Domain Not Available


I use a Windows laptop/notebook for work. My employer has our machines connected to a corporate domain, even though most of us are at client site(s) on different networks. This occasionally creates some annoying situations. I experienced one of these situations this morning.

I shutdown my machine due to some software maintenance I was performing (uninstalling the Microsoft VM). Upon startup, I got an error when attempting to login with my domain account:

"The system cannot log you on now because the domain...is not available"

Normally, this just gets logged in your event viewer and is not a problem for you, because Windows caches your last successful attempt to log into the domain. However, Windows only lets you use this cache for 10 consecutive, disconnected logins. This number (10) is only the default. You can modify this setting in Control Panel > Administrative Tools > Local Security Policy > Local Policies > Security Options > Interactive logon: Number of previous logons to cache (in case domain controller is not available). However, it will not help to change this setting after you get the error above. That leaves you with these 3 options:
  1. physically go to the office - uh, if there's no traffic, the office is still 30 minutes away
  2. login with dial-up networking - do you even remember those dial-up numbers? do you still have a modem? how long is that going to take?
  3. connect using the Cisco VPN client - this one worked for me, but there are some prerequisites and specific configurations you will need (see below)
For option #3 (using the Cisco VPN client), your employer [obviously] must offer it as a VPN option. Secondly, you must have access to a local account (non-domain account) that is part of the local Administrators group. If you don't have either Cisco VPN or this local administrator account, then you will have to revert to options #1 or #2. Otherwise, you can use the Cisco VPN client to create a VPN connection that will persist across user login sessions. Here are the steps:
  1. Log into your machine with an account that is a member of the Administrators local group
  2. Start the Cisco VPN client
  3. In the VPN Client window, click the appropriate connection entry. In the menu bar, click Options > Windows Logon Properties
  4. In the VPN Client | Windows Logon Properties window, uncheck the option labeled, Disconnect VPN connection when logging off
  5. In the VPN Client window, click the OK button in response to the warning message
  6. In the VPN Client | Windows Logon Properties window, click the OK button.
Once you connect to this newly altered VPN connection, it will persist even across windows login sessions. This allows you to log off [the current user] and login with your domain user while you still have an open connection to the domain. Once you login, you can close the VPN connection as soon as you need to. You can also revert the VPN client settings back to the previous settings if you feel like it.

2 comments:

Anonymous at: 6:25 AM said...

Nice work!i use proxy and vpn to secure my data,it works like a charm

justin at: 1:48 PM said...

ug.. why does this option not exist for the ANYConnect client. It is exactly what I am looking for.

Post a Comment

Aaron Hursman
Aaron Hursman is a passionate user-advocate who is lucky enough to do what he loves for a living. As a user experience architect, he applies user-centered design principles and techniques including user research, persona development, information architecture, storyboards, wireframes, prototyping, visual design, graphic design, interaction design, and usability. Aaron has a background in web development, enterprise applications, and the social web. At nGame, he is applying his craft to design and build the next generation of enterprise software. Aaron is available as a speaker and author upon request.
Disclaimer: The information in this website is provided "as is" with no warranties, and confers no rights. This website does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my own personal opinion. Inappropriate comments will be deleted at the authors discretion. All instructions and code samples (if any, ever) are provided "as is" without warranty of any kind, either express or implied.