Users who use systems in organizations, systems that are supposed to be joined to a domain, connected to the company network and bound under a common group policy, have often reported an error:
We can’t sign you with this credential because your domain isn’t available. Make sure your device is connected to your organization’s network and try again. If you previously signed in on this device with another credential, you can sign in with that credential.
Upon reading this error, the first thought that comes into mind is that the system is not joined to the right domain, and we would need to log in as an administrator and do the needful. However, that is rarely the case. Rather, most users were able to log in to their system well before getting this error, so it shouldn’t be that the system suddenly disjoined from the domain.
We could try the following solutions sequentially to troubleshoot the issue:
Solution 1] Reboot the system with no network connectivity
To read the status of the system’s link to the organization, the system needs to be connected to the network. However, a lesser known fact is that we do not actually need to log in to the system to connect it to the internet. If any network was set to default, the system would connect to the network before it reaches the lock screen. To isolate this issue, we would need to disconnect the network and reboot the system.
1] You could see the Network connectivity icon on the bottom-right corner of the screen. Disconnect from the network from there.
2] If that isn’t possible, try to disconnect the sources of the network connection manually (eg. plug out the ethernet cable or switch OFF the WiFi router).
3] Restart the system and check if it helps this time.
If this doesn’t work, log in to the system as the Administrator to perform the troubleshooting suggested further.
Solution 2] Remove the user from the protected user group
The protected user group is managed by an organization’s IT team, or in general by the server admin of a group of managed systems. If a users is added to this group, he might face issues logging in normally, especially is the addition is recent. At times, it changes the associated domain (has happened with me twice). Thus, we would have to contact the team controlling the permissions in the active directory to make changes accordingly.
Solution 3] Using Security policy snap-in
1] Press Win + R to open the Run window. Type the command secpol.msc and press Enter to open the Security policy snap-in.
2] Go to Security Settings >> Local Policies >> Security Options.
3] On the right-pane, locate the policy Interactive logon: Number of previous logons to cache (in case domain controller is not available) and double-click it to change its value. Change the value if “Do not cache logons” to 0.
Solution 4] Change the DNS server address
1] Press Win + R to open the Run window and type the command ncpa.cpl. Press Enter to open the Network connections window.
2] Right-click on your network adapter select Properties. You might need administrator permission for the same.
3] Double-click on Internet Protocol Version 4 to open its properties.
4] Shift the radio button to Use the following DNS server address.
5] Enter the following values:
Preferred DNS address: 18.104.22.168
Alternate DNS address :22.214.171.124
6] Click on OK to save the settings and reboot the system.
Solution 6 ] Remove corrupted profile from registry editor
1. Search regedit in windows 10 search box and open registry editor.
2. Before proceeding , just take a backup of Registry editor by Going to file > Export in the registry editor.
3. Now, go to the following location in the registry editor.
4. Expand profile list and find the key in the left menu having .bak in the end in the format (S-1-5-21-XXXX…XX) , where xx….xx is any number.
There must be having another key with the same number without having .bak at the end. Delete that.
5. Now, rename key with .bak at the end and remove .bak from the end.
6. Restart your computer
Hope it helps!