Local logon caching does not work on computers in a trusted domain

Hello colleagues! I need your help.
There are domain DomainA and subdomain ChildB.DomainA. Between domain has a two-way trust. DomainA stores users accounts, ChildB.DomainA stores accounts of workstations (PCs).
What's the problem: If domain controller is available, the users (from the domain DomainA) successfully authenticated to the PC in domain Child. But if there is no connection (or off-line), users can not authorize on the workstation (and even unlock).

Domains policy is default setting:

Interactive logon: Require Domain Controller authentication to unlock. Default: Disabled.

Interactive logon: Number of previous logons to cache (in case domain controller is not available). Default: 10.

Experiment was carried out on the PC, where the user has previously been successfully logged.

Server OS: Windows Server 2012 R2; Client OS: Windows 8.1 EE x64 wUpdt.

Users have error: There are currently no logon servers available to service the logon request.

Objective: To allow users logon PC (in trusted domain) in off-line mode (or during network problems) with local logon ca

July 7th, 2015 3:44pm

Hi,

This issue can be caused if the DNS server in child domain was failed to connect.

Check the similar issue here:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/bc774a0a-f570-47ef-9b7b-134295afee75/child-domain-not-able-to-login-with-enterprise-account?forum=winserverDS

For further troubleshooting, please submit a new case to Windows server forum.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=windowsserver

The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.  Thank you for your understanding.

Free Windows Admin Tool Kit Click here and download it now
July 9th, 2015 3:09am

Hi,

Local logon caching allow users logon to offline PC.  Therefore, it is not due to a disconnections DNS servers.

And now the most interesting thing is that in fact is the answer to my question.

First, a small addition to the situation described above: the user is authenticated on the workstations by entering your e-mail, rather than the classic domain\user.

Let me remind you the essence of the problem: logon or unlock the workstation results in an error if the PC has lost a network connection (and can't find domain controllers).
Error is easily reproduced: 1. login on a workstation; 2. lock workstation; 3. disconnet PC (remove patch-cord from NIC); 4. try to unlock the workstation by entering user password; 5. get the error "There are currently no logon servers available to service the logon request."

The problem was solved completely unexpected way:
In the fourth step, you specify that you want to log into another user to re-enter your user name (in my case, e-mail) and password, and the workstation is unlocked remain disconnected from the network. Moreover, repeated experiment does not fail.
Conclusion: The source of the problem lies in the stored in the system user name, after the refresh username "Cached logons" starts working normally.

July 16th, 2015 4:19pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics