win7 cache domain password

Hello,

My company recently got 2 Dell Latitude laptops and joined them to the domain. Domain credentials work while the laptop is connected to the network. However when the laptops are taken offline the domain crendential works only once. As soon as they lock the computer and try to login back in their is a message "no logon servers available". I have tried the following steps with no success.

1) Removing and joining the laptops back to the domain.
2) As local admin on the laptop  change the Local Policy to CachedLogonsCount to 25
ShadowColossusAsked:
Who is Participating?
 
McKnifeConnect With a Mentor Commented:
Hi again. And by factory image, you mean what? Including Dell's stuff or just a "naked" win7? Naked highly recommended.
0
 
BobbyDMuertoCommented:
First of all can you clarify "when the laptops are taken offline the domain credentials work only once."? Do you mean by offline, disconnected ethernet? How are the laptops connected to the network? By ethernet, or wif? Second, I have about 30 offices and 150ish people at my corporate. We have managers that have laptops. When they are physically at the office and connected by ethernet, they have to be joined to the domained-network with the inside IP address. When they are "offline" meaning not connected to the ethernet they need to connect to the network with the outside IP address. Also, make sure they (the laptops) are configured correctly in the active directory.
Hope this helps.
0
 
ShadowColossusAuthor Commented:
When the laptops are taken home they can login with their domain credentials the first time they login. However when they lock the computer they cannot relogin and get the error "no logon servers available"

When they are in the office and connected to the network they do not have any problems at ll.

Settings are correct on AD, other laptops are working just fine.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
BobbyDMuertoCommented:
Are the advanced TCP/IP settings configured? We had an issue similar to this a few months ago,
Allow WINS dynamic registration. ensure the Domain controllers registers their Domain, the netbios names with the wins server.

Make sure there is no missing database entries for the domain names.

also, when you state they lock their pc's, are they biometrics, windows timeout locks, or manually ctrl alt del?
0
 
ShadowColossusAuthor Commented:
checked the settings and this looks good. I am just using ctrl+alt+delete. Do you know why it would work the first time the computer starts?
0
 
Sarang TinguriaSr EngineerCommented:
Hello

Try enabling this policy Computer Configuration>Windows Setting> Local Policy> Security Options> control of “Interactive Logon: Number of previous logons to cache (in case domain controller is not available) set it to required value from 1 to 10

Refer http://technet.microsoft.com/en-us/library/cc755473(v=ws.10).aspx
0
 
ShadowColossusAuthor Commented:
It looks like its grayed out to 25. We have a domain Policy that sets it to 25.
0
 
Sarang TinguriaSr EngineerCommented:
Run rsop on client PC and check if that policy is getting applied over in client
Else
Run gpresult /h c:\rsop.html and attach the file in post
0
 
ShadowColossusAuthor Commented:
Under Interactive Logon it does have the 25 logon setting (domain group policy)
and require domain controller authentication to unlock workstation is also disabled. (domain group policy)
0
 
Sarang TinguriaSr EngineerCommented:
Theese are only two things which could cause the above behaviour however can you attach the html file
0
 
ShadowColossusAuthor Commented:
file attached.
0
 
ShadowColossusAuthor Commented:
file attached
rsop1.html
0
 
Sarang TinguriaSr EngineerCommented:
Try Configuere below Policy to disabled in test first

Always wait for the network at computer startup and logon- Enabled
0
 
ShadowColossusAuthor Commented:
tried it but that did not work
0
 
McKnifeCommented:
Hi.

This should be a problem with caching of passwords. Your setup is 25, but it behaves as if it were 0. So please make sure there is no 3rd party security solution installed that has "joined the game" and interfers. Those security suites might override this setting and make it a more secure "0".

If this ain't the cause, I am afraid you will have to reinstall one for a clean test. Reinstallation however would not mean to restore from the dell recovery with all the dell crap already installed.
0
 
ShadowColossusAuthor Commented:
I disabled the security software and turned off windows fw. So far no luck. I'm puzzled why it only works the first time only but any successive logins won't work unless the computer is connected to the domain network.
0
 
Sarang TinguriaSr EngineerCommented:
Hi

Try removing all contents from C:\WINDOWS\system32\GroupPolicy on client machine and check after restart
0
 
ShadowColossusAuthor Commented:
I don't have a group policy folder. I have Group Policy user folder but there is nothing inside that folder.
0
 
Sarang TinguriaSr EngineerCommented:
Please enable view of 1)Hidden files and 2) Protected system files using folder option
0
 
ShadowColossusAuthor Commented:
Removed the contents of the Group Policy but that did not fix my problem. I did notice in my registries for hklm/security/cache I do not have any values excect default, could this be causing my problem?
0
 
McKnifeCommented:
Concerning your last question: could be. At least if I look into that folder (regedit needs to be started by the system account: psexec -s -i regedit), there are entries in there.

So please try my suggestion, setup a clean system. You can make a backup image of your current one, in case you want it back quickly.
0
 
ShadowColossusAuthor Commented:
I actually did reset the laptop to factory image of win 7 and got the same problem. For one of the other laptops I installed windows vista business and the cache login problem dissapeared.

I did use the psexec command and did not see any entries in security cache
0
 
ShadowColossusAuthor Commented:
The reinstall I did yesterday did include the Dell software. When I did the other laptop and installed vista it did fix the problem. I will try to do a clean install of win7 for last resort.
0
 
ShadowColossusAuthor Commented:
One thing I noticed is i can actually log off and log on and password works when not connected to the domain. It's only when I "lock" my computer and try to unlock it that it doesn't work.
0
 
McKnifeCommented:
To me it seems this is due to some "gorgeous" 3rd party [dell?] software that is slightly incompatible to locking.
0
 
Sarang TinguriaConnect With a Mentor Sr EngineerCommented:
Reinstall the system from scratch and add to domain without installing any application dell/intel anything and check
0
 
ShadowColossusAuthor Commented:
Doing a fresh OS install worked for me. Thanks for the help guys.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.