"No logon servers available" to Vista Business or XP systems when disconnected from the domain
I got a call to setup a Vista Business laptop on a Windows Server 2003 Small Business Server domain. I added the Vista Business laptop to the domain, and can login as both administrator and a regular domain user without issue when connected to the network.
The issue is that the laptop needs to used in locations without network access (so a VPN connection to the domain is not an option). When it is disconnected, it seems that I can still logon as a domain administrator, but when I try logging in as a user that has used the laptop before, I get the error "There are currently no logon servers available to service the logon request." I can only think that this is a Group Policy / Domain Security Setting.
I've checked both of the following:
(Default Domain Security Settings)/Local Policies/Security Options/Interactive logon: Number of previous attempts to cache: (not defined) -- I tried setting this to 10, and performing a gpupdate /force /wait:-1, rebooting twice (just to ensure it sticks), but the issue persists.
(Default Domain Security Settings)/Local Policies/Security Options/Interactive logon: Require Domain Controller authentication to unlock: (not defined) -- I tried setting it to disable, and repeating the gpupdate/reboot dance and it also had no effect.
I've also checked the resultant set of policy for a domain user and the system at issue and see nothing that should prevent it from caching previous logons. I even went so far as to try my adding my own Vista Business workstation to their domain, and the same issue persists when it is disconnected. I tired it with an XP workstation, and the error I get is “The system cannot log you on now because the domain is not available.”
Once again, I think it’s a group policy setting somewhere since administrator logins seem to be getting cached, but not user logins. The user belongs to ‘domain users’ and ‘users’, and there are no logon hour restrictions, nor workstation restrictions.
Am I missing a setting somewhere? Can someone please point me in the right direction?
Thanks very much in advance.
Answers
- Hi D-S
I see that issue is more likely with the SBS server, regarding the Windows Small Business Server issue, please post to the Windows Small Business Server discussion group. The support professionals there are better equipped to assist you.
For your convenience, I’ve included the link of Windows Small Business Server discussion group:
Discussions in Windows Small Business Server General
SBS08 Public Newsgroups
http://www.microsoft.com/communities/newsgroups/enus/default.aspx?dg=microsoft.public.windows.server.sbs
https://connect.microsoft.com/cougar/content/content.aspx?ContentID=8333
Best Regards,
Wilson Jia
This posting is provided "AS IS" with no warranties, and confers no rights.- Marked As Answer byWilson JiaMSFT, ModeratorFriday, November 06, 2009 3:22 AM
All Replies
- I agree with you -- my feeling is that the GP you already suspect being the culpit might be "Number of previous attempts to cache".
To investigate this further, I'd suggest you run a gpresult.exe and rsop.msc report on the problematic machine just to see whether it is defined by a Group Policy. If it's there, you'll see it then. It should output the GPO's name for it, too.
If you can't find a GPO that implements that setting, I'd try to check the registry directly. A script may have set the registry key directly so that there's no GP trace around.
Cheers,
Florian
Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog) - Thanks for the quick response.
I ran a RSOP.MSC and found that as expected:
Interactive logon: Number of previous logons to cache..": (not defined)
Interactive logon: Require domain controler authentication to unlock workstation": (not defined)
Gpresult doesn't really show anything either that would explain the situation. I can post the results (with the anonymized domain name) if it would help. I checked the local registry under the following key:
My Computer\HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
and the key cachedlogonscount is at 10.
Any other ideas? Could it be a user setting somewhere in the bowels of the domain controller?
Thanks again,
Dan - Is the machine completely offline or is it connected to another site/trusted domain with a Domain Controller?
Microsoft MVP - Group Policy (http://www.frickelsoft.net/blog) The machine is physically disconnected from the network, so it will not be on another site or trusted domain. With my workstations I disabled the network adapters to test it and it gives the same response.
- Hi D-S
I see that issue is more likely with the SBS server, regarding the Windows Small Business Server issue, please post to the Windows Small Business Server discussion group. The support professionals there are better equipped to assist you.
For your convenience, I’ve included the link of Windows Small Business Server discussion group:
Discussions in Windows Small Business Server General
SBS08 Public Newsgroups
http://www.microsoft.com/communities/newsgroups/enus/default.aspx?dg=microsoft.public.windows.server.sbs
https://connect.microsoft.com/cougar/content/content.aspx?ContentID=8333
Best Regards,
Wilson Jia
This posting is provided "AS IS" with no warranties, and confers no rights.- Marked As Answer byWilson JiaMSFT, ModeratorFriday, November 06, 2009 3:22 AM
- Hi Wilson,
Thanks for the pointer. I'll post over there and hope that someone has the answer.
Dan
