?
Solved

Cached Login Credentials not Working..cannot log into domain when not attached to Network...

Posted on 2005-03-15
12
Medium Priority
?
634 Views
Last Modified: 2008-01-09
Hi,

I have a client with a small lan, running windows 2003 server with AD...

The MD has a Sony laptop that connects to the network via a built in 802.11b Network Card... eveything works perfectly when connected to the network.

When the laptop is removed from the network (the user takes it home / turn off the WiFi AP) you can no longer log into the domain, if you try it gives the following error message :

"The system cannot log you on now because the domain <DOMAIN_NAME> is not available"

Having the user log into a local profile is not an option as he needs access to the files stored in the network user profile.

I know this should work (my personal laptop Caches my credentials and allows me to log on when not in the office, and so does every other laptop I have ever seen)...

I have tried changing the following Reg key, but it has made no difference :

   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\

   ValueName: CachedLogonsCount
   Data Type: REG_SZ
   Values: 0 - 50 (now set at 50)

I have also installed SP2, still no difference.. I have also removed the laptop from the domain (made up a fake workgroup then joined the domain again)...still no difference...

I have also reset the passwords for all the accounts that use this computer... still no change...

I have also checked the domain policy on the server and the above Reg Key is also set to 50... still no change...

ANYONE... PLEASE... this is doing my head in!

Cheers,

Adam Harling.
0
Comment
Question by:Netitude
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
12 Comments
 
LVL 1

Author Comment

by:Netitude
ID: 13543760
Sorry should mention that the laptop is obviosly running XP Pro...
0
 
LVL 4

Expert Comment

by:SunshineVK
ID: 13547363
Pls can u check on the following policies
Policy => Computer Configuration => Windows Settings ==> Security Settings => Local Policies => User Rights Assignment
Allow log on locally
Policy => Computer Configuration => Windows Settings ==> Security Settings => Local Policies => Security Options
Interactive logon : No of previous logons to cache (in case domain controller is not avaliable)
Interactive Logon : Require Domain Controller Authentication to unlock workstation

Pls let me know if my suggestions were of some help.
0
 
LVL 1

Author Comment

by:Netitude
ID: 13548963
Where would I find this policy - in the security policy editor on the W2003 server?
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 4

Expert Comment

by:SunshineVK
ID: 13553502
The best way to administer Group Policies would be to install Group Policy management Console (it a MS product.)
Secondly u need to look at the
(1)Default Domain Policy
(2) Defalut Domain Controller Policy.
(3) Machine local security Policy
(4) Also u need to check any other group policies if they have been implemenmented.

What i would suggest is download winpolicies.exe (again a a MS product). Execute it on the Win XP client. Then u will come to know which all policies are being implemented on the client & then u can look at the options posted above in those specific policies only.

Pls let me know if the above suggestion is of any help.

0
 
LVL 1

Author Comment

by:Netitude
ID: 13553895
Hi,

Thanks for the responses...

I have checked the above policies..

Allow logon Locallay is enabled for all the suers and groups
Interactive logon : No of previous logons to cache (in case domain controller is not avaliable) is set to 10 (domain policy)
Interactive Logon : Require Domain Controller Authentication to unlock workstation is set to disabled (domain policy)

Any other ideas???

Cheers,

Many thanks for the help so far.

Adam.
0
 
LVL 4

Expert Comment

by:SunshineVK
ID: 13553912
You can try doing a RSop for that laptop to know what exact value is being set on the client laptop.
I am assuming that the OS on the laptop is XP? is the Firewall truned on.
Also can u check by having the user logon to any other laptop in offlien as well as in online mode?
0
 
LVL 1

Author Comment

by:Netitude
ID: 13554033
Hi again,

What's RSop?

The Laptop is XP Pro SP2, Firewall is indeed turned on...

I have tried other machines, logged on, logged off, pulled the cable out, logged on, works perfectly as it should...

Also... I downloaded the windows resource kit, and ran winpolicies.exe, still cant see anything in there that shows anything different to what I have already found (i.e. everything policy wise looks as it should)..

From my experimentation with the other PCs I know this MUST be a local security policy / registry problem...just wish I could find it!

Sony Support suggested I format the hard drive and re-install... if this was anyone other than the MD that might be an option...just can't afford to take his laptop away for that long...

Thanks very much with your help so far SunshineVK, your a star, any more ideas????

Cheers,
Adam.
0
 
LVL 1

Author Comment

by:Netitude
ID: 13554044
Ps... Founf Rsop... will give that a go...
0
 
LVL 4

Accepted Solution

by:
SunshineVK earned 1500 total points
ID: 13554170
Few more suggestions :
(1) Remove the laptop from the domain & readd it
(2) Take a backup of the all local profile
(3) Delete all the local profiles
(4) Log off & logon agin

Pls let me know if it works.
0
 
LVL 1

Author Comment

by:Netitude
ID: 13564621
Hi,

I have had to return the user to a local profile, and he is now accessing the network ad-hock... not ideal.. I have had to do this as he has taken the laptop home for a long weekend (wish my long weekends started on a thursday!)

I think I have resigned myself to formatting the bloody thing and re-installing XP... that way It'll defo work...

When I get it back I'll come back on here and give you an update..

Cheers,

Adam.
0
 
LVL 1

Author Comment

by:Netitude
ID: 13780171
Formatted the Hard Drive and reinstalled.. working now.. cheers for all the help.. I think the points should go to SunshineVK

Cheers,

Adam.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you unable to synchronize your OST (Offline Storage Table) file with Microsoft Exchange Server? Is your OST file exceeding 2 GB size limit? In Microsoft Outlook 2002 and earlier versions, there is a 2 GB size limit for the OST file. If the file …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question