System cannot log on - domain not available

I configured a laptop (shipped with WinXP Pro SP2) and joined it to my
domain. Now the user is trying to log into his laptop while away from the
office and keeps getting this error:

"The system cannot log you on now because the domain <domain name> is not
available"

When the user logs onto the laptop, he normally uses his "domain account"
(username, password, and domain name). After gaining access, he would then
attach to the internet and access my domain through a VPN. All my laptops
are configured the same way.

He's able to log in with the local user profile (changing the domain name to
the desktop's). But all his files and settings are on the domain profile.

I've checked and neither Remote Assistance nor Remote Desktop are enabled on
that machine. Microsoft acknowledges the problem and says that a hotfix was
created to fix it (KB 824302). Turns out the hotfix is included with
Service Pack 2.


Has anyone seen this behavior? Any advice is much appreciated.

- Dave

Yes, I have seen this if e.g. I use local user profile then my cached
credentials are somehow lost. My workaround for this is to not use local
user accounts and just go with cached credentials...

Note: local accounts are usually more vulnerable to attacks compared to
cached domain credentials so you should not let your users use local
accounts whenever this is an option.

--
Mike
Microsoft MVP - Windows Security

"Dave Z" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I configured a laptop (shipped with WinXP Pro SP2) and joined it to my
>domain. Now the user is trying to log into his laptop while away from the
>office and keeps getting this error:
>
> "The system cannot log you on now because the domain <domain name> is not
> available"
>
> When the user logs onto the laptop, he normally uses his "domain account"
> (username, password, and domain name). After gaining access, he would
> then attach to the internet and access my domain through a VPN. All my
> laptops are configured the same way.
>
> He's able to log in with the local user profile (changing the domain name
> to the desktop's). But all his files and settings are on the domain
> profile.
>
> I've checked and neither Remote Assistance nor Remote Desktop are enabled
> on that machine. Microsoft acknowledges the problem and says that a
> hotfix was created to fix it (KB 824302). Turns out the hotfix is
> included with Service Pack 2.
>
>
> Has anyone seen this behavior? Any advice is much appreciated.
>
> - Dave
>
>

Hi Dave,

Sounds like the cached logon credentials are disabled on
this particular machine. Open the registry and navigate to
the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Look for cachedlogonscount. If it is set to 0 that's your
problem. Set it to the default of 10.

"Dave Z" <(E-Mail Removed)> wrote in message news:
> I configured a laptop (shipped with WinXP Pro SP2) and joined it to my
> domain. Now the user is trying to log into his laptop while away from
the
> office and keeps getting this error:
>
> "The system cannot log you on now because the domain <domain name> is
not
> available"
>
> When the user logs onto the laptop, he normally uses his "domain
account"
> (username, password, and domain name). After gaining access, he would
then
> attach to the internet and access my domain through a VPN. All my
laptops
> are configured the same way.
>
> He's able to log in with the local user profile (changing the domain
name to
> the desktop's). But all his files and settings are on the domain
profile.
>
> I've checked and neither Remote Assistance nor Remote Desktop are
enabled on
> that machine. Microsoft acknowledges the problem and says that a
hotfix was
> created to fix it (KB 824302). Turns out the hotfix is included with
> Service Pack 2.
>
>
> Has anyone seen this behavior? Any advice is much appreciated.

Michael -

I've checked the registry under
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
and it looks like the cachedlogonscount is still set to the default of 10.

Can you think of any other things I could try to resolve this problem?

- Dave


"Michael Giorgio - MS MVP" <(E-Mail Removed)> wrote in
message news:(E-Mail Removed)...
> Hi Dave,
>
> Sounds like the cached logon credentials are disabled on
> this particular machine. Open the registry and navigate to
> the following key:
>
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
>
> Look for cachedlogonscount. If it is set to 0 that's your
> problem. Set it to the default of 10.
>
> "Dave Z" <(E-Mail Removed)> wrote in message news:
>> I configured a laptop (shipped with WinXP Pro SP2) and joined it to my
>> domain. Now the user is trying to log into his laptop while away from
> the
>> office and keeps getting this error:
>>
>> "The system cannot log you on now because the domain <domain name> is
> not
>> available"
>>
>> When the user logs onto the laptop, he normally uses his "domain
> account"
>> (username, password, and domain name). After gaining access, he would
> then
>> attach to the internet and access my domain through a VPN. All my
> laptops
>> are configured the same way.
>>
>> He's able to log in with the local user profile (changing the domain
> name to
>> the desktop's). But all his files and settings are on the domain
> profile.
>>
>> I've checked and neither Remote Assistance nor Remote Desktop are
> enabled on
>> that machine. Microsoft acknowledges the problem and says that a
> hotfix was
>> created to fix it (KB 824302). Turns out the hotfix is included with
>> Service Pack 2.
>>
>>
>> Has anyone seen this behavior? Any advice is much appreciated.
>
>

I also have this problem incidentally. Worse still though, I don't actually
have this registry key at all. Is it worth adding it?

"Dave Z" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Michael -
>
> I've checked the registry under
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
> and it looks like the cachedlogonscount is still set to the default of 10.
>
> Can you think of any other things I could try to resolve this problem?
>
> - Dave
>
>
> "Michael Giorgio - MS MVP" <(E-Mail Removed)> wrote in
> message news:(E-Mail Removed)...
>> Hi Dave,
>>
>> Sounds like the cached logon credentials are disabled on
>> this particular machine. Open the registry and navigate to
>> the following key:
>>
>> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
>>
>> Look for cachedlogonscount. If it is set to 0 that's your
>> problem. Set it to the default of 10.
>>
>> "Dave Z" <(E-Mail Removed)> wrote in message news:
>>> I configured a laptop (shipped with WinXP Pro SP2) and joined it to my
>>> domain. Now the user is trying to log into his laptop while away from
>> the
>>> office and keeps getting this error:
>>>
>>> "The system cannot log you on now because the domain <domain name> is
>> not
>>> available"
>>>
>>> When the user logs onto the laptop, he normally uses his "domain
>> account"
>>> (username, password, and domain name). After gaining access, he would
>> then
>>> attach to the internet and access my domain through a VPN. All my
>> laptops
>>> are configured the same way.
>>>
>>> He's able to log in with the local user profile (changing the domain
>> name to
>>> the desktop's). But all his files and settings are on the domain
>> profile.
>>>
>>> I've checked and neither Remote Assistance nor Remote Desktop are
>> enabled on
>>> that machine. Microsoft acknowledges the problem and says that a
>> hotfix was
>>> created to fix it (KB 824302). Turns out the hotfix is included with
>>> Service Pack 2.
>>>
>>>
>>> Has anyone seen this behavior? Any advice is much appreciated.
>>
>>
>
>

I can't help but think the user is choosing the local machine
instead of the domain. If there is no local account the user
will not be able to logon.
\
"Dave Z" <(E-Mail Removed)> wrote in message news:
> Michael -
>
> I've checked the registry under
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
> and it looks like the cachedlogonscount is still set to the default of 10.
>
> Can you think of any other things I could try to resolve this problem?
>
> - Dave
>
>
> "Michael Giorgio - MS MVP" <(E-Mail Removed)> wrote in
> message news:(E-Mail Removed)...
>> Hi Dave,
>>
>> Sounds like the cached logon credentials are disabled on
>> this particular machine. Open the registry and navigate to
>> the following key:
>>
>> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
>>
>> Look for cachedlogonscount. If it is set to 0 that's your
>> problem. Set it to the default of 10.
>>
>> "Dave Z" <(E-Mail Removed)> wrote in message news:
>>> I configured a laptop (shipped with WinXP Pro SP2) and joined it to my
>>> domain. Now the user is trying to log into his laptop while away from
>> the
>>> office and keeps getting this error:
>>>
>>> "The system cannot log you on now because the domain <domain name> is
>> not
>>> available"
>>>
>>> When the user logs onto the laptop, he normally uses his "domain
>> account"
>>> (username, password, and domain name). After gaining access, he would
>> then
>>> attach to the internet and access my domain through a VPN. All my
>> laptops
>>> are configured the same way.
>>>
>>> He's able to log in with the local user profile (changing the domain
>> name to
>>> the desktop's). But all his files and settings are on the domain
>> profile.
>>>
>>> I've checked and neither Remote Assistance nor Remote Desktop are
>> enabled on
>>> that machine. Microsoft acknowledges the problem and says that a
>> hotfix was
>>> created to fix it (KB 824302). Turns out the hotfix is included with
>>> Service Pack 2.
>>>
>>>
>>> Has anyone seen this behavior? Any advice is much appreciated.
>>
>>
>
>

Yes you'll need to add the value. Without it you will not have
cached credentials in the event a DC is not available.

"Dave Harris" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>I also have this problem incidentally. Worse still though, I don't
>actually have this registry key at all. Is it worth adding it?
>
> "Dave Z" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Michael -
>>
>> I've checked the registry under
>> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
>> and it looks like the cachedlogonscount is still set to the default of
>> 10.
>>
>> Can you think of any other things I could try to resolve this problem?
>>
>> - Dave
>>
>>
>> "Michael Giorgio - MS MVP" <(E-Mail Removed)> wrote in
>> message news:(E-Mail Removed)...
>>> Hi Dave,
>>>
>>> Sounds like the cached logon credentials are disabled on
>>> this particular machine. Open the registry and navigate to
>>> the following key:
>>>
>>> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
>>>
>>> Look for cachedlogonscount. If it is set to 0 that's your
>>> problem. Set it to the default of 10.
>>>
>>> "Dave Z" <(E-Mail Removed)> wrote in message news:
>>>> I configured a laptop (shipped with WinXP Pro SP2) and joined it to my
>>>> domain. Now the user is trying to log into his laptop while away from
>>> the
>>>> office and keeps getting this error:
>>>>
>>>> "The system cannot log you on now because the domain <domain name> is
>>> not
>>>> available"
>>>>
>>>> When the user logs onto the laptop, he normally uses his "domain
>>> account"
>>>> (username, password, and domain name). After gaining access, he would
>>> then
>>>> attach to the internet and access my domain through a VPN. All my
>>> laptops
>>>> are configured the same way.
>>>>
>>>> He's able to log in with the local user profile (changing the domain
>>> name to
>>>> the desktop's). But all his files and settings are on the domain
>>> profile.
>>>>
>>>> I've checked and neither Remote Assistance nor Remote Desktop are
>>> enabled on
>>>> that machine. Microsoft acknowledges the problem and says that a
>>> hotfix was
>>>> created to fix it (KB 824302). Turns out the hotfix is included with
>>>> Service Pack 2.
>>>>
>>>>
>>>> Has anyone seen this behavior? Any advice is much appreciated.
>>>
>>>
>>
>>
>
>