+ Post New Thread
Results 1 to 11 of 11
Wireless Networks Thread, RADIUS Wireless Chicken and Egg Problem in Technical; Hi, For years we have been experiencing a wireless problem on student wireless laptops, that would be really useful to ...
  1. #1
    HCC
    HCC is offline
    HCC's Avatar
    Join Date
    Jan 2009
    Location
    East Sussex
    Posts
    117
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    12

    RADIUS Wireless Chicken and Egg Problem

    Hi,
    For years we have been experiencing a wireless problem on student wireless laptops, that would be really useful to resolve:

    in XP 'domain not available' and 7 "no logon servers available" at logon screen with wireless on.

    It can be fixed by connecting a network cable and restarting the laptop, then disconnecting the cable at the logon screen. Wireless will then work as expected.

    Student Laptops that are used regularly, don't have this problem.

    Here is what I think is happening - Laptops are not being used within 30 days, the computer password expires in AD, they go to blow the dust off and use them and the radius computer auth fails because the password has expired. The computer can't update the password because its not connected to the network: hence the chicken & egg.


    Has anyone else experienced this? Any ideas to resolve?

    Thanks,

  2. #2

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,935
    Thank Post
    1,628
    Thanked 1,898 Times in 1,410 Posts
    Blog Entries
    2
    Rep Power
    429
    Can you change the authorisation time on your radius set up, keep it for say 90 days?

  3. #3
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    334
    Thank Post
    37
    Thanked 55 Times in 51 Posts
    Rep Power
    24
    Yes, this problem dose my head in. Been on my todo fix list for years.

    I always thought it was the certificates expiry date that was the problem.

  4. #4

    Join Date
    Jan 2014
    Location
    Bournemouth
    Posts
    34
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    2
    If the computer password had changed, you'd be getting "The trust relationship between the workstation and the primary domain has failed".

    This is more likely to do with wireless cards not properly initialising on boot/taking a while to associate. I've been working on this issue for a while as well!

    Out of curiosity, are you using Intel Centrino based NICs?

  5. #5
    HCC
    HCC is offline
    HCC's Avatar
    Join Date
    Jan 2009
    Location
    East Sussex
    Posts
    117
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    12
    Thanks for your replies
    Can you change the authorisation time on your radius set up
    not sure where this is set - I'm using the Windows Server RADIUS Server
    are you using Intel Centrino based NICs?
    On some, but I've removed the horrid proset rubbish. Others are Dell

    I have tried leaving them for 1/2 an hour but they still don't connect, all have 'wait for network' on group policy set.
    If I set up a temp SSID with just a WPK-PSK password it works OK, but I don't really want to have to change all the settings. RADIUS should make it more secure.

    Connecting a cable then logging on, then removing the cable still leaves the fault. It has to have the cable in as windows loads up.

  6. #6

    Join Date
    Jan 2014
    Location
    Bournemouth
    Posts
    34
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    2
    Doesn't matter about the proset rubbish unfortunately...

    Can you check the WLAN Auto-Config log in event viewer and see if there's any errors there?

  7. #7
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,456
    Thank Post
    10
    Thanked 494 Times in 434 Posts
    Rep Power
    112
    you can set a policy to stop the machine account password changing if you wish.

    Domain controller: Refuse machine account password changes

    Also keep an eye on startup repair!

  8. #8

    Join Date
    Oct 2012
    Posts
    9
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Have you tried observing what is going on with a packet capture from another wireless device in range in monitor mode?
    You should be able to observe the EAPOL / EAP exchange to see if the device can successfully authenticate to the network. And if not, what is actually going on.
    You can use Wireshark on the RADIUS server to capture the traffic there too for analysis.
    There is also tracing that can be performed via netsh on the client which could help you out.

    If you're using a machine digital certificate, it is, as far as I am aware, unrelated to the validity of the machine's domain password.

    Nick
    Last edited by nicklowe; 6th February 2014 at 03:42 PM.

  9. #9
    HCC
    HCC is offline
    HCC's Avatar
    Join Date
    Jan 2009
    Location
    East Sussex
    Posts
    117
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    12
    You should be using a machine digital certificate with auto enrolment.
    eh? I am using computer auto-enrolment, in group policy with a CA.

  10. #10
    HCC
    HCC is offline
    HCC's Avatar
    Join Date
    Jan 2009
    Location
    East Sussex
    Posts
    117
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    12
    OK, so I looked into the policy and I am using PEAP and MSChapv2 and only computer auth. As per Authentication may not succeed when you use PEAP-MS-CHAP-v2 as the authentication method for an 802.1X connection in Windows Vista, Windows XP, Windows Server 2003, and Windows 2000 looks like the computer password expiry is causing the problem. I can't change to user & comp security as it would allow any student access. Interesting that Windows 7 isn't listed in the support article as I've seen it on windows 7 as well.

    I think I'm going to have to change to EAP-TLS, but I'm going to put that off until I upgrade the 2003 RADIUS server and CA to 2012, and have to set it all up again anyway.

  11. #11
    atamakosi's Avatar
    Join Date
    Jun 2011
    Posts
    107
    Thank Post
    7
    Thanked 11 Times in 9 Posts
    Rep Power
    14
    My school has experienced the same issues with all our netbooks for years. The only solution I found was to, every few weeks, hardwire them and force the updates. This seemed to help the "no logon servers" issue.

    I'm revisiting these machines as the staff are becoming less and less patient with them. The time it takes to login and then attempt to open Office has become too much. I'm toying with the idea that the settings for the wireless network might be a cause of this issue. Not to hijack the thread but has anyone else had really long login times and has changing the authentication/encryption helped? i.e. switch from 802.1x EAP with WPA2-AES to just 802.1x EAP, open?

SHARE:
+ Post New Thread

Similar Threads

  1. RADIUS and access problem.......
    By barkat3685 in forum Windows
    Replies: 0
    Last Post: 15th May 2013, 07:33 PM
  2. Dell 510 laptops and Firewire problems
    By tosca925 in forum Hardware
    Replies: 0
    Last Post: 24th November 2006, 11:07 PM
  3. Wireless Keyboard and Mouse
    By EL_S in forum Hardware
    Replies: 11
    Last Post: 6th July 2006, 06:32 PM
  4. Portable wireless laptops and trolleys
    By alexknight in forum Hardware
    Replies: 14
    Last Post: 17th November 2005, 03:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •