Is it possible that there is a network connection still enabled and windows is trying to route through this even if there is no connection?
Assuming the VPN uses a virtual network adapter, these won’t auto-disable on a restart. If you boot into safe mode with networking, adapter there? Is it still enabled? Disable and reboot, does globe disappear\login work?
Thanks a lot for the info on the dnspolicyconfig, same thing has been happening to us.
I had a similar issue where login would take ages and it had to do with the system trying to mount and sync the network drives and folders.
If you can log in using cached admin creds you can disable offline files:
Control Panel > Sync Center > Manage offline files > disable offline files.
Mind you, if you try this the user will loose all shortcuts in task bar and will not see desktop until they connect to the VPN
I imagine you are thinking of the “Always Wait for the Network at Computer Startup and Logon” policy.
I’m testing this now. Interesting thought.
Any idea if it’s possible to temporarily disable the group policy service on the PC? Seems like it would be an easy way to test.
Also I would imagine a simple reboot should resolve the problem. After reboot they would not be connected to the VPN.
No problem, I’ll be on the lookout to see if you need anymore help (except if it involves printers)
Ah, that’s unfortunate. Are you using local or roaming profiles? Maybe worthwhile creating a local account on the device and seeing if you get the same result?
Connected, no internet: DNS issues.
Thank you for the tip! Looks like our offline files are already disabled across the board.
Yes, that sounds like the setting I was thinking about. Also came across this, not sure if it applies to this situation, but it’s worth a look. https://www.zdnet.com/article/new-windows-10-bug-hits-home-working-outlook-o365-teams-cant-access-internet/
Well, GPO settings are all applied via the registry and once they are in the registry you’d need a GPO to undo what was done, I’m not sure how to reset the GPO portion of the registry, but I’d imagine it’s possible - do a little googling to see what you find. Disabling the GPO service would probably just prevent any further gpos from being applied, but what’s already applied is basically hard-coded in the registry.
delete the group policy store in %windir%\System32\GroupPolicy(you can delete everything in this folder)
Then do a gpupdate /force and it;ll pull in new GPOs
Oops, sorry, missed this bit in your original post. Can you RDP into the box pre-logon?
This. Confirm impacted PC’s have no network connection (cable unplugged, wifi turned off / disabled) and attempt to log in at user.
You will hit cached credentials.
If still broken, do you have a GPO disabling cached logins?