator for assistance.
This error is received even though the computer account for the workstation and user account for the user both exist.
This or error may appear when a PC is replaced with another computer with the same computer name without first deleting the duplicate computer name from the Active Directory domain before joining the new workstation to the domain with the same duplicate name.
The funny part is that the symptom may either appear immediately at the first try, or even after a few successful logons.
The cause of the error is usually related to security identifier (SID) issues. Another possible cause for the error is that the computer account for the workstation was accidentally deleted from the Active Directory domain.
Another common cause for the error is using Norton Ghost or any other similar disk cloning software. This happens when the administrator has cloned one XP machine and reproduced it to many other new computers without first using and running Microsoft‘s SYSPREP utility (read more on that in a different article).
In most cases, the error does not have anything to do with the user account part, only with the computer account.
The resolution to the above error is:
- Login to the Windows Server 2003 Domain Controller, open DSA.MSC (Active Directory Users and Computers) and delete the computer account object from the domain.
- Login to the Windows XP workstation as a local administrator. If you cannot logon as local administrator, try to disconnect the network cable and login to the computer by using a domain administrator user that was used to logon on the PC before. This will be made possible because of the cached logon credentials feature that remembers the last 10 successful logons.
- Go to Control Panel, then click on System icon, then go to Computer Name tab. You can also do this by right-clicking My Computer, and then Properties or by pressing the Windows logo key ÿ and Break.
- Remove the computer from the domain by clicking on “Change”. You should see that Domain button is now selected. Remember your domain name in the text box. Select the “Workgroup” radio button to remove the computer from the domain, and put any workgroup name in the text box (e.g. workgroup).
- Click OK to exit and reboot the computer.
- After the computer restarts, go back to Control Panel > System > Computer Name tab, and click Change.
- Rejoin the domain by chocking the Domain button. Enter the domain name noted in step 4.
- You might be prompter to enter the credentials of one of the Domain Admin users. This can be bypassed if one of the Domain Admins manually creates a computer account in Active Directory Users and Computers for the workstation you‘re about to join.
- Click OK to exit.
- Reboot the PC.