When logging into a Windows computer in an Active Directory domain, a user may encounter the following error:
There are currently no logon servers available to service the logon request
This message indicates that the computer cannot reach any Active Directory domain controller (logonserver) to authenticate the user.
The issue may stem from the Windows client itself or a broader problem with the availability of domain controllers and Active Directory.
Troubleshooting No Logon Servers Available
Here are common causes of this error and steps to resolve them:
1. Verify that the computer is connected to the network. Disconnect and reconnect the network cable (if using Ethernet) or restart your Wi-Fi access point.
2. Attempt to log in using a local administrator account, such as the built-in administrator account or a manually created administrator account via Microsoft LAPS. If the local administrator password is unknown, it can be reset.
3. Try logging in with a domain account that previously logged into the computer. By default, Windows caches credentials for the last 10 users (cached credentials) locally. This is configured via the Group Policy setting Interactive logon: Number of previous logons to cache (in case domain controller is not available)
in Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
The Interactive logon: Number of previous logons to cache policy determines how many user credentials are cached. Check this setting in the registry using PowerShell:
(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon").CachedLogonsCount
If the value is 0, domain users cannot log in when domain controllers are unavailable or the computer is disconnected from the corporate network.
4. Verify that Windows detects network adapters.
5. Confirm that the computer has received a valid IP address from the DHCP server using:
ipconfig /all
or with PowerShell:
Get-NetIPConfiguration
Reset network settings with:
netsh winsock reset
netsh int ip reset
If the DHCP server is unavailable, the computer may receive an IP address in the 169.254.x.x range. Renew the IP address:
ipconfig /release & ipconfig /renew
If the computer still does not receive an IP address, manually assign an IP address and DNS server.
6. Ensure that the DNS Client, DHCP Client, and Netlogon services are running. Restart them using PowerShell:
Get-Service Dhcp, Dnscache, Netlogon | Restart-Service
7. Verify that the DNS servers specified in the network adapter settings are accessible using:
nslookup your_domain_name
Confirm that a valid DNS server responds. If DNS servers are unavailable, use the PortQry tool to check if access is blocked by a firewall on port 53 UDP:
PortQry.exe -n your_dns_server -p both -e 53
8. Check for static DNS entries for your domain in the hosts file:
Get-Content $env:SystemRoot\System32\Drivers\etc\hosts
Remove any unnecessary entries.
9. Perform a traceroute to your DNS server:
tracert your_dns_server
10. Attempt to locate a domain controller in DNS:
nltest /dnsgetdc:softcomputers.org
Verify that the client can find a domain controller using:
nltest /dsgetdc:softcomputers.org
11. Manually switch Windows to use another AD domain controller:
nltest /SC_RESET:SOFTCOMPUTERS\MSK-DC02.softcomputers.org
If multiple users experience this issue, investigate the domain controllers and Active Directory health.
12. Check the health of domain controllers and AD replication.
13. Verify the W32Time (NTP) service and ensure that the time on domain controllers and clients does not differ by more than 5 minutes.
14. Ensure that Windows Defender Firewall policies on domain controllers do not block incoming client traffic.
15. Confirm that the Netlogon service is running on the domain controller and that the SYSVOL and NETLOGON administrative shares are published:
net share
Issues with SYSVOL and NETLOGON may occur after restoring Active Directory from a backup.
16. If a domain controller was recently removed, ensure it was properly decommissioned.
17. Verify the presence of SRV records for AD domain controllers in DNS: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/verify-srv-dns-records-have-been-created. Missing DC SRV records can cause issues with clients locating domain controllers and establishing secure channels.
