Issue with sign in to domain account

Adam Erot 51 Reputation points
2022-01-15T14:30:57.01+00:00

Hello guys,

I have an intriguing and annoying at the same time computer puzzle for you.

There are two users and they have computers joined to Domain (Active Directory). On the computers are installed Windows 10. Users have administrative permissions on their computers.

User A:
UPN: john.doe@Company portal .com
SAM: contoso\jdoe

User B:
UPN: mark.smith@Company portal .com
SAM: contoso\msmith

These users were working on their computers and took them to home. In home, one of the user is able to login to computer via UPN (john.doe@Company portal .com), but the second cannot login and he is receiving error message:

"We can’t sign you with this credential because your domain isn’t available. Make sure your device is connected to your organization’s network and try again. If you previously signed in on this device with another credential, you can sign in with that credential."

Workaround is logging in with sAMAccountName (contoso\msmith).

I cannot understand why the windows authentication mechanism behaves in this way. Is this depend on some Windows settings on the computers? I should mention that the same group policy is applied to both computers and users.

Thank you in advance for your response.

Regards,
AErot

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,592 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,541 questions
0 comments No comments
{count} vote

4 answers

Sort by: Most helpful
  1. Andreas Baumgarten 109.4K Reputation points MVP
    2022-01-15T14:36:34.913+00:00

    Hi @Adam Erot ,

    Maybe it's possible Mark and Joe can change the computers for a test?
    Both users should successfully login on the computer in the office and try to login "at home/offline from office".
    This way you can see if the issue is on the user account or on the computer.

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten


  2. Andreas Baumgarten 109.4K Reputation points MVP
    2022-01-15T18:17:51.77+00:00

    Hi @Adam Erot ,

    you should check if both computers and users are really getting the same GPO settings.
    It might be possible, that one computer has a local policy setting which is not defined in an AD GPO.
    For instance you could check for this setting: https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    0 comments No comments

  3. Limitless Technology 39,626 Reputation points
    2022-01-17T13:41:07.057+00:00

    Hello @Adam Erot

    Both sAMAccountName and UPN should be able to connect without problem. The only reasons logical are:

    A) the password change didn't replicated (you can check the logon server with GPRESULT /R)
    B) some DNS issue (check from one DC running DCDIAG)

    Hope this helps with your query,

    ----------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

  4. Mosch, Manuel 0 Reputation points
    2023-10-06T05:12:41.1233333+00:00

    Hello,

    are there any new / solutions about this topic?

    We are facing the same problem in one of our sales offices in Italy.

    Kind regards

    Manuel

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.