[XP Pro and DSL/Cable Modem] -


XP Pro and DSL/Cable Modem

Discuss XP Pro and DSL/Cable Modem


Posted by: heffng

We deployed laptops and desktops to remote users with XP Pro installed and configured while on our physical network. Several users now report that they are unable to log on at all to the PC. The only common thing is that they use DSL or cable modem. Once the PC is back on our network, we can log on with no problem. The user cannot even log on locally to the PC. Please help!


Posted by: mikesgroovin

Are you saying that they, once disconnected to the network medium, cannot log onto the PC? Did you assign them individual usernames? Are you running a domain on your network?

-Mike


Posted by: heffng

Yes, they have user names and the PCs were configured while on our domain (NT 4.0). We logged on as the user to cache all their info before the PCs were sent out to the field. They are also using a VPN (Extranet Access Client) to connect to the domain. Out of the blue, they are unable to log onto the PC. If they disconnect the DSL or cable modem, it makes no difference; they cannot log on at all. It kicks them back to the CTRL+ALT+DEL screen and then starts all over again.


Posted by: mikesgroovin

Well, this may be a stupid question as you seem to know what you were doing but even so....
Did you add them to the machine as a local user? Adding them to the domain will not allow them to log in locally when they go out to the field. They will need to be added to the local machine as well.

-Mike


Posted by: heffng

Their user IDs were added to the admins group before the PCs were sent out. I just found out we have two more users with the same issue. We have checked all the possible culprits like SP, SUS updates, etc. with no luck. I'm hoping you may have come across something like this. Or the other scenario is that we encountered a bug?


Posted by: Shakie

Adding them to the admins group
[ assuming your talking about on the domain ] while 'in the feild' won't matter. Like Mike said above, if they don't have local user accounts on the local machine, then they will not be able to log on once disconnected from the network.


Posted by: heffng

They are admins on their PC, but they log on as if they were still on the domain. They were all able to function fine until a few days ago. I'm not sure if they hit a limit on the log ins without validating to an actual domain or if there is another problem. In either case, the headache is just beginning for me. Is there a way to validate to a domain using a VPN? Just an idea. Thanks for your comments and help.


Posted by: Inaris

To validate to a domain via VPN you will still have to log in. Sounds like an issue that we had at my previous job.
Some questions for you...
Are these multi user machines are single user? do you have a local admin account to the machine not the network that you can use? Once back on your network, can the user log back in without issue? Are these machine remote all the time, and have they possibly been removed from the domain?
Good Luck


Posted by: heffng

These are single user machines out in the field. They do not physically validate on the domain unless they come in for service or when they were initially set up.
We did not give them the local admin password, but did give their user account admin rights.
Once the PC is back in our office, we can log in with no issues.
Their PC account has not been removed from the domain.
I hope this may help you help me. Thank you!


Posted by: Inaris

is there an error given when they try to log in? any kind of message that says what is happening?


Posted by: heffng

The error is: The system cannot log you on now as the XXX Domain is not available". If the user enters CTRL+ALT+DEL, it just kicks them back to the same prompt.


Posted by: Inaris

are the profiles cached in document and settings actually on the machine? have the profiles been removed from the registry? the issue sounds like they have lost the profile data that they had. Be it from the registry paths, or the actual NTuser.dat file or the entire folder for their profile...


Posted by: heffng

No, the profile was left on the PC so they could log on and have all their shortcuts, etc. left. No profiles were removed because another site support person can log on with her username and password just fine. This profile still exists since we can log on fine as the user when we have the PC in our office.

These PCs were deployed 90 days ago so is there something in the registry that would stop them from logging on after so many days without a domain? PLEASE HELP! I'm feeling the heat!!


Posted by: Inaris

finally found the answer for you... This should explain the problem... I hope.
[url]http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/579.asp[/url]

Run Gpedit.msc to find this info on the machine. The full location is referenced in the linked page.

I think you might be better off using local machine accounts and then havning them logon using their domain accounts when they need to gain access to the network. Seems like the only way to get around this...


Posted by: heffng

I did find this post on Microsoft, but it refers to the number of distinct users that can log on with cached information. There was a correction if you pull it up by article number. In this case, 5 different users can log on to the PC and the 6th person would be refused access to the PC. Thank you.


Posted by: Inaris

More it is refering to the number of times a user can log on with cached credentials without a DC being present. I think this is what you are hitting. Not the number of people.


Posted by: Inaris

My bad, I miss read the article. Again for that matter. I will keep looking as this is interesting to me. We are starting a deployment of XP machines on an NT4 domain as I write this, so maybe it's something I will see.


Posted by: heffng

New developments:
It appears that some of these user's passwords expired. XP only notifies you once that your password will expire in 14 days and then never again. If the password expires, the user is denied access using the cached credentials. This is a suspicion and I will try to test that next week.
Also, under article 175468, there is a fix for the computer account that we have sent to several users to try. This may not be the solution given the issue with the password issue. Again, we are testing it to see if it works or not. If not, we will have a flood of remote users that cannot log on at all.


Posted by: heffng

I do have some new developments and it does NOT include the guy above. I finally sucked it up and called Microsoft. This is a known bug in XP when you have an NT domain. There is a fix that you need to request from them: KB824302. What XP does is flush the cached profile if the user does not change their password before it expires on the domain. This fix will prevent XP from flushing the cached profile. I hope this helps anyone else who is having this issue or may encounter it in the future. Thanks to all who tried to help!


Posted by: Inaris

Thanks for the followup posting. This could become an issue with our setup as we are using XP workstations and still running an NT4.0 domain...

Thanks man.