win7 cache domain password

First of all can you clarify "when the laptops are taken offline the domain credentials work only once."? Do you mean by offline, disconnected ethernet? How are the laptops connected to the network? By ethernet, or wif? Second, I have about 30 offices and 150ish people at my corporate. We have managers that have laptops. When they are physically at the office and connected by ethernet, they have to be joined to the domained-network with the inside IP address. When they are "offline" meaning not connected to the ethernet they need to connect to the network with the outside IP address. Also, make sure they (the laptops) are configured correctly in the active directory.
Hope this helps.

When the laptops are taken home they can login with their domain credentials the first time they login. However when they lock the computer they cannot relogin and get the error "no logon servers available"

When they are in the office and connected to the network they do not have any problems at ll.

Settings are correct on AD, other laptops are working just fine.

Are the advanced TCP/IP settings configured? We had an issue similar to this a few months ago,
Allow WINS dynamic registration. ensure the Domain controllers registers their Domain, the netbios names with the wins server.

Make sure there is no missing database entries for the domain names.

also, when you state they lock their pc's, are they biometrics, windows timeout locks, or manually ctrl alt del?

checked the settings and this looks good. I am just using ctrl+alt+delete. Do you know why it would work the first time the computer starts?

Hello

Try enabling this policy Computer Configuration>Windows Setting> Local Policy> Security Options> control of “Interactive Logon: Number of previous logons to cache (in case domain controller is not available) set it to required value from 1 to 10

Refer http://technet.microsoft.com/en-us/library/cc755473(v=ws.10).aspx

It looks like its grayed out to 25. We have a domain Policy that sets it to 25.

Run rsop on client PC and check if that policy is getting applied over in client
Else
Run gpresult /h c:\rsop.html and attach the file in post

Under Interactive Logon it does have the 25 logon setting (domain group policy)
and require domain controller authentication to unlock workstation is also disabled. (domain group policy)

Theese are only two things which could cause the above behaviour however can you attach the html file

file attached.

file attached
rsop1.html

Try Configuere below Policy to disabled in test first

Always wait for the network at computer startup and logon- Enabled

tried it but that did not work

Hi.

This should be a problem with caching of passwords. Your setup is 25, but it behaves as if it were 0. So please make sure there is no 3rd party security solution installed that has "joined the game" and interfers. Those security suites might override this setting and make it a more secure "0".

If this ain't the cause, I am afraid you will have to reinstall one for a clean test. Reinstallation however would not mean to restore from the dell recovery with all the dell crap already installed.

I disabled the security software and turned off windows fw. So far no luck. I'm puzzled why it only works the first time only but any successive logins won't work unless the computer is connected to the domain network.

Hi

Try removing all contents from C:\WINDOWS\system32\GroupPolicy on client machine and check after restart

I don't have a group policy folder. I have Group Policy user folder but there is nothing inside that folder.

Please enable view of 1)Hidden files and 2) Protected system files using folder option

Removed the contents of the Group Policy but that did not fix my problem. I did notice in my registries for hklm/security/cache I do not have any values excect default, could this be causing my problem?

Concerning your last question: could be. At least if I look into that folder (regedit needs to be started by the system account: psexec -s -i regedit), there are entries in there.

So please try my suggestion, setup a clean system. You can make a backup image of your current one, in case you want it back quickly.

I actually did reset the laptop to factory image of win 7 and got the same problem. For one of the other laptops I installed windows vista business and the cache login problem dissapeared.

I did use the psexec command and did not see any entries in security cache

The reinstall I did yesterday did include the Dell software. When I did the other laptop and installed vista it did fix the problem. I will try to do a clean install of win7 for last resort.

One thing I noticed is i can actually log off and log on and password works when not connected to the domain. It's only when I "lock" my computer and try to unlock it that it doesn't work.

To me it seems this is due to some "gorgeous" 3rd party [dell?] software that is slightly incompatible to locking.

Doing a fresh OS install worked for me. Thanks for the help guys.