Hello

We use here around 20 notebooks, all with Win XP Pro (incl. all updates).
We've also two domain controllers (1x Win2k Server Std. and 1x Win 2003
Server Std.). The notebook users are often in remote locations which is
probably also a customer network (not every time). In very rare cases Win XP
Pro let the user not login. The error messages is: "There are currently no
logon servers available to service the logon request.". As a result, as I sad
before, the user is no longer able to login. The only resolution I found is
to bring back this notebook to our network. Afterwoods the login works
perfectly (also without any network connection).  The problem where we have
is that the notebook users are often far away (in other countries). Then I
have no solution as to bring back the notebook. Any ideas?

After check some ressouces I found this GPO:
Interactive logon: Number of previous logons to cache (in case domain
controller is not available). I did not set it in the hole domain. Has this
GPO anything to do with my problem?

The only message which I found on the nobtebook is the following (sorry,
it's german) but the message also occurs if I have no lock out (and no
original domain).

Ereignistyp:    Warnung
Ereignisquelle:    LSASRV
Ereigniskategorie:    SPNEGO (Vermittlung)
Ereigniskennung:    40960
Datum:        16.11.2006
Zeit:        14:56:14
Benutzer:        Nicht zutreffend
Computer:    ACNBXP55
Beschreibung:
Das Sicherheitssystem hat einen versuchten Herunterstufungsangriff für den
Server DNS/auth200.ns.uu.net festgestellt. Der Fehlercode des
Authentifizierungsprotokolls Kerberos war "Es stehen momentan keine
Anmeldeserver zur Verfügung, um die Anmeldeanforderung zu verarbeiten.
(0xc000005e)".

Regards,
Martin Schweizer

=?Utf-8?B?TWFydGluIFNjaHdlaXplcg==?=
<MartinSchwei***@discussions.microsoft.com> wrote in
Show quoteHide quoteSee if one of these article helps:

"Cached credentials security in Windows Server 2003, in Windows XP,
and in Windows 2000"
<http://support.microsoft.com/kb/913485/en-us>

"Cached domain logon information"
<http://support.microsoft.com/kb/172931/>

HTH,
  John

Hallo Martin,

To avoid such events:
//---BEGINLOG---
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
User:  N/A
Description:
No Domain Controller is available for domain DOMAIN_NAME due to the
following:
There are currently no logon servers available to service the logon
request. .
Make sure that the computer is connected to the network and try again.
If the problem persists, please contact your domain administrator.
//---ENDLOG---
In addition to the above mentioned policy that sets the number of
cached unique accounts you might want to disable
[url=http://technet2.microsoft.com/WindowsServer/en/library/699cbfa3-8963-4313-b7c4-f2bde3c57d421033.mspx?mfr=true
policy]Interactive logon: Require Domain Controller authentication to
unlock[/url] to let your users log on with cached credentials. In case
you want your users to stay with current policy settings after logon
will get processed, you can try something like
[url=http://www,scriptlogic.com/da]Scriptlogic's Desktop
Authority[/url] which is able of hourly refreshing user state.

Hello John and Ephemeral

Thanks for the hints. I will try them in the next few days and will give you
an update.

Regards,
Martin

Show quoteHide quote

Cannot connect to JUST ONE Web site / IP address
Users can't change password
P2P network not working properly
Why can't I access certain websites anymore?
"Network Name No Longer Available"
Losing connectivity intermitedly
Where does XP Pro user obtain NETMON ?
speedtest under overseas networks
Home Networking Trouble
Belkin F5D7132 problems