Normally to update / unlock user's cached domain credentials on a workstation you need to log on as the user while connected to the domain controller (locally or via VPN). If you have a remote workstation which connects remotely via VPN you are fine as long as VPN is initiated on a router / firewall or your software VPN clients initiates before user logs on.
However, if your VPN software only works while user is logged on you won't be able to update cached credentials normal way.
You can get it done using remote desktop connection:
Logon on a workstation using cached credentials. You can use any other domain or local account, not necessary one you are trying to update.
Once you are logged on start your VPN client and ensure you have connection to your domain controller.
From the office network side start remote desktop client and connect to the remote workstation (via VPN).
When asked for login details enter username and password of the user you are trying to update.
This will update cashed domain credentials on the remote workstation.
Windows Server 2003