Techblurt: Privacy & Security Perspectives

There are no logon servers available – Create Cached Credentials over PPTP VPN

If you need to re-install Windows (7 for me, but this should be valid for any) on a “work” laptop when away from the Active Directory domain you may have difficulties setting up and logging in using your domain account due to the domain not being available until after you setup a VPN connection (however this means you would need to logon first… Catch-22 situation!)

Here’s how I resolved the issue which meant I could continue setting up my laptop before I need to do some actual work again tomorrow:

1. Create a local administrator account when installing Windows 7

2. Create a PPTP VPN to the domain (other VPNs may work)

3. Join the domain (e.g. yourcompany.local) by right-clicking on “My Computer”, select Properties and change the network settings – you will be prompted for a domain user account that has permission to join the domain. I also added my domain to the local administrators group at this point.

4. Reboot

5. If you try to login at this stage you will get the “no logon servers” message; login as the local administrator account created in step 1.

6. Connect to the PPTP VPN using your domain account (other VPNs may work; untested though…)

7. Hit Ctrl+Alt+Del and select “Switch User” – this forces the next user to authenticate before disconnecting the VPN… neat! Login using your domain account and the logon server will be available long enough for you to authenticate and cached credentials to be created.

That’s it! Saved me a lot of time working this out but couldn’t find any clear guide as to how to setup cached credentials over a VPN. Some guides suggested that mapping a drive may work, but I think that is probably only if you are already logged in under your domain user account. I may not be alone in wiping my work laptop every so often… maybe not advised but I had 5 BSODs in 3 days (ntoskrnl.exe) – enough is enough! 

Hope that helps somebody! Comments welcome!

Posted

in

by

Gus Fraser

Tags:

, , , , ,

Comments

9 responses to “There are no logon servers available – Create Cached Credentials over PPTP VPN”

  1. Jf

    There is a way to avoid having to log on as the local admin first, if you check the box for “allow all users to use this connection” it will allow you to login via the vpn connection first. you just have to press the switch user button, then in the bottom right, there will be a new button for network login. establishes the connection with the supplied credentials, then logs the user into the domain. easy as pie.

    Reply
  2. Anonymous

    Hot dog… I have struggling with this myself. Thanks.

    Reply
  3. Saliya Ekanayake

    Thank you very much. This saved me from driving to my university to just cache credentials 🙂

    Reply
    1. Gus Fraser

      Welcome – I really couldn’t be bothered driving an hour to fix this either so had to find a workaround!

      Reply
  4. Katrina

    This also works with the SonicWALL Global VPN Client. Thank you!

    Reply
  5. Tynen

    Thanks, that helped a lot! Works with Aruba 🙂

    Reply
  6. Daniel

    Thank you a TON! Had previously always cached credentials locally but will regularly use this process now. Worked like a charm!

    Reply
  7. Ethan

    Excellent post. I was checking continuously this blog and I’m impressed!
    Extremely helpful information particularly the last phase 🙂 I
    maintain such info a lot. I used to be looking
    forr this certain information for a very lengthy time.Thanks and best of luck.

    Reply
  8. james houston

    Thank you this is good enough for me. Just after reading an article from vpnranks i have chosen express with pptp compatibility.

    Reply

Leave a Reply to Tynen Cancel reply

Your email address will not be published. Required fields are marked *