Cannot logon domain

Symptoms: When attempting to log on to a Windows NT domain from a Windows XP computer, you may receive the following error message: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. However, you can log on locally to your computer and map drives to the Windows NT Server computer by using your user domain credentials, and you can log on to the domain by using the same user account from a Windows NT/win98computer.

Resolutions: This behavior may occur if the password for the computer account and the local security authority (LSA) secret are not synchronized. You can use either the Nltest.exe or Netdom.exe command-line utilities to reset the secure channel.

Can't logon NT domain - "Windows cannot connect to the domain"

Symptoms: After you join a Windows XP client to a Windows NT domain, the client may be unable to log on to the domain.
1. You may receive the following error message: Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.
2. You may receive Event ID 5723: "The session setup from the computer Computername failed to authenticate. The name of the account referenced in the security database is Computername. The following error occurred: Access is denied."
3. Or Event ID: 3227, Event Source: NETLOGON: "The session setup to the Windows NT or Windows 2000 domain controller \\Server for the domain Domainname failed because \\Server does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the RequireSignOrSeal registry entry on this machine to 0."

Resolutions: This behavior occurs because the Windows XP client tries to sign or seal the secure channel. Windows XP does this by default. However, Windows NT is not configured to do this by default. To resolve this issue, open Local Security Policy from Administrative Tools. Under the Local Policies\Security Options node, double-click the Domain Member:Digitally encrypt or sign secure channel data (always) policy to open it and click Disabled.

Q: I have a XP Pro can logon to the domain using the account who was used to setup and join the domain. However, I can't use any other user accounts to logon even they have Administrator role and receive DOMAINNAME is not available message.

A: This sounds like DNS issue. It seems to me that the setup username account uses the cached credentials to logon without accessing the DNS. However, the other users who haven't created the cached credentials can't logon without the correct DNS.