‘There are no logon servers available’ – Rebuilding AD Laptop Remotely With VPN

vector_displayA recent upgrade to my work laptop (replacing the standard SATA 250GB drive with a super fast 256GB OCZ Vector SSD) prompted me to rebuild my OS with a fresh copy of Windows 7 Professional x64.

As you would expect, my work laptop is domain connected, so my main user profile is within the domain – but only being in the office very infrequently meant that I was actually building the new Windows instance at home away from the domain. Here was the rub: laptop needs to be domain connected to restore a domain profile – but I’m at home and the AD servers are remote and require a VPN. Also, once restored, the domain account cannot authenticate to a remote AD server without a VPN connection, but the VPN isn’t available until after first successful login. Chicken & Egg. Bugger!

What you don’t want to do is drive 100 miles to the office, just to connect to the wire that will allow your credentials to cache correctly – there MUST be a better way. Luckily, there is!

I decided to use the ‘Windows Easy Transfer’ application to backup my laptop profiles to an external USB drive instead of using a SATA drive cable and a clone technique. I’ve had issues with cloning drives before, and this was probably as good a time as any to do a little housekeeping on my OS instead of porting all the rubbish that accumulates over time. Here was the process I followed, to restore my domain connectivity and profile:

  1. Use the Windows Easy Transfer to make a backup of all the local profiles and shared items on the laptop that are needed to be ported to the new drive.
  2. Remove the old drive, then install the new SSD drive per the manufacturers instructions.
  3. Install a new copy of Windows to the new SSD drive.
  4. Create a new local administrator account as part of the Windows installation.
  5. Create a new VPN connection to your domain, using whatever method is required by your VPN provider.
  6. Join the new OS to the AD network (My Computer > Properties > Network Settings > Network ID), using a domain account with domain-joining permissions.
  7. Reboot the OS.
  8. Login to the new local account, and add your AD domain account to the Local Administrators group.
  9. Reboot the OS.
  10. Use Windows Easy Transfer to restore the profiles and shared settings backed-up in Step 1 above.

Once this is complete, your domain account and all information and settings will have been restored to your new SSD drive. If you try and login to the domain account however, this will result in the ‘No logon servers are available’ error message, as your profile will not have any cached credentials with which to authenticate to the domain.

  1. Login to the local account, and establish the VPN connection to the remote domain as in Step 5 above.
  2. Once connected, either hit Ctrl+Alt+Del or Start > Switch-User to re-authenticate the next user whilst the VPN is still connected.
  3. Login to the remote domain account, and the VPN connection will remain active long enough to authenticate the domain account with the remote AD domain – this process will also create a set of cached credentials to allow login to the domain account without a VPN connection.

I created this quick KB using a SonicWALL VPN client, but have tested it with other VPNs (including vCloud Director / vCNS Edge) and that works too.logo_Dell-SonicWALL-footer

Jeremy loves all things technology! Has been in IT for years, loves Macs (but doesn't preach to others about their virtues), loves virtualization (and does shout about it's virtues), and sometimes skis, bikes and directs amateur plays!

Leave a Reply

Your email address will not be published. Required fields are marked *