Assume that you have a computer that is running Windows 7 or Windows Server R2 in a Windows Server R2-based domain environment. When there are no domain controllers available, the computer's startup and logon processes may be slower than expected. Note The time that is required to start and log on to the computer increases when one or more of the following conditions are true:.
When domain controllers are unavailable, the computer tries four times to locate a domain controller, and an event is logged for each try. The event that is logged during the first try resembles the following: The events that are logged during the second, third, and fourth attempts resemble the following:.
This issue occurs because the GetUserNameEx function tries to locate a domain controller three times after the first try fails. Then, the Group Policy engine has to retrieve the distinguished name of the policy target by calling the GetUserNameEx function. However, if a domain controller is not available, it is unnecessary for the function to try repeatedly to locate a domain controller.
This hotfix is also available at Microsoft Update Catalog. Important This hotfix has been re-released to address an issue in which the digital signature on files produced and signed by Microsoft will expire prematurely, as described in Microsoft Security Advisory A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article.
Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix. If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. I have created a hyper-v guest on this machine also running window server I joined this guest machine to the domain. These are the only two servers in the network. I have read a number of articles on which ports to open, but they are not helpful.
All i know is that there are active rules which, if disabled, allow my domain user to login to the guest os server. I am avoiding the try-one-at-a-time process of elimination as too tedious. I suspect that there is a rule requiring modification or disablement but not sure what the impacts of that might be.
Any suggestions on which rules are blocking login? My isp seems to require it but i don't know why. In my experience, you generally don't need to do special firewall configuration for a domain controller to be able to receive authentication requests. I am curious to know what Get-NetConnectionProfile returns. I would expect your VM's nice to be using the Domain profile; however, if have seen instances where this gets messed up.
If it's public, then that's likely the problem. Did you also restart the Network Location Awareness service? Even if that doesn't resolve your problem, the profile still needs to be domain.
So I took another step back and have to admit sheepishly that I don't have a functioning network connection on that computer. No lights on the card. Again thank you for taking the time. Anne, no problem at all Cheers, Marcin. Yes, no problem at all. And people wonder why you ask the basic questions like -Is the power on? I am happy to report that "It's all good" now that I have a working connection. Take care Have a good weekend Anne. Cheers Anne Just for future if you get the "Domain is not Available" error it is almost always related to the lack of a link or a network cable unplugged.
I must have it about 2x a week in my domain and that is always the reason. Monday, June 1, AM. Hello lforbes, If you read Anne original email she said:she can log into a domain from computer A using Joe Accounting but when you try to logon from that same computer using a different user Joe marketing, she get an error "Domain not Available"?
A cached profile will let you logon even if the domain is not available. I don't allow any cached profiles in my domain.
They are set to delete on logoff, cache is set to "0" and I have a DOS startup script to delete the leftover profiles if there are any so no user cannot logon to the machine unless the domain is there. She did say "So I took another step back and have to admit sheepishly that I don't have a functioning network connection on that computer. Hi Iforbes, Can u please let me know how can I set to delete cache in logof.
Thanks Binna. Thanks Binna Hi, Syed posted the registry entry. However there is a Group Policy which I find useful if you have more than a few computers. Beware though if you have ANY computers in the OU that have local users or local users profile settings they will be deleted unless you add the folder name to the Exempt Line. Tuesday, June 2, AM. Hi All,. Seems I am also running into the same issue with userA able to login and userB geting the error message as "domain not available".
0コメント