How to Join a Microsoft Domain Behind a VPN

Join Us

I got my new corporate notebook a few days ago and I’m now busy with the setup (an article will follow soon).

I need to run a Windows XP guest in a VM. I’m a mobile user and never directly connected to the company LAN. I had to join the Microsoft domain remotely through a VPN connection.

Using the local administrator credentials, I had no problem to set up the VPN and join my company domain. But a problem ocurred when I rebooted the VM and tried to log on again using the newly created account:

The system cannot log you on now because the domain xxx 
is not available."

Of course, I was not yet logged in and my VPN client not started! No access to the Microsoft servers… In such case, Google is often your best friend: I found the following document which explains how to configure several VPN clients: Join a domain during Windows logon using a VPN client [pdf].

Nice! But I faced another blocking issue: We are using strong authentication with a token. It’s was impossible to configure the VPN for auto-logon! (a new token is generated every x minutes)

The next idea was to use the Fast User Switching feature of Windows XP. Helas, it’s not supported on machines with domain accounts!

Finally, I was able to log on for the first time using the method described below. [Note: This worked only because my domain user had local administrator rights]

  • Log on with your local administrator credentials;
  • Setup the VPN session;
  • Press Windows-L (You’ll be back to the logon screen with a “screen locked” message but the VPN session is still up);
  • Press CTRL-ALT-DEL and unlock the administrator with your domain credentials (don’t forget to select the domain install of the local workgroup!);
  • The administrator session is killed and you come back to the logon screen (the VPN session is killed);
  • Try again with your domain account. It works!

Once again, it worked for me because have local administrative rights via my domain user credentials! Time to go to bed now…

Post Navigation