I have a computer in a remote location (6 hour drive) on a BOVPN back to our home office. The remote computer is running XP Pro, DC is on Sever 03 all system 100% up to date. The user was logged in and everything was working fine. The user restarted and now can not log on to the system. Gets the "Domain controller can not be reached" error. I can ping the system, and connect with the remote registry, but I get challenged for a password even though I am logged in as an Admin. When I give it the login information for the admin accoutn, it tells me "Access is denied". Any advice for what I could try before I drive 6 hours?
SnapOverflow
You could have the remote user pull the network cable and login with his cached credentials.
I would use a windows password reset disk and reset the local admin password and then rejoin the domain.
All new systems get random passwords set to the local admin account which we keep in a database for cases such as this.
We've seen systems "fall off" the domain, usually due to time differences. If that system has its clock misset that can cause issues (think it's tied to the Kerberos aspects of Active Directory). We end up having to remove and re-add the system to the Active Directory again to fix the login issue if a clock change doesn't help.
Since your user can't log into the computer to see what the time is, you may be kind of stuck. I would advise installing something like a VNC server so you can log into it remotely as a local user and make adjustments as necessary (make sure the firewall software is set up to allow the remote connections).
You might also want to consider adding a backup domain controller to the remote site in case down the road you have VPN issues that disconnect your networks, plus having a backup controller isn't a bad idea at a remote site for caching and recovery issues.
Hope this helps...
I had this exact thing happen a couple of weeks ago. It ended up being a SID issue, I simply temporarily joined it to a workgroup (took it off of the domain) and re-added it, and it worked. The SID's can become corrupt, and this is quite possibly your issue.
Hopefully you have someone out at the remote location that can help you. As far as the Admin account you may have to use something like trinity.
Also have you tried to have the user boot into safe mode and log-in locally that way?
This will help, IF you know the local Administrator password for the PC
You will be able to RDP into the computer using the local administrator username and password even though it is a domain member.
If RDP is disabled, you can enable it, by talking the local user through editing the registry in safe mode, to modify this key. If its value is 0 then RDP is enabled.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
Good luck
sounds like directory services failed to start upon the reboot and it is required to be booted into DS restore mode and a sys state restore completed - check your disks and replace any with media errors or grown defects !
from experience :-)