I recently added an Active Directory Domain Controller to our network on Windows Server 2012. The domain name is software.eng.apl. I can join a Windows 10 computer to the software.eng.apl domain by selecting the Windows Start icon > System > Change settings > Change, and entering software.eng.apl in Domain. A pop-up box appears stating "Welcome to the software.eng.apl domain". In Active Directory Users and Computers, the client PC is listed in the Computers folder, which verifies that the client PC is able to join the domain.
I have created a User account in Active Directory Users and Computers. The user logon name is [email protected] and the password id Password01.
John Doe is a member of Domain Users.
At the Windows 10 logon screen, when I select "connect to Internet", it shows that I am connected to software.eng.apl.
On the Windows 10 client PC, if I sign out of Windows and then attempt to sign in with [email protected], The User Profile Service failed the logon is displayed. I can sign into the client PC with a local user account. The NETLOGON service is running on both the Windows 10 client PC and the Windows Server 2012 Domain Controller.
I know the logon request is reaching the Domain Controller because there is a Kerberos service ticket request from [email protected] in Event Viewer > Windows Logs > Security.
There is also an event on the Windows 10 client with Event ID 4624, signifying a successful logon. It is noteworthy that both the Windows 10 client and Domain Controller have the event at 1:07:56 AM, meaning that both machines have the time in sync.
The client PC and Domain Controller are connected to the same switch. We are not using a VPN. Both are connected to the same NTP server.
On the client machine, I have done the following to ensure that networking is started before logon: Launch gpedit.msc > Computer Configuration > Administrative Templates > System > Logon, and then I enable "Always wait for the network at computer startup and logon."
I also did the following: Launch gpedit.msc > Computer Configuration > Administrative Templates > System > Group Policy >, and then I set "Startup policy processing wait time" to 120.
I am not sure what I should check next for this issue.
After a few additional days of troubleshooting, I finally discovered the solution to the problem I was facing. I was able to sign into the domain using [email protected] on other Windows PCs in the domain. I came to learn that there can be an issue with the C:\Users\Default folder on the client PC. To resolve this issue, I made a copy of the C:\Users\Default folder from another Windows PC, and then replaced the C:\Users\Default folder on the problem PC. After replacing the C:\Users\Default folder, I was able to sign into the PC using [email protected].