Cannot log into laptop when remote "...cannot log you on now... domain... not available"

OS: XP sp3

Normally, when users in my office check out laptops, they connect the laptop to the network at their desk and log in using their credentials. Then, when they are out of the office and cannot access the domain, when they log in the computer apparently uses cached credentials and allows them to log in.

With a new batch of laptops we purchased recently we have had issues with this cached credential system. On the new laptops we can log into the computer when they are connected to the internal network. But disconnecting and attempting to log in again, we continually get the error:

The system cannot log you on now because the domain <...> is not available.

I have not been able to find any information online as to which processes and/or services may be necessary for this credential caching to function.

Does anybody know what controls this credential caching or have any ideas what I should check regarding diagnosing and resolving this issue?

music2myear

Posted 2011-07-19T21:37:28.363

Reputation: 34 957

Answers

Run rsop.msc then navigate to

Computer Configuration>Windows Settings>Security Settings>Local Policies>Security Options>Interactive logon:Number of previous logons to cache (in case domain controller is not available).

Make sure that the figure is not set to zero, and probably should be at least 5. If it is, you then need to figure out where it is getting the policy from (probably domain GP, but could be local, and you can check that with gpedit.msc), and change it.

enter image description here

This might also be of help:

http://support.microsoft.com/default.aspx?scid=kb;en-us;306992&FR=1&PA=1&SD=HSCH

KCotreau

Posted 2011-07-19T21:37:28.363

Reputation: 24 985

The number is set to 1 on a machine where cached credentials are working, and it is pushed via domain Group Policy for laptops. This is the same as all the other laptops, including the older ones that work just fine. I'm checking a laptop where it is not working now. – music2myear – 2011-07-19T22:19:46.547

1So who is the last person to login to the computer? The admin, who set it up? – KCotreau – 2011-07-19T22:26:15.147

Off to cook dinner...I will look at this when I return. I will delete this post after. – KCotreau – 2011-07-19T22:26:57.910

1So GP for laptops sets this to 1, desktops are set to 0. This led me to check and see if these particular laptops are getting the laptop or desktop GP and voila, the problem laptops were assigned to the desktop AD OU. Also, I'm getting error messages and indicators on the problem laptops indicating GP is having other issues as well. I'm force updating them and will report back. – music2myear – 2011-07-19T22:29:06.170

Last person to login, and the admin who set this up, are both me. – music2myear – 2011-07-19T22:29:33.237

Checking AD I found I have rights to reassign systems within my local OU. So I found three of the new laptops in the desktop OU, I dragged them into the laptop OU, ran gpupdate /force, and rebooted. The laptop is now properly assigned and the value of this setting is now 1. There's another error coming periodically regarding administrative templates, but that's probably not directly related to this. Thanks for the help. – music2myear – 2011-07-19T22:39:17.647

Cached Logon is probably set to 0. You might want to increase it. However, if the laptops will very rarely or never be connected to the domain, this may not be the answer for you.

http://support.microsoft.com/kb/172931

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\

ValueName: CachedLogonsCount

Data Type: REG_SZ

Values: 0 - 50

PileOfMush

Posted 2011-07-19T21:37:28.363

Reputation: 123

This is set to 1 on one of the machines where cached credentials are working. It is populating from the Group Policy per KCotreau's answer. – music2myear – 2011-07-19T22:22:25.237

1And if they are being set by group policy, this change will be overwritten every 90 minutes. – KCotreau – 2011-07-19T22:22:37.997

Group Policy for laptops has this set to 1, so overwriting is not an issue. – music2myear – 2011-07-19T22:27:32.363

And thank you PileOfMush. You were heading in the right direction. – music2myear – 2011-07-19T22:39:42.233