Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

What makes a domain login expire on machines not connected to the domain?

Posted on 2004-09-17
Last Modified: 2010-03-18
Hi all,

I'm fairly new to networking and have recently setup a small Windows 2000 network.  I have a few users with laptops that work at home for a couple of days a week.  When they login in to their laptops at home, they login in using their network login, despite not being connected to our network - this has worked fine for the past year.

This morning however, I have a phone call from a user from home (who was in the office and therefore connected to the domain yesterday) saying that when she tries to login to her laptop, she is being told that 'The domain xxmyDomainxx is unavailble' and so she is unable to login.

I have talked her through logging in to her local account on her laptop and retrieved all of her settings BUT:

Does anyone know what causes this and is there any way to prevent it?

We have VPN access setup up for our users and I wondered if this would help but as she can't login in to he laptop to begin a VPN session, I don't see how that could help.

Any ideas anyone?


Question by:BobFett

Expert Comment

ID: 12082462
There is a registry setting in XP and 2000 that specifies the number of logons to cache. If this is set to 0 users will not be able to do an 'Offline Logon'. It might be worth checking it.

Open Registry Editor by clicking Run on the Start Menu and type: REGEDIT

Browse to the following registry entry
HKEY_LOCAL_MACHINE >SOFTWARE >Microsoft >Windows NT >CurrentVersion >Winlogon >cachedlogonscount

Verify that the cachedlogonscount variable is set to something other than 0.

Author Comment

ID: 12082493
Hi D4n,

Thanks for your quick response - I got her to check and this is set to 10 and this was the first time she'd logged on since using the network.

Is this option always in effect?  I'm just curious as I always take my laptop on holiday with me and I must login in and out at least 40 times during a vacation but I never get locked out?  I'm pretty baffled!


LVL 40

Accepted Solution

Fatal_Exception earned 500 total points
ID: 12083645
For servers, this policy is defined by default in Local Computer Policy and the default value is 10 logons.

For more info on this using your Domain Controller and Group Policy (you can also bring up the local Group Policy window using Start > Run > gpedit.msc (OK):


Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.


Author Comment

ID: 12083837
Fatal Exception,

Thanks for that, I'll award points based on help - I'm still trying work out what could have caused this to happen this tim however, so I can prevent it happening in the future.  This users last login was connected to the domain so it shouldn't have happened at all.


LVL 40

Expert Comment

ID: 12084353
Very true...  They had the requisite cache, so the only thing I can think of is that the profile was not available or it was corrupted when they tried to logon.  I would wait and let the user log back into the Domain Controller, then if it happens again, we will know.

Also, have you considered a router to router VPN for your organization.  This will allow your at home workers to log directly into your DC without dealing with cached credentials...  Just a thought.


Expert Comment

ID: 12084983
Just my 2 cents, but I have experienced the same thing if someone takes a laptop home and they connect it to another/home network BEFORE attempting to login to the computer with cached credentials.  Give that a go and see.
LVL 84

Expert Comment

ID: 12089270
Don't get confused: The CachedLogonsCount value is the number of logons it *caches*, not the number of times a user is allowed to logon with cached information. So with a value of 10, the last 10 domain users having logged on will be able to use the machine offline.
Cached Logon Information
LVL 40

Expert Comment

ID: 13380511

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
An article on effective troubleshooting
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question