Fix We can’t sign you with this credential because your domain isn’t available

Users who use systems in organizations, systems that are supposed to be joined to a domain, connected to the company network and bound under a common group policy, have often reported an error:

We can’t sign you with this credential because your domain isn’t available. Make sure your device is connected to your organization’s network and try again. If you previously signed in on this device with another credential, you can sign in with that credential.We Can’t Sign You With This Credential Because Your Domain Isn’t Available.

Upon reading this error, the first thought that comes into mind is that the system is not joined to the right domain, and we would need to log in as an administrator and do the needful. However, that is rarely the case. Rather, most users were able to log in to their system well before getting this error, so it shouldn’t be that the system suddenly disjoined from the domain.

We could try the following solutions sequentially to troubleshoot the issue:

Solution 1] Reboot the system with no network connectivity

To read the status of the system’s link to the organization, the system needs to be connected to the network. However, a lesser known fact is that we do not actually need to log in to the system to connect it to the internet. If any network was set to default, the system would connect to the network before it reaches the lock screen. To isolate this issue, we would need to disconnect the network and reboot the system.

1] You could see the Network connectivity icon on the bottom-right corner of the screen. Disconnect from the network from there.

Wifi Icon On Lock Screen


2] If that isn’t possible, try to disconnect the sources of the network connection manually (eg. plug out the ethernet cable or switch OFF the WiFi router).

3] Restart the system and check if it helps this time.

If this doesn’t work, log in to the system as the Administrator to perform the troubleshooting suggested further.

Solution 2] Remove the user from the protected user group

The protected user group is managed by an organization’s IT team, or in general by the server admin of a group of managed systems. If a users is added to this group, he might face issues logging in normally, especially is the addition is recent. At times, it changes the associated domain (has happened with me twice). Thus, we would have to contact the team controlling the permissions in the active directory to make changes accordingly.

Solution 3] Using Security policy snap-in

1] Press Win + R to open the Run window. Type the command secpol.msc and press Enter to open the Security policy snap-in.

2] Go to Security Settings >> Local Policies >> Security Options.

3] On the right-pane, locate the policy Interactive logon: Number of previous logons to cache (in case domain controller is not available) and double-click it to change its value. Change the value if “Do not cache logons” to 0.

Local Policy Edit


Solution 4] Change the DNS server address

1] Press Win + R to open the Run window and type the command ncpa.cpl. Press Enter to open the Network connections window.

2] Right-click on your network adapter select Properties. You might need administrator permission for the same.

Wifi Properties


3] Double-click on Internet Protocol Version 4 to open its properties.

Internet Protocol Version 4


4] Shift the radio button to Use the following DNS server address.

5] Enter the following values:

Preferred DNS address:

Alternate DNS address  :

Change Dns


6] Click on OK to save the settings and reboot the system.

Solution 6 ] Remove corrupted profile from registry editor

1. Search regedit in windows 10 search box and open registry editor.

2. Before proceeding , just take a backup of Registry editor by Going to file > Export in the registry editor.

3. Now, go to the following location in the registry editor.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

4. Expand profile list and find the key in the left menu having .bak in the end in the format (S-1-5-21-XXXX…XX) , where xx….xx is any number.

There must be having another key with the same number without having .bak at the end. Delete that.

Regedit Profile Corrupt

5. Now, rename key with .bak at the end and remove .bak from the end.

6. Restart your computer

Hope it helps!

Solution 7] At login screen choose domain user to login

At login screen, choose domain user to login into the system

6 thoughts on “Fix We can’t sign you with this credential because your domain isn’t available”

  1. Nothing of all these worked for me. At the end, I just changed computer to an static IP which solved the problem… later I changed back to dinamic and everything was still working. Hope this helps

  2. You can also get then when using Remote Desktop to connect from a non-domain pc to a domain pc and you are using the email style username ([email protected]). Changing the user to the conventional style(DOMAIN\username) will resolve this.

  3. I was issued a school laptop (me working for the school from home) and I just tried to log in for the first time and I receive the error message.

Comments are closed.