0
1
I have a remote employee who works from her laptop, which is joined to the domain. The only connectivity she has with the domain is when she logs in and connects to VPN.
She was on maternity leave for about 3-4 months and just returned now to find that she is no longer able to login on her laptop. It says her username/password is incorrect. However, we verified that it is in fact the correct password.
My assumption is that the password expired and the laptop couldn't connect to the DC to sync with the new password. Unfortunately, she can't remember the local user password either. And if we try to login with a different domain user, it says no logon servers are available to process the request.
Is our only option now to boot into the Windows setup and reset the password?
blizz
Posted 2016-04-26T19:03:12.380
Reputation: 403
A local account with Admin rights on the computer would save the day – pun – 2016-04-26T19:07:13.143
1Is the account in question a domain account? If that is case, you can easily have a network administrator reset her password. How did you verify the password is still correct? If you are getting the error "no logon servers available", that is most likely a network issue. Make sure that computer is plugged into the network. Can this employee log onto other machines? DO NOT boot into Windows setup to reset a domain password (for obvious reasons that won't help) – InterLinked – 2016-04-26T19:10:52.807
It should be possible to initiate the VPN connection before logging in, as explained in the accepted answer to this question on SU. Then she should be able to log in, and, if her password is expired, she should be prompted to change it. If she is still unable to log in, reset her password and try again.
– FastEthernet – 2016-04-26T19:17:13.437It is a domain account but there is no connectivity to the domain unless she connects with the VPN client. Unfortunately, she is in another state so we can't just plug the laptop in on the network. The plan was to reset the password on the local admin account (she can't remember it). – blizz – 2016-04-26T19:17:36.510
@FastEthernet unfortunately we would need to be able to login first in order to configure that. – blizz – 2016-04-26T19:18:53.173
Password changes are done on the domain server she is trying to connect to, not on the local machine. – Moab – 2016-04-26T19:19:49.303
You're stuck, you only have domain logins, and the VPN is not configured to be available to all users before login (so that they can log into the domain properly). If the user can't remember the password they're in charge of (local admin), tell them to take it to a local computer store and have her pay them to unlock it for her, as it's not your problem.
– Ƭᴇcʜιᴇ007 – 2016-04-26T19:28:37.223Just to make sure: Which password is she trying to log in with (old or new), and how did you verify it is correct? If her password was reset and she is trying to log in with the new password without having been connected to the domain after it was reset, it will obviously not work as the old password will still be cached on the machine. – FastEthernet – 2016-04-26T19:34:26.163
If you can vpn into your network from the laptop, you should be able to rejoin the domain after removing the laptop from the domain. She should be able login with a new password. This type of issue is governed by Windows policy. See this thread for help.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/2d726215-4b97-4e64-9657-98dc106dffbd/remote-windows-7-computer-has-lost-trust-with-domain?forum=winserverDS
1@FastEthernet yea unfortunately we tried the old and new passwords; neither worked. I think probably the password hit its age limit after the laptop wasn't used for so many months. I guess I'll have to use a boot utility to reset the local account. – blizz – 2016-04-26T19:39:29.923
How did you verify the password she used is correct? Even if her password is expired, she should be able to sign in with the old password, unless you have a policy in the domain that prevents logon caching. – FastEthernet – 2016-04-26T19:43:19.340
"No logon servers available" - Depending on the policy, being inactive for a couple of months can cause the PC to be kicked out of the AD domain. In this case, an administrator needs to login to the PC, re-join the domain and afterwards the user can login again. If the account is also expired, re-activate it by changing the password. – Matt – 2018-03-15T10:14:52.420