ShadowColossus
asked on
win7 cache domain password
Hello,
My company recently got 2 Dell Latitude laptops and joined them to the domain. Domain credentials work while the laptop is connected to the network. However when the laptops are taken offline the domain crendential works only once. As soon as they lock the computer and try to login back in their is a message "no logon servers available". I have tried the following steps with no success.
1) Removing and joining the laptops back to the domain.
2) As local admin on the laptop change the Local Policy to CachedLogonsCount to 25
My company recently got 2 Dell Latitude laptops and joined them to the domain. Domain credentials work while the laptop is connected to the network. However when the laptops are taken offline the domain crendential works only once. As soon as they lock the computer and try to login back in their is a message "no logon servers available". I have tried the following steps with no success.
1) Removing and joining the laptops back to the domain.
2) As local admin on the laptop change the Local Policy to CachedLogonsCount to 25
ASKER
When the laptops are taken home they can login with their domain credentials the first time they login. However when they lock the computer they cannot relogin and get the error "no logon servers available"
When they are in the office and connected to the network they do not have any problems at ll.
Settings are correct on AD, other laptops are working just fine.
When they are in the office and connected to the network they do not have any problems at ll.
Settings are correct on AD, other laptops are working just fine.
Are the advanced TCP/IP settings configured? We had an issue similar to this a few months ago,
Allow WINS dynamic registration. ensure the Domain controllers registers their Domain, the netbios names with the wins server.
Make sure there is no missing database entries for the domain names.
also, when you state they lock their pc's, are they biometrics, windows timeout locks, or manually ctrl alt del?
Allow WINS dynamic registration. ensure the Domain controllers registers their Domain, the netbios names with the wins server.
Make sure there is no missing database entries for the domain names.
also, when you state they lock their pc's, are they biometrics, windows timeout locks, or manually ctrl alt del?
ASKER
checked the settings and this looks good. I am just using ctrl+alt+delete. Do you know why it would work the first time the computer starts?
Hello
Try enabling this policy Computer Configuration>Windows Setting> Local Policy> Security Options> control of “Interactive Logon: Number of previous logons to cache (in case domain controller is not available) set it to required value from 1 to 10
Refer http://technet.microsoft.com/en-us/library/cc755473(v=ws.10).aspx
Try enabling this policy Computer Configuration>Windows Setting> Local Policy> Security Options> control of “Interactive Logon: Number of previous logons to cache (in case domain controller is not available) set it to required value from 1 to 10
Refer http://technet.microsoft.com/en-us/library/cc755473(v=ws.10).aspx
ASKER
It looks like its grayed out to 25. We have a domain Policy that sets it to 25.
Run rsop on client PC and check if that policy is getting applied over in client
Else
Run gpresult /h c:\rsop.html and attach the file in post
Else
Run gpresult /h c:\rsop.html and attach the file in post
ASKER
Under Interactive Logon it does have the 25 logon setting (domain group policy)
and require domain controller authentication to unlock workstation is also disabled. (domain group policy)
and require domain controller authentication to unlock workstation is also disabled. (domain group policy)
Theese are only two things which could cause the above behaviour however can you attach the html file
ASKER
file attached.
ASKER
file attached
rsop1.html
rsop1.html
Try Configuere below Policy to disabled in test first
Always wait for the network at computer startup and logon- Enabled
Always wait for the network at computer startup and logon- Enabled
ASKER
tried it but that did not work
Hi.
This should be a problem with caching of passwords. Your setup is 25, but it behaves as if it were 0. So please make sure there is no 3rd party security solution installed that has "joined the game" and interfers. Those security suites might override this setting and make it a more secure "0".
If this ain't the cause, I am afraid you will have to reinstall one for a clean test. Reinstallation however would not mean to restore from the dell recovery with all the dell crap already installed.
This should be a problem with caching of passwords. Your setup is 25, but it behaves as if it were 0. So please make sure there is no 3rd party security solution installed that has "joined the game" and interfers. Those security suites might override this setting and make it a more secure "0".
If this ain't the cause, I am afraid you will have to reinstall one for a clean test. Reinstallation however would not mean to restore from the dell recovery with all the dell crap already installed.
ASKER
I disabled the security software and turned off windows fw. So far no luck. I'm puzzled why it only works the first time only but any successive logins won't work unless the computer is connected to the domain network.
Hi
Try removing all contents from C:\WINDOWS\system32\GroupP olicy on client machine and check after restart
Try removing all contents from C:\WINDOWS\system32\GroupP
ASKER
I don't have a group policy folder. I have Group Policy user folder but there is nothing inside that folder.
Please enable view of 1)Hidden files and 2) Protected system files using folder option
ASKER
Removed the contents of the Group Policy but that did not fix my problem. I did notice in my registries for hklm/security/cache I do not have any values excect default, could this be causing my problem?
Concerning your last question: could be. At least if I look into that folder (regedit needs to be started by the system account: psexec -s -i regedit), there are entries in there.
So please try my suggestion, setup a clean system. You can make a backup image of your current one, in case you want it back quickly.
So please try my suggestion, setup a clean system. You can make a backup image of your current one, in case you want it back quickly.
ASKER
I actually did reset the laptop to factory image of win 7 and got the same problem. For one of the other laptops I installed windows vista business and the cache login problem dissapeared.
I did use the psexec command and did not see any entries in security cache
I did use the psexec command and did not see any entries in security cache
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The reinstall I did yesterday did include the Dell software. When I did the other laptop and installed vista it did fix the problem. I will try to do a clean install of win7 for last resort.
ASKER
One thing I noticed is i can actually log off and log on and password works when not connected to the domain. It's only when I "lock" my computer and try to unlock it that it doesn't work.
To me it seems this is due to some "gorgeous" 3rd party [dell?] software that is slightly incompatible to locking.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Doing a fresh OS install worked for me. Thanks for the help guys.
Hope this helps.