WinXP workstation - Domain Admin accts no longer can logon

WinXP workstation - Domain Admin accts no longer can logon: Posted by Jim Walsh on April 21st, 2005; I have a WinXP workstation in a WinNT 4.0 domain.

Earlier today I was logging onto this workstation using one of my domain
admin accounts without a problem.

Later, when I attempted to logon again with that account I got an error
message saying "The system cannot log you on now becasue the domain
<MyDomain> is not available."

I tried with a 2nd Domain Admin account and got the same result. I was able
to logon with several other domain user accounts without a problem.

I tried a third Domain Admin account and I was able to log on with that
account.

When I went to the Local User and Groups control panel on that XP
workstation, I noticed that the accounts that had successfully logged on
were also listed explicitly in the local Administrators group as
<MyDomain>\<acctname>. The 2 Domain Admin accts that failed to logon were
not listed there. As far as I know they shouldn't have to be there.

But, I decided that I would explicitly add them. When I did, I observed a
couple of strange things.
(1) In the Administrators Properties window I clicked on the Add button to
get the "Select Users or Groups" window. In about half of the times I tried
this, the "From this location" textbox had the name of the local computer in
it instead of the domain name. The other half of the time it had the domain
name in it.

(2)In a situation where the "From this location" textbox did have the domain
name in it, I typed in the domain account I wanted to add and clicked Check
Names. I did this for each of the two Domain Admin member accts I wanted to
add. They appeared to verify correctly, so I clicked OK. However, when I
returned to the Administrator properties window, the two account names were
not there instead there were 5 SIDs with a small face with a question mark
icon on it. Doing some research, I could find that one of the 5 SIDs
belonged to a domain user account on the local computer. The other 2 SIDs
were the SIDs on the PDC for the two Domain Admin members that I was having
trouble with. (I hope this is clear enough).

I was able to reproduce the logon problem of these two accounts on another
computer near the first computer. However, the problem does not reproduce
itself on another computer on the other side of the room.

Thanks in advance for your help.
Jim

Similar Posts

how to deny domain user from logon to a WinXP PC? (Security & Administration) by Gundam
How to make WinXp workstation part of W2k Server 2003 domain? (Windows Server) by Simon White
RDC to network workstation fails with domain but not local logon (Windows Server) by David P. Lurie
Used Laptop..have access to all admin accts, but not all privledges (Windows XP) by Daverino
Can't Logon--Changed admin account from domain workgroup, cannot logon now. (Windows 2000) by Tommy