+ Post New Thread
Results 1 to 7 of 7
Wireless Networks Thread, Ruckus, domain not available and EAP-TLS in Technical; We're running a Ruckus wireless system here and although generally very happy with it we find the Windows XP (SP3) ...
  1. #1
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,386
    Thank Post
    125
    Thanked 97 Times in 66 Posts
    Rep Power
    31

    Ruckus, domain not available and EAP-TLS

    We're running a Ruckus wireless system here and although generally very happy with it we find the Windows XP (SP3) clients regularly fail to connect with the error '<domain> not available'

    This is running WPA2-AES with Radius and computer authentication. As we have lots of netbooks/laptops this is a fairly frequent and annoying problem. It can always be fixed by hard wiring the netbook, running GPUpdate and then rebooting so its not an issue with the wireless side.

    So, I'd like to try and set this up to use client certificates (EAP-TLS) to remove any issues with the XP client losing settings. I've got auto enrollment on and the clients show a valid certificate from our internal CA. I've set the wireless connection to use 'Smart card or other certificate' and specified the CA in the server list. The clients can see the WLAN but always fail to connect with the error 'Windows cannot find a certificate to log you on..' which is where it all falls apart!

    I can see the local machine certificate and thats fine, the CA is fine and the wireless is fine. So can XP SP3 copy with EAP-TLS or am I just stuck with the problem?

    I've already check MS article 929847 and set the AuthMode to computer authentication only but thats made no difference!

    Edit: I've just found the following error being logged in the IAS server:
    'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider'

    I've checked on the IAS server and our CA is in the Trusted Root CA list and has 4 years before expiry!
    Last edited by Sheridan; 24th October 2011 at 10:43 AM.

  2. #2
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,484
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    Quote Originally Posted by Sheridan View Post
    We're running a Ruckus wireless system here and although generally very happy with it we find the Windows XP (SP3) clients regularly fail to connect with the error '<domain> not available'
    This is an XP issue due to wireless and wired auth not being synchronised with the netlogon service. You can add a delay before netlogon gives up trying to get the policy but it only helps a little. I doubt the certificates will help as the services will still start in the wrong order.

    Microsoft fixed it in Vista onwards but have no plans to do the same with XP. You will probably find it is worse on the faster machines due to the services starting more quickly.

  3. #3
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,386
    Thank Post
    125
    Thanked 97 Times in 66 Posts
    Rep Power
    31
    That would explain why the Win7 netbooks don't have the problem!

  4. #4
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,484
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    Quote Originally Posted by Sheridan View Post
    That would explain why the Win7 netbooks don't have the problem!
    I was using 802.1x wired auth, it got bad enough to move everything to Vista for a year before going to 7!

  5. #5
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,484
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114

  6. #6
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,386
    Thank Post
    125
    Thanked 97 Times in 66 Posts
    Rep Power
    31
    Ah I've already got that registry patch in place - it didn't seem to make much difference. Its such a random occurence but we can have anything from 1 to 10 of these fail at any one time. Its a right pain and I can't believe MS haven't patched it. I thought using EAP-TLS might help but I might be better looking to move to Win7

  7. #7
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,386
    Thank Post
    125
    Thanked 97 Times in 66 Posts
    Rep Power
    31
    Has anyone got EAP-TLS working in this sort of environment? I would like to try it out at least to rule it out!

SHARE:
+ Post New Thread

Similar Threads

  1. Wireless Laptops - Domain not available
    By mitchell1981 in forum Wireless Networks
    Replies: 10
    Last Post: 18th November 2010, 10:51 AM
  2. Replies: 3
    Last Post: 12th February 2010, 02:42 PM
  3. Preventing Logon when domain not available
    By Gibbo in forum How do you do....it?
    Replies: 3
    Last Post: 27th November 2008, 02:52 PM
  4. Replies: 12
    Last Post: 15th June 2007, 12:01 PM
  5. primary wins server not available
    By Uraken in forum Wireless Networks
    Replies: 3
    Last Post: 2nd March 2007, 09:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •