| Femi E 2003-06-06, 12:23 pm |
| Usually, for a working domain cache account you would get
the error " A domain controller for your domain could not
be contacted, you have been logged on using cache account
information. Changes made to your profile since you last
logged on may not be available". You then press "OK" to
the error message, and you would be able to login to the
PC.
But last week, one of my remote customers called and said
that his cache (local) login was not working. On an
attempt to login, the a different error message popped
up " Domain controller cannot be found"
He would press "OK" to the error and it would take him
back to the ctrl+alt+delete screen.
He could not login to it, Log in was in a loop. This has
happened to more than five users working remotely?
The Knowns:
All Laptops do not have local accounts created. They
connect remotely through their domain cache accounts.
The domain cache credentials have worked OK for the
customers for weeks, until the sudden issue.
While troubleshooting, I discovered that all the users'
domain passwords had expired. So they needed to establish
connections to the LAN to request password changes through
the PDC. But since the machines could not locate the PDC
remotely, it went into a loop. Would not even allow the
users to login.
So I had to invite one of the affected users to the
office. As soon as I connected his laptop to the LAN, the
message appeared " Your windows password has expired and
must be changed. You must change your password now".
Therafter we changed the password, which I think updated
the domain cache account on the laptop to resolved the
problem.
But for those users who were out of town, I had to use the
backdoor approach to create local accounts for the them in
order to get them logged on to their laptops. So the
question: Does WIN2k domain cache credential store
password expiration dates? I don't like to create local
accounts for our remote users.....
Any help will be appreciated!
Femi
|