On a computer that you use to log on to a domain, you may be unable to log on to the computer when you are disconnected from the domain, even though in the past you could log on to the computer while disconnected from the domain.
This issue may occur if all of the following conditions are true (in the order presented):
You successfully log on to the domain with the computer in question, either through a remote access, virtual private network (VPN), or network connection.
You log on to the domain and are prompted to change your password.
You have not successfully logged on to the domain through a remote access, VPN, or network connection since you changed your domain password.
When you successfully log on to a domain with a domain user account, your domain logon credentials are cached locally on your computer. If you then disconnect that computer from the network and log on, you are logged on with the cached credentials for the domain.
When you log on to the domain and are prompted to change your password, your cached domain logon credentials are not updated until you successfully log on to the domain with the new password. After you have successfully logged on to the domain with the new password, your cached domain credentials are updated, and you can then log on to the computer when you are disconnected from the domain.
To resolve this issue, you must use the network, remote access, or VPN to log on to the domain.
Therefore, connect the computer to the network, and then log on to the domain. Or, to use remote access or VPN to log on to the domain, follow these steps:
Start your computer.
On the logon screen, type your user name in the User name box.
In the Password box, type your domain password.
In the Log on to list, click the name of the domain.
Click to select the Logon using dial-up connection check box, and then click OK.
In the Choose a network connection list, click the dial-up or VPN connection that you want to use, and then click Connect.
Note There are no tools or utilities from Microsoft to update cached credentials. This is by design. Only cached validated domain logons are stored as cached credentials.
If you are using third-party VPN software that does not interface with Dial-Up Networking, you may not be able to access your domain when you click to select the Logon using dial-up connection check box, and therefore you cannot update your cached domain credentials. To work around this issue, create a local account on the computer. Use the local account to log on locally, and then make a VPN connection to the domain.
To create a local account, follow these steps:
Log on to the computer as Administrator.
Click Start, point to Settings, and then click Control Panel.
Double-click Users and Passwords.
Click Add, in the User name box, type a user name, and then click Next.
In the Password box, type a password, type the same password in the Confirm password box, and then click Next.
Under What level of access do you want to grant this user, click to select Standard user, Restricted user, or Other. If you select Other, select the type of account that you want in the Other list.
To log on locally with the new local account, follow these steps:
On the logon screen, type the name of the local user account that you created earlier in the "Workaround" section of this article in the User name box.
In the Password box, type the password for the user account.
In the Log on to list, click the name of the computer, and then click OK.
For more information about how to set up a remote access connection, see the "Network and Dial-Up Connections" topic in the Windows 2000 Help files.