Thursday, May 20, 2010

Cached Credentials and the Ghost in the Machine

***This post is for the Helpdesk folk***

I encountered a very interesting problem today. See below....

A user is at a remote site. The computer she is using belongs our domain. When she logs into the computer it uses local cached credentials. The user logs into the computer with the cached credentials (which is an old password) then use the Cisco VPN client to connect to our network (using the CURRENT network password). After connecting to VPN she would double-click on a desktop shortcut that points to her My Documents network folder in order to access her files. Still with me? Good.

The user just got back from vacation and  tried to access her files just like any other day, but it wasn't working. What happened is that after she tried to open her My Documents from the desktop shortcut she was presented with a Logon Credentials window. She would enter her username and password then press OK, but another Logon Credentials window would open. Adding to the confusion, we found that every time she entered her credentials and hit OK at the login box her domain account would lock out.

We couldn't figure out what the heck was going on. After being on the phone with her for an hour, we finally figured out the cause of the problem. The issue must have been due to corrupt or incorrect cached credentials on the computer.

We re-synced the workstation's cached credentials with the domain. You can follow these steps on Windows XP, Vista, or Windows 7:

1) We ensured the computer was connected to the network through VPN.
2) Click on Start > Control Panel
3) Open System > Computer Name tab > Network ID
    - In Windows Vista or 7, Open System, click on "Change Settings" under the Computer name, domain, and workgroup settings, then click on Network ID.
4) The Network Identification Wizard opens. Click next.
5) Choose the first bullet point and click next.
6) Choose the first bullet point and click next.
7) Read the Network Information screen and click next.
8) Type your domain user account information and click next.
9) At the "This computer name has been found on the domain. Use this computer?" click Yes.
10) Keep clicking next and the sync process will occur. You will need to reboot the PC.
11) After reboot, log in with the CURRENT network credentials.

After re-syncing her cached credentials with the network, the user was able to access her My Documents just as she was able to in the past. Apparently it is rare when Windows somehow gets the cached credentials corrupted or incorrect, but it can happen. Keep this one in your knowledgebase just in case you encounter a similar issue.