How to Join a Microsoft Domain Behind a VPN

Join Us

I got my new corporate notebook a few days ago and I’m now busy with the setup (an article will follow soon).

I need to run a Windows XP guest in a VM. I’m a mobile user and never directly connected to the company LAN. I had to join the Microsoft domain remotely through a VPN connection.

Using the local administrator credentials, I had no problem to set up the VPN and join my company domain. But a problem ocurred when I rebooted the VM and tried to log on again using the newly created account:

The system cannot log you on now because the domain xxx 
is not available."

Of course, I was not yet logged in and my VPN client not started! No access to the Microsoft servers… In such case, Google is often your best friend: I found the following document which explains how to configure several VPN clients: Join a domain during Windows logon using a VPN client [pdf].

Nice! But I faced another blocking issue: We are using strong authentication with a token. It’s was impossible to configure the VPN for auto-logon! (a new token is generated every x minutes)

The next idea was to use the Fast User Switching feature of Windows XP. Helas, it’s not supported on machines with domain accounts!

Finally, I was able to log on for the first time using the method described below. [Note: This worked only because my domain user had local administrator rights]

  • Log on with your local administrator credentials;
  • Setup the VPN session;
  • Press Windows-L (You’ll be back to the logon screen with a “screen locked” message but the VPN session is still up);
  • Press CTRL-ALT-DEL and unlock the administrator with your domain credentials (don’t forget to select the domain install of the local workgroup!);
  • The administrator session is killed and you come back to the logon screen (the VPN session is killed);
  • Try again with your domain account. It works!

Once again, it worked for me because have local administrative rights via my domain user credentials! Time to go to bed now…