Smartcard Logon: The domain specified is not available. Please try again later

active-directory windows-server-2008-r2 windows-7 ad-certificate-services smartcard
57,726

The problem is that the domain specified in the authencation certificate is invalid or inaccessble. Open client certificate (in certificate manager), switch to Details tab and scroll down to Subject Alternative Names certificate extension. Check for User Principal Name. It contains logon user name and authoritative domain for your user account. Client workstation attempts to contact specified domain to validate your credentials and fails.

Share:
57,726

Related videos on Youtube

The_Glidd
Author by

The_Glidd

Updated on September 18, 2022

Comments

  • The_Glidd
    The_Glidd almost 2 years

    I'm standing up a test lab.

    Using AD CS, I've deployed a smartcard logon cert to an HID Crescendo C1150. When I attempt to log on to a WIN7 workstation with the smartcard, I'm greeted with:

    The system could not log you on. The domain specified is not available. Please try again later.

    The machine is wired into a lab switch. If I logon with username:password, I can verify that the workstation has network connectivity and can reach the domain controller.

    Any insights would be appreciated.

    • Greg Askew
      Greg Askew over 8 years
      What Active Directory configuration have you performed to enable smart card authentication?
    • The_Glidd
      The_Glidd over 8 years
      None. The guides I've looked at don't mention AD DS configurations. To this point, I've basically published a template in AD CS, then performed web enrollment from the client machine. Of possible note, on AD DS, if the Users > <uname> > Account > Account Options > Smart card is required for interactive logon box is checked, there is no change in behavior.
    • bobmagoo
      bobmagoo over 8 years
      Are you sure it's not just using cached credentials for the username/password logon? I'd try creating a new user on the domain and logging in with that. That error really does mean that it can't find the DC. Is your DNS on the client pointing to the DC?
    • The_Glidd
      The_Glidd over 8 years
      No. At some point, while fiddling around with the ipv4 settings, I removed my static setting to the DNS server. Once I set the DNS, everything is working as expected. Thanks for the helpful advice, everyone. Now I'm kicking myself!
  • Crypt32
    Crypt32 over 8 years
    what kind of OID?
  • Crypt32
    Crypt32 over 8 years
    no, OID is irrelevant. Smart card authentication uses only User Principal Name choice.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

GPO not applying to Clients
GPO Software Deployment Errors %%1274 and %%2
How to get additional Account Info tab in ADUC with Taskpads
How do you get around security warnings when redirecting AppData?
How to autoenroll certificates from a Certification Authority in a trusted domain?
AD CS: Certificate Template not available
Computers losing contact to the Domain
'The'account is not authorized to login from this station' error while trying to acccess network share
Domain User Account Locks: Correct password used
Joining an Active Directory domain using netdom