I got my new corporate notebook a few days ago and I’m now busy with the setup (an article will follow soon).
I need to run a Windows XP guest in a VM. I’m a mobile user and never directly connected to the company LAN. I had to join the Microsoft domain remotely through a VPN connection.
Using the local administrator credentials, I had no problem to set up the VPN and join my company domain. But a problem ocurred when I rebooted the VM and tried to log on again using the newly created account:
The system cannot log you on now because the domain xxx is not available."
Of course, I was not yet logged in and my VPN client not started! No access to the Microsoft servers… In such case, Google is often your best friend: I found the following document which explains how to configure several VPN clients: Join a domain during Windows logon using a VPN client [pdf].
Nice! But I faced another blocking issue: We are using strong authentication with a token. It’s was impossible to configure the VPN for auto-logon! (a new token is generated every x minutes)
The next idea was to use the Fast User Switching feature of Windows XP. Helas, it’s not supported on machines with domain accounts!
Finally, I was able to log on for the first time using the method described below. [Note: This worked only because my domain user had local administrator rights]
- Log on with your local administrator credentials;
- Setup the VPN session;
- Press Windows-L (You’ll be back to the logon screen with a “screen locked” message but the VPN session is still up);
- Press CTRL-ALT-DEL and unlock the administrator with your domain credentials (don’t forget to select the domain install of the local workgroup!);
- The administrator session is killed and you come back to the logon screen (the VPN session is killed);
- Try again with your domain account. It works!
Once again, it worked for me because have local administrative rights via my domain user credentials! Time to go to bed now…