Overclockers Australia Forums

OCAU News - Wiki - QuickLinks - Pix - Sponsors  

Go Back   Overclockers Australia Forums > Specific Hardware Topics > Business & Enterprise Computing

Notices


Sign up for a free OCAU account and this ad will go away!
Search our forums with Google:
Reply
 
Thread Tools
Old 15th June 2017, 10:35 AM   #1
synoptica Thread Starter
Member
 
synoptica's Avatar
 
Join Date: May 2002
Location: St Kilda East, Vic
Posts: 2,376
Default Is there a limit on how long a machine will cache AD creds for offline logon?

Hi all,

Just had a client advise that a machine that's not on the LAN (but domain joined - user is travelling) can no longer log in (W10 Pro). He's only been offline for a week, and has been logging in successfully up until around 24 hours ago (now getting the 'there are no login servers to process this request' message.)

While I'm always inclined to point the finger at user error for login issues, I thought I'd double check in case there's been a change that I've missed.

Is there any restrictions that are on by default (2016 functional level, if that's relevant) that would prevent AD credentials being cached for offline login for more than a week?

Any advice appreciated as always

Last edited by synoptica; 15th June 2017 at 10:43 AM.
synoptica is offline   Reply With Quote

Join OCAU to remove this ad!
Old 15th June 2017, 10:57 AM   #2
bcann
Member
 
Join Date: Feb 2006
Location: NSW
Posts: 4,065
Default

Quote:
Originally Posted by synoptica View Post
Hi all,

Just had a client advise that a machine that's not on the LAN (but domain joined - user is travelling) can no longer log in (W10 Pro). He's only been offline for a week, and has been logging in successfully up until around 24 hours ago (now getting the 'there are no login servers to process this request' message.)

While I'm always inclined to point the finger at user error for login issues, I thought I'd double check in case there's been a change that I've missed.

Is there any restrictions that are on by default (2016 functional level, if that's relevant) that would prevent AD credentials being cached for offline login for more than a week?

Any advice appreciated as always
not 100% on win10, but all previous version cached it for basically infinity. there was the tombstone limit on the DC if the say laptop was offline for whatever period it was (60 or 90 days?) that you would have to rejoin it to the domain if you dropped it back onto the network, but if it is permanently offline, it was usually no issue to login on a cached credential.
__________________
Quote:
Originally Posted by elvis View Post
All I do is hand folks the working gun. Up to them as to whether or not they go hunting to bring home the bacon, or shoot themselves in the foot. I am merely the lowly gunsmith, and nothing more.
bcann is offline   Reply With Quote
Old 15th June 2017, 11:00 AM   #3
synoptica Thread Starter
Member
 
synoptica's Avatar
 
Join Date: May 2002
Location: St Kilda East, Vic
Posts: 2,376
Default

Quote:
Originally Posted by bcann View Post
not 100% on win10, but all previous version cached it for basically infinity. there was the tombstone limit on the DC if the say laptop was offline for whatever period it was (60 or 90 days?) that you would have to rejoin it to the domain if you dropped it back onto the network, but if it is permanently offline, it was usually no issue to login on a cached credential.
Thanks mate - this has always been my experience too. I've had machines offline for literally years that still sign-in using (long since expired) domain credentials.

I can only assume some user error at this point!
synoptica is offline   Reply With Quote
Old 15th June 2017, 12:14 PM   #4
bcann
Member
 
Join Date: Feb 2006
Location: NSW
Posts: 4,065
Default

Quote:
Originally Posted by synoptica View Post
Thanks mate - this has always been my experience too. I've had machines offline for literally years that still sign-in using (long since expired) domain credentials.

I can only assume some user error at this point!
i'm guessing wrong username.
__________________
Quote:
Originally Posted by elvis View Post
All I do is hand folks the working gun. Up to them as to whether or not they go hunting to bring home the bacon, or shoot themselves in the foot. I am merely the lowly gunsmith, and nothing more.
bcann is offline   Reply With Quote
Old 15th June 2017, 12:14 PM   #5
PabloEscobar
Member
 
Join Date: Jan 2008
Posts: 9,247
Default

It will only cache a total of 10 credentials though.

So if you had a situation where you had an offline laptop that needed more than 10 users, you'd need to adjust CachedLogonsCount in the registry.
PabloEscobar is online now   Reply With Quote
Old 15th June 2017, 1:46 PM   #6
synoptica Thread Starter
Member
 
synoptica's Avatar
 
Join Date: May 2002
Location: St Kilda East, Vic
Posts: 2,376
Default

Quote:
Originally Posted by bcann View Post
i'm guessing wrong username.
Yeah, that's my suspicion, too. The affected user is being instructed by someone reasonably competent and assures me it's not the case... but yeah, I'm not ruling it out!

Quote:
Originally Posted by PabloEscobar View Post
It will only cache a total of 10 credentials though.

So if you had a situation where you had an offline laptop that needed more than 10 users, you'd need to adjust CachedLogonsCount in the registry.
Definitely not exceeded; the user has been logging on for the past week without issue. They'd have seen three different logins at worst!
synoptica is offline   Reply With Quote
Old 15th June 2017, 1:54 PM   #7
EvilGenius
Member
 
EvilGenius's Avatar
 
Join Date: Apr 2005
Location: _Rocky Status:_Folding!
Posts: 8,971
Default

They haven't joined to like hotel wifi or something and have the thing sitting there at a locked screen prompt instead of the login prompt? There a wifi switch on it they can turn off?
__________________
i7-4820k @ 4.6 | X79-Deluxe | 64GB GsKill Ares PC-14900 | EVGA GTX 970 | Corsair HX-850 | CM690II
Once more unto the breach dear friends, once more
Cry fold for Team24, OCAU and all the world!
Wanted - N64 console - decent controller/s
EvilGenius is offline   Reply With Quote
Old 15th June 2017, 2:16 PM   #8
synoptica Thread Starter
Member
 
synoptica's Avatar
 
Join Date: May 2002
Location: St Kilda East, Vic
Posts: 2,376
Default

Quote:
Originally Posted by EvilGenius View Post
They haven't joined to like hotel wifi or something and have the thing sitting there at a locked screen prompt instead of the login prompt? There a wifi switch on it they can turn off?
Even if so, I'd have said the machine would try to reach the DC for the domain to which its joined, and if that fails, fall back to cached creds, right?
synoptica is offline   Reply With Quote
Old 15th June 2017, 3:14 PM   #9
g00nster
Member
 
Join Date: Sep 2004
Location: Melbourne
Posts: 288
Default

Quote:
Originally Posted by synoptica View Post
Even if so, I'd have said the machine would try to reach the DC for the domain to which its joined, and if that fails, fall back to cached creds, right?
We've just started using cached creds for surface pro's on win 10 (1703) and when connected to any WiFi it'll fail to use cached creds.

As a workaround we've told staff to disable WiFi (or 4G Modems) until after login.
__________________
Successfully traded with: Rickster, DrNick, d-cee, Busta-P, Loop Goose, hotdog_hotdog, ELLIOTBDC, paulnuboi, Rysith, Clicking, Mikey_D, czaja74
g00nster is online now   Reply With Quote
Old 15th June 2017, 3:40 PM   #10
synoptica Thread Starter
Member
 
synoptica's Avatar
 
Join Date: May 2002
Location: St Kilda East, Vic
Posts: 2,376
Default

Quote:
Originally Posted by g00nster View Post
We've just started using cached creds for surface pro's on win 10 (1703) and when connected to any WiFi it'll fail to use cached creds.

As a workaround we've told staff to disable WiFi (or 4G Modems) until after login.
Fuck, really? That's really, really stupid. So if you take your laptop home from work, you can't log in if it automatically connects to your WiFi... seriously?

That definitely hasn't been a thing previously, I'm sure of it.
synoptica is offline   Reply With Quote
Old 15th June 2017, 3:43 PM   #11
g00nster
Member
 
Join Date: Sep 2004
Location: Melbourne
Posts: 288
Default

Quote:
Originally Posted by synoptica View Post
Fuck, really? That's really, really stupid. So if you take your laptop home from work, you can't log in if it automatically connects to your WiFi... seriously?
I can't confirm if it's supposed to do that, but it does/has for us.
__________________
Successfully traded with: Rickster, DrNick, d-cee, Busta-P, Loop Goose, hotdog_hotdog, ELLIOTBDC, paulnuboi, Rysith, Clicking, Mikey_D, czaja74
g00nster is online now   Reply With Quote
Old 15th June 2017, 8:05 PM   #12
EvilGenius
Member
 
EvilGenius's Avatar
 
Join Date: Apr 2005
Location: _Rocky Status:_Folding!
Posts: 8,971
Default

Quote:
Originally Posted by synoptica View Post
Even if so, I'd have said the machine would try to reach the DC for the domain to which its joined, and if that fails, fall back to cached creds, right?
My experience, connected to any network it will fail with cached creds. YMMV, I have no idea how it's *supposed to work.
__________________
i7-4820k @ 4.6 | X79-Deluxe | 64GB GsKill Ares PC-14900 | EVGA GTX 970 | Corsair HX-850 | CM690II
Once more unto the breach dear friends, once more
Cry fold for Team24, OCAU and all the world!
Wanted - N64 console - decent controller/s
EvilGenius is offline   Reply With Quote
Old 20th June 2017, 12:08 AM   #13
Cthom
Member
 
Cthom's Avatar
 
Join Date: Nov 2016
Posts: 73
Default

Quote:
Originally Posted by bcann View Post
not 100% on win10, but all previous version cached it for basically infinity. there was the tombstone limit on the DC if the say laptop was offline for whatever period it was (60 or 90 days?) that you would have to rejoin it to the domain if you dropped it back onto the network, but if it is permanently offline, it was usually no issue to login on a cached credential.
Seriously, how this can occur.

Same thing happened with me. I'm always inclined to point the finger at user error for login issues, I thought I'd double check in case there's been a change that I've missed.
__________________
Happiness is the art of never holding in your mind the memory of any unpleasant thing that has passed.
Cthom is offline   Reply With Quote
Reply

Bookmarks

Sign up for a free OCAU account and this ad will go away!

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time now is 10:18 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
OCAU is not responsible for the content of individual messages posted by others.
Other content copyright Overclockers Australia.
OCAU is hosted by Micron21!