Smartcard Logon: The domain specified is not available. Please try again later
The problem is that the domain specified in the authencation certificate is invalid or inaccessble. Open client certificate (in certificate manager), switch to Details tab and scroll down to Subject Alternative Names
certificate extension. Check for User Principal Name
. It contains logon user name and authoritative domain for your user account. Client workstation attempts to contact specified domain to validate your credentials and fails.
Related videos on Youtube
The_Glidd
Updated on September 18, 2022Comments
-
The_Glidd almost 2 years
I'm standing up a test lab.
Using AD CS, I've deployed a smartcard logon cert to an HID Crescendo C1150. When I attempt to log on to a WIN7 workstation with the smartcard, I'm greeted with:
The system could not log you on. The domain specified is not available. Please try again later.
The machine is wired into a lab switch. If I logon with username:password, I can verify that the workstation has network connectivity and can reach the domain controller.
Any insights would be appreciated.
-
Greg Askew over 8 yearsWhat Active Directory configuration have you performed to enable smart card authentication?
-
The_Glidd over 8 yearsNone. The guides I've looked at don't mention AD DS configurations. To this point, I've basically published a template in AD CS, then performed web enrollment from the client machine. Of possible note, on AD DS, if the Users > <uname> > Account > Account Options > Smart card is required for interactive logon box is checked, there is no change in behavior.
-
bobmagoo over 8 yearsAre you sure it's not just using cached credentials for the username/password logon? I'd try creating a new user on the domain and logging in with that. That error really does mean that it can't find the DC. Is your DNS on the client pointing to the DC?
-
The_Glidd over 8 yearsNo. At some point, while fiddling around with the ipv4 settings, I removed my static setting to the DNS server. Once I set the DNS, everything is working as expected. Thanks for the helpful advice, everyone. Now I'm kicking myself!
-
-
Crypt32 over 8 yearswhat kind of OID?
-
Crypt32 over 8 yearsno, OID is irrelevant. Smart card authentication uses only User Principal Name choice.