When logging on to a Windows computer in an Active Directory domain, the user may see the following message:
There are currently no logon servers available to service the logon request
There are no servers that could process the request to enter the network
This message indicates that no AD domain controller (logonserver) is available from the computer to which the user can be authenticated.
The problem may be related both to the Windows client itself, or to a more global problem with the health of domain controllers and Active Directory.
Let's look at the typical reasons why such an error may occur and how to fix them.
- Check that your computer is connected to a computer network. Disconnect and reconnect the network cable (if using Ethernet) or reboot your Wi-Fi hotspot;
- Try logging in as a local administrator on the computer. This can be either the built-in administrator account or an additional administrator created manually or using Microsoft LAPS. If you don't know the local administrator password, you can reset it.
You can also try to log in to the computer under the domain account of the user who logged in to this computer earlier. Windows stores the credentials of the last 10 users (cached credentials) in the computer's local cache by default. This is configured using the Group Policy setting Interactive logon: Number of previous logons to cache (in case domain controller is not available under Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options.
Number of users whose credentials are cached on the computer can be retrieved from the registry using PowerShell:( Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon").CachedLogonsCount
If the value of this parameter is 0, then the domain user will not be able to log on to the computer if no domain controllers are available or the computer is not connected to the corporate network.
- Check that Windows sees network adapters;
- Check that your computer has received the correct IP address from your DHCP server using the command ipconfig /all or PowerShell: Get-NetIPConfiguration . Reset network settings with commands:
netsh winsock reset
netsh int ip reset
- If a DHCP server is not available, the computer will receive an IP address in the format 169.254.x.x . Update the IP address ipconfig /release & ipconfig /renew . If the computer does not get an IP address, you should try to specify the IP address and DNS server manually;
- Verify that the DNS client, DHCP client, and netlogon services are running on the computer. Restart services with PowerShell:
get-service Dhcp, Dnscache, Netlogon | restart-service
- Check if the DNS servers specified in the settings of your network adapter are available using the nslookup -> command your_domain_name . Check that the correct DNS server is answering you. If DNS servers are not available, check with the portquery utility that access to them is not blocked by a firewall on port 53 UDP:
PortQry.exe –n your_dns_server -p both -e 53
Check if there are any static DNS entries for your domain in the hosts file:
Get-Content $env:SystemRoot\System32\Drivers\etc\hosts
Delete extra entries from the file.
- Trace a route to your DNS server: tracert your_dns_server
Try looking up a domain controller in DNS:
nltest /dnsgetdc:site.io
- Verify that the client can find the domain controller using a search:
nltest /dsgetdc:site.io
- Try manually switching Windows to use a different AD domain controller:
nltest /SC_RESET:WINITPRO\MSK-DC02.site.io
If the problem with DC unavailability occurs for many users, you need to check the domain controllers and the state of AD.
- Check the health of domain controllers and AD replication;
- Check W32Time(NTP) service and time on DC and clients. It should not differ by more than 5 minutes;
- Verify that Windows Defender Firewall policies on domain controllers are not blocking incoming traffic from clients;
- Check that the netlogon service is running on the domain controller and the SYSVOL and NETLOGON administrative network directories net share are published: (there may be problems with sysvol and netlogon when restoring Active Directory from a backup);
- If you have recently removed a domain controller, check that it was removed correctly;
- Check for SRV records for AD domain controllers in DNS (https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/verify-srv-dns-records-have-been-created). If the DC records have been removed, this will cause problems for clients to find the domain controller and establish a secure channel;
In this article, I tried to collect typical steps for diagnosing an error with the inaccessibility of the Windows server logon.