If anyone can offer any clues to this weirdness I'd be very grateful...
Over the summer we created a series of VLANs for each of our ICT suites. We now have a few weird issues with a couple of the VLANS. The first niggle is if a new user attempts to log on a workstation located in one of the affected VLANs - they do not get a new roaming profile. Instead their desktop and start menu are empty. If we log them on a workstation outside of the affected VLANs, the profile is created successfully and is sync'ed back when they log off, so they can then log on ok on the previous machine.
Also, an external support team has configured our Moodle site to use LDAP SSO to log the students automatically into Moodle once they log into a workstation. Again, this is working fine apart from workstations inside the VLANs where we also have the profile issue. With these workstations the auto login to Moodle doesn't work.
Ive looked at the switch/VLAN setup for the areas that have this problem and can find no differences when compared to other VLAN'ed areas that are working ok. IP helper-addresses for the required servers are in-place. Each VLAN has it's own IP scope, but again I can see no difference in the configuration of the scopes we have created (other than the ranges obviously!)
I should say if a student uses a workstation in the affected VLANs and they already have an existing profile, they can use programs and access the network as we would expect them too. Everything seems fine apart from the Moodle auto login, so thankfully it's not causing us a HUGE problem. It's just an annoying one.
As an update to my original post, we have now discovered that of the 8 VLANs in our network, ones which are assigned to use IP addresses from the second-half of a range (eg. 10.x.xxx.128 - 10.x.xxx.256) suffer the issues outlined above. VLANS that use the first-half of a range (eg. 10.x.xxx.0 - 10.x.xxx.128) are perfectly fine... has anyone else ever noticed issues similar to this when assigning IP ranges?
Thanks for the suggestions. All of the gateway and DNS addresses are set correctly for the VLANS. I've looked in Active Directory Sites & Services and there are no subnets defined in there at the moment. Is it just a case of entering each IP range and scope we've used into the 'subnets' category?
As for Moodle, you have to tell it subnets you want for NTLM. Your new VLANs have new subnets. If you have't told moodle to use these new subnets for NTLM it simply won't use NTLM. Just add them to that. On our Moodle 2.5 Install the settings are found here: Site Administration > Plugins > Authentication > LDAP Server. There is an NTLM section
Last edited by FN-GM; 9th October 2013 at 11:10 AM.