Domain Login failure

[Geoff332]

Hi,

I work remotely. I typically login to my work domain on my laptop, even when
it is not on the network (WORK\a.user). A week or so ago, this login simply
failed: I had been logged in and was unable to log in a few hours later. I
received the same error one receives on a bad password. I can think of no
reason for this: I made no changes to the password, I wasn't connected to any
domain, and I didn't make any software changes. The domain doesn't enforce
any password expiration policy. I double checked with the sys admin: he
confirmed they'd made no changes and was at a loss to explain the problems I
am having.

Since then, I've only been able to log on to this machine using the local
machine's administrator account. My domain username fails. However, when I
log in to the work server remotely, I can access it using the same (old)
username and password without any problem. This all suggests the problem is
on the local computer, not the domain.

Since I work remotely, it's difficult to connect to the domain for any
substantial period of time (and I am not a domain administrator). I can't do
anything with the WORK/a.user account and haven't set-up the LOCAL/a.user
account.

This problem has me bewildered - can anyone offer any explanation or, more
usefully, a fix to this.

Thanks,
Geoff.

 

[Lanwench [MVP - Exchange]]

Hi,

I work remotely. I typically login to my work domain on my laptop,
even when it is not on the network (WORK\a.user). A week or so ago,
this login simply failed: I had been logged in and was unable to log
in a few hours later. I received the same error one receives on a bad
password. I can think of no reason for this: I made no changes to the
password, I wasn't connected to any domain, and I didn't make any
software changes. The domain doesn't enforce any password expiration
policy. I double checked with the sys admin: he confirmed they'd made
no changes and was at a loss to explain the problems I am having.

Since then, I've only been able to log on to this machine using the
local machine's administrator account. My domain username fails.
However, when I log in to the work server remotely, I can access it
using the same (old) username and password without any problem. This
all suggests the problem is on the local computer, not the domain.

Since I work remotely, it's difficult to connect to the domain for any
substantial period of time (and I am not a domain administrator). I
can't do anything with the WORK/a.user account and haven't set-up the
LOCAL/a.user account.

This problem has me bewildered - can anyone offer any explanation or,
more usefully, a fix to this.

Thanks,
Geoff.

I'm not sure, honestly (you might check your event logs) but I have to
question the need (or benefit!) of your computer belonging to the domain to
begin with. If you're never (or very very infrequently) going to have direct
contact with a DC (VPN clients don't generally count) perhaps this is not
worth keeping up. I don't join my remote/home-user clients' laptops to their
domains.

 

[Geoff332]

You might have a point. I do need the domain login occasionally, but I could
reset the password (or otherwise fix the problem) next time I login.

If I take this path, would it be simply a matter of creating the a local
login with the same username? And would this run the same local settings as
the current domain login? To put it another way, would LOCAL/a.user and
WORK/a.user share settings on the local machine?

 

[Shenan Stanley]

You might have a point. I do need the domain login occasionally,
but I could reset the password (or otherwise fix the problem) next
time I login.

If I take this path, would it be simply a matter of creating the a
local login with the same username? And would this run the same
local settings as the current domain login? To put it another way,
would LOCAL/a.user and WORK/a.user share settings on the local
machine?

If you changed it so it worked that way - yes.

I often leave the laptops I hand out I know I will not see for months at a
time *in the domain* but I logon as the user in the domain and on the local
machine, change the proper permissions and registry settings so the two
profiles point to the same place and then have them logon locally from that
point on. It speeds up logons for them and still gives me the same access I
would expect from a domain computer when it shows up again.

 

[Lanwench [MVP - Exchange]]

You might have a point. I do need the domain login occasionally, but
I could reset the password (or otherwise fix the problem) next time I
login.

Well - if you're using VPN or Terminal Services, you don't need any local
caching of that info at all. It isn't relevant. You provide the domain
credentials when you *need* them.

If I take this path, would it be simply a matter of creating the a
local login with the same username?

I'd use a different username.

And would this run the same local
settings as the current domain login? To put it another way, would
LOCAL/a.user and WORK/a.user share settings on the local machine?

You can probably copy the profile over but I'd be more inclined to

a) create the local user (w/admin rights)
b) log in as the local user
c) customize the profile
d) ensure that you have all *data* (not settings) copied over into this
user's appropriate profile folders

Then I'd simply disjoin the domain and go into a workgroup and use the I
know you can mess around with registry settings but I prefer not to do that,
esp. since it's highly unlikely that your laptop will ever have
communication with the DC any longer, and you'll end up with weird
shards/settings.

 

[Geoff332]

That seems like the best approach. The key thing I want to do it not lose my
existing configuration (the existing WORK/a.user settings). I am guessing if
I try and create a LOCAL/a.user it won't work... which brings me to two
further questions:

1. Do I need to be on the domain to make the changes you talk about?
2. What are the permission/registry changes I need to make (or at least can
you point me in the direction of the information).

I'm not a sysadmin, but I work on the other side of the world from my
sysadmins, so I need to try and fix these problems myself, if possible.

Thanks,
Geoff.