StevenWhiting.com

A place for info I've learnt in IT & stuff. (I get a little kick back from affiliate ads & links, just so you are aware)

Browsing Posts tagged Cached Credentials

https://support.microsoft.com/en-us/kb/2555663

 

Users receive the following error when logging onto a domain-joined Windows Vista or Windows 7 computer using cached credentials:

There are currently no logon servers available to service the logon request.

  1. LsaSrv Event 45058, logged in the System event log of a domain-joined workstation, indicates that the operating system has deleted the cached credential for the user specified in the event:

Log Name: System
Source: LsaSrv
Date: <date> <time>
Event ID: 45058
Task Category: Logon Cache
Level: Information
Keywords: Classic
User: N/A
Computer: computername.contoso.com
Description:
A logon cache entry for user USERNAME@CONTOSO.COM was the oldest entry and was removed. The timestamp of this entry was MM/DD/YYYY HH:MM:SS.

Cause

The user logon error occurs when a user’s cached credentials have been purged from the local computer by more recent domain user logons.

Windows Vista and Windows 7 operating systems cache credentials for a finite number of user accounts (assuming cached credentials have not been disabled).

Once the cached logon quota has been reached, the operating system will purge the oldest cached credential from the local computer so that the credentials for the next unique domain user successfully authenticated by a domain controller may be cached. The logging of the LsaSrv 45058 event indicates that the cached logon quota has been reached, triggering the deletion of the oldest user credential cached on the local machine.

Resolution
  1. Verify that cache credentials are allowed on the local computerIf the CachedLogonsCount registry value is 0 then the system will not cache domain user credentials.  See the More Information section below to determine the configurable range. 
  2. If the user’s credentials have been deleted OR cached credentials are disabled, establish network connectivity and name resolution with one or more domain controllers that can authenticate the user account’s domain logon (VPN, etc.), then successfully authenticate the user’s logon.If cached logons are enabled, a successful logon will cache that user’s credentials while purging the oldest cached credentials.If establishing domain connectivity over a software VPN, you’ll likely have to establish the VPN from another local or cached domain user, persist that connection while logging off, then logging on or switching to the domain user account whose credentials you want to cache.
  3. Evaluate increasing the cache logon quota with a domain administrator.

 

 

Obviously person has to have logged on successfully at least once.

In XP search in reg for cachedlogonscount

Normally at

HKLM\Software\microsoft\Windows NT\currentversion\winlogon

Normally shows the user.  Change

cachedlogonscount

to anything above 0

Maybe other references in that section that prevent it but need to compare with a working machine to find the entry blocking the cache.

 

Bad Behavior has blocked 82 access attempts in the last 7 days.