1

OS: XP sp3

Normally, when users in my office check out laptops, they connect the laptop to the network at their desk and log in using their credentials. Then, when they are out of the office and cannot access the domain, when they log in the computer apparently uses cached credentials and allows them to log in.

With a new batch of laptops we purchased recently we have had issues with this cached credential system. On the new laptops we can log into the computer when they are connected to the internal network. But disconnecting and attempting to log in again, we continually get the error:

The system cannot log you on now because the domain <...> is not available.

I have not been able to find any information online as to which processes and/or services may be necessary for this credential caching to function.

Does anybody know what controls this credential caching or have any ideas what I should check regarding diagnosing and resolving this issue?

Improve this question

2 Answers 2

Reset to default
2

Run rsop.msc then navigate to

Computer Configuration>Windows Settings>Security Settings>Local Policies>Security Options>Interactive logon:Number of previous logons to cache (in case domain controller is not available).

Make sure that the figure is not set to zero, and probably should be at least 5. If it is, you then need to figure out where it is getting the policy from (probably domain GP, but could be local, and you can check that with gpedit.msc), and change it.

enter image description here

This might also be of help:

http://support.microsoft.com/default.aspx?scid=kb;en-us;306992&FR=1&PA=1&SD=HSCH

Improve this answer
6
  • The number is set to 1 on a machine where cached credentials are working, and it is pushed via domain Group Policy for laptops. This is the same as all the other laptops, including the older ones that work just fine. I'm checking a laptop where it is not working now.
    – music2myear
    Commented Jul 19, 2011 at 22:19
  • 1
    So who is the last person to login to the computer? The admin, who set it up?
    – KCotreau
    Commented Jul 19, 2011 at 22:26
  • Off to cook dinner...I will look at this when I return. I will delete this post after.
    – KCotreau
    Commented Jul 19, 2011 at 22:26
  • 1
    So GP for laptops sets this to 1, desktops are set to 0. This led me to check and see if these particular laptops are getting the laptop or desktop GP and voila, the problem laptops were assigned to the desktop AD OU. Also, I'm getting error messages and indicators on the problem laptops indicating GP is having other issues as well. I'm force updating them and will report back.
    – music2myear
    Commented Jul 19, 2011 at 22:29
  • Last person to login, and the admin who set this up, are both me.
    – music2myear
    Commented Jul 19, 2011 at 22:29
1

Cached Logon is probably set to 0. You might want to increase it. However, if the laptops will very rarely or never be connected to the domain, this may not be the answer for you.

http://support.microsoft.com/kb/172931

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\

ValueName: CachedLogonsCount

Data Type: REG_SZ

Values: 0 - 50

Improve this answer
4
  • This is set to 1 on one of the machines where cached credentials are working. It is populating from the Group Policy per KCotreau's answer.
    – music2myear
    Commented Jul 19, 2011 at 22:22
  • 1
    And if they are being set by group policy, this change will be overwritten every 90 minutes.
    – KCotreau
    Commented Jul 19, 2011 at 22:22
  • Group Policy for laptops has this set to 1, so overwriting is not an issue.
    – music2myear
    Commented Jul 19, 2011 at 22:27
  • And thank you PileOfMush. You were heading in the right direction.
    – music2myear
    Commented Jul 19, 2011 at 22:39

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .