?
Solved

win7 cache domain password

Posted on 2012-08-10
27
Medium Priority
?
676 Views
Last Modified: 2016-11-23
Hello,

My company recently got 2 Dell Latitude laptops and joined them to the domain. Domain credentials work while the laptop is connected to the network. However when the laptops are taken offline the domain crendential works only once. As soon as they lock the computer and try to login back in their is a message "no logon servers available". I have tried the following steps with no success.

1) Removing and joining the laptops back to the domain.
2) As local admin on the laptop  change the Local Policy to CachedLogonsCount to 25
0
Comment
Question by:ShadowColossus
  • 14
  • 7
  • 4
  • +1
27 Comments
 
LVL 1

Expert Comment

by:BobbyDMuerto
ID: 38281420
First of all can you clarify "when the laptops are taken offline the domain credentials work only once."? Do you mean by offline, disconnected ethernet? How are the laptops connected to the network? By ethernet, or wif? Second, I have about 30 offices and 150ish people at my corporate. We have managers that have laptops. When they are physically at the office and connected by ethernet, they have to be joined to the domained-network with the inside IP address. When they are "offline" meaning not connected to the ethernet they need to connect to the network with the outside IP address. Also, make sure they (the laptops) are configured correctly in the active directory.
Hope this helps.
0
 

Author Comment

by:ShadowColossus
ID: 38281443
When the laptops are taken home they can login with their domain credentials the first time they login. However when they lock the computer they cannot relogin and get the error "no logon servers available"

When they are in the office and connected to the network they do not have any problems at ll.

Settings are correct on AD, other laptops are working just fine.
0
 
LVL 1

Expert Comment

by:BobbyDMuerto
ID: 38281555
Are the advanced TCP/IP settings configured? We had an issue similar to this a few months ago,
Allow WINS dynamic registration. ensure the Domain controllers registers their Domain, the netbios names with the wins server.

Make sure there is no missing database entries for the domain names.

also, when you state they lock their pc's, are they biometrics, windows timeout locks, or manually ctrl alt del?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:ShadowColossus
ID: 38281910
checked the settings and this looks good. I am just using ctrl+alt+delete. Do you know why it would work the first time the computer starts?
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38281925
Hello

Try enabling this policy Computer Configuration>Windows Setting> Local Policy> Security Options> control of “Interactive Logon: Number of previous logons to cache (in case domain controller is not available) set it to required value from 1 to 10

Refer http://technet.microsoft.com/en-us/library/cc755473(v=ws.10).aspx
0
 

Author Comment

by:ShadowColossus
ID: 38281987
It looks like its grayed out to 25. We have a domain Policy that sets it to 25.
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38282030
Run rsop on client PC and check if that policy is getting applied over in client
Else
Run gpresult /h c:\rsop.html and attach the file in post
0
 

Author Comment

by:ShadowColossus
ID: 38282148
Under Interactive Logon it does have the 25 logon setting (domain group policy)
and require domain controller authentication to unlock workstation is also disabled. (domain group policy)
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38282174
Theese are only two things which could cause the above behaviour however can you attach the html file
0
 

Author Comment

by:ShadowColossus
ID: 38282209
file attached.
0
 

Author Comment

by:ShadowColossus
ID: 38282218
file attached
rsop1.html
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38282268
Try Configuere below Policy to disabled in test first

Always wait for the network at computer startup and logon- Enabled
0
 

Author Comment

by:ShadowColossus
ID: 38282303
tried it but that did not work
0
 
LVL 57

Expert Comment

by:McKnife
ID: 38289568
Hi.

This should be a problem with caching of passwords. Your setup is 25, but it behaves as if it were 0. So please make sure there is no 3rd party security solution installed that has "joined the game" and interfers. Those security suites might override this setting and make it a more secure "0".

If this ain't the cause, I am afraid you will have to reinstall one for a clean test. Reinstallation however would not mean to restore from the dell recovery with all the dell crap already installed.
0
 

Author Comment

by:ShadowColossus
ID: 38293720
I disabled the security software and turned off windows fw. So far no luck. I'm puzzled why it only works the first time only but any successive logins won't work unless the computer is connected to the domain network.
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38293756
Hi

Try removing all contents from C:\WINDOWS\system32\GroupPolicy on client machine and check after restart
0
 

Author Comment

by:ShadowColossus
ID: 38293810
I don't have a group policy folder. I have Group Policy user folder but there is nothing inside that folder.
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38293979
Please enable view of 1)Hidden files and 2) Protected system files using folder option
0
 

Author Comment

by:ShadowColossus
ID: 38301372
Removed the contents of the Group Policy but that did not fix my problem. I did notice in my registries for hklm/security/cache I do not have any values excect default, could this be causing my problem?
0
 
LVL 57

Expert Comment

by:McKnife
ID: 38301459
Concerning your last question: could be. At least if I look into that folder (regedit needs to be started by the system account: psexec -s -i regedit), there are entries in there.

So please try my suggestion, setup a clean system. You can make a backup image of your current one, in case you want it back quickly.
0
 

Author Comment

by:ShadowColossus
ID: 38301502
I actually did reset the laptop to factory image of win 7 and got the same problem. For one of the other laptops I installed windows vista business and the cache login problem dissapeared.

I did use the psexec command and did not see any entries in security cache
0
 
LVL 57

Accepted Solution

by:
McKnife earned 1000 total points
ID: 38301525
Hi again. And by factory image, you mean what? Including Dell's stuff or just a "naked" win7? Naked highly recommended.
0
 

Author Comment

by:ShadowColossus
ID: 38301633
The reinstall I did yesterday did include the Dell software. When I did the other laptop and installed vista it did fix the problem. I will try to do a clean install of win7 for last resort.
0
 

Author Comment

by:ShadowColossus
ID: 38302159
One thing I noticed is i can actually log off and log on and password works when not connected to the domain. It's only when I "lock" my computer and try to unlock it that it doesn't work.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 38302166
To me it seems this is due to some "gorgeous" 3rd party [dell?] software that is slightly incompatible to locking.
0
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 1000 total points
ID: 38302215
Reinstall the system from scratch and add to domain without installing any application dell/intel anything and check
0
 

Author Comment

by:ShadowColossus
ID: 38330069
Doing a fresh OS install worked for me. Thanks for the help guys.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question