Connecting to a domain wirelessly

Caporegime
Joined
7 Nov 2004
Posts
30,197
Location
Buckinghamshire
Hello

We have an issue at work, where most users who take their laptops home in the evening, and come back into work the next day, cannot log into the domain wirelessly....The only way this can be achieved is if someone logs on with an Admin account, and then the users may be able to log in wirelessly...Wired connections have no issue

Could anyone think why this is? The users laptops are XP, the domain box is hosted on a Windows Server 2008 Standard box...

There must be something which causes this? Or is it a known bug? Or would it be down to group policy? Or due to timeouts etc?

Any help or insight is appreciated :)
 
the wireless does not connect until you log in thats the issue

1) some adapters (intel) have (i think) have a service you can install that connects before the user logs in.

2) possibly allow the passwords to be cached locally so the user can log into the domain even when its not there...

Im guessing this is the issue...
 
the wireless does not connect until you log in thats the issue

1) some adapters (intel) have (i think) have a service you can install that connects before the user logs in.

2) possibly allow the passwords to be cached locally so the user can log into the domain even when its not there...

Im guessing this is the issue...

Hello

Thank you for the reply, was this from a KB article or just something you are thinking of? :)

That is the issue though, the users cannot log in all the time, however admins can...but why does this make a difference? As the Admin account is actually on the domain and not a local account...
 
Hello

Thank you for the reply, was this from a KB article or just something you are thinking of? :)

That is the issue though, the users cannot log in all the time, however admins can...but why does this make a difference? As the Admin account is actually on the domain and not a local account...

I guess the admin accounts are being cached, some policy some where, not done much with 2008 try moving a test account to the same OU as the admins, or block policy's on a test OU....

if you cannot log in to a machine when its not connected to the network on a default 2003 install its password caching... i dont know if there are maybe some other settings on 2008 to disable login if no DC is contactable... (i doubt its a default setting, probably something that you set)..

maybe install a test machine, move to test OU, disable policy's see if it caches passwords and allows people to log in when not conected to the network...
 
Hmm...I really have no idea, its not my network you see, so im still learning it all

I would try one of the other laptops only we have none spare, we have netbooks, but that just worked on my account...So god knows, unless i take over another account and test that

I'll have to have a think...Do you have any idea of that service you was talking about? :)
 
I'll have to have a think...Do you have any idea of that service you was talking about? :)

some wireless cards have a driver that will start as a service to connect before you log in - notice that when you log in to a mchine the wirlesss its NOT connected and takes a few seconds to link up...

this is because windows wireless only starts after you login, but you can use 3rd party utilities to manage the wirerless instead of the windows one... SOME (not all) wireless venders have a utility that runs as a service you will have to look on the venders web site to see...

if you are not in a position to play about with OU's its probably not fixable (unless you happen to have wireless cards in the machines that the vender has their own service type wireless managment program for)
 
Totally wrong, we have 150+ laptops that connect to a Cisco Ap. When the system starts up it connects to the WiFi at the logon screen. If it fails to get a dhcp address or can't find the WiFi SSID then it won't connect.

Right...but why would the admin account (thats on the domain) always connect but the staff accounts not?
 
Totally wrong, we have 150+ laptops that connect to a Cisco Ap. When the system starts up it connects to the WiFi at the logon screen. If it fails to get a dhcp address or can't find the WiFi SSID then it won't connect.

you must have something running as a service then, XP connects to wireless after you log in...

Unless there is some tweak / hack / settings to alter -in which case post it as it will fix OP's issue...
 
some wireless cards have a driver that will start as a service to connect before you log in - notice that when you log in to a mchine the wirlesss its NOT connected and takes a few seconds to link up...

this is because windows wireless only starts after you login, but you can use 3rd party utilities to manage the wirerless instead of the windows one... SOME (not all) wireless venders have a utility that runs as a service you will have to look on the venders web site to see...

if you are not in a position to play about with OU's its probably not fixable (unless you happen to have wireless cards in the machines that the vender has their own service type wireless managment program for)

But if that was the case, I wouldnt be able to log onto the root account, as you need the domain to be available...which it is on the root account
 
you must have something running as a service then, XP connects to wireless after you log in...

Unless there is some tweak / hack / settings to alter -in which case post it as it will fix OP's issue...

Well, according to some posts i have read elsewhere:

If you're using Windows XP, you'll have to use the built-in Wireless Zero configuration utility. Make sure you have the WPA2 patch (machines must have XP SP2 on them first). Wireless Zero is active before logon, but the actual connection to the wireless network is not immediate- it takes about 30 seconds to make a connection. So don't log in as soon as you get the login prompt, because the wireless network connection won't be ready just yet.

It should be working...and as far as I am aware, we use the windows wireless manager (infact im pretty certain) so ill take another look
 
But if that was the case, I wouldnt be able to log onto the root account, as you need the domain to be available...which it is on the root account

machine or user policy that stops non admin accounts (either because they are in different OU's or because they are non-admin) loggin in if no DC is contactable, or possibly stops the passwords getting cached...

needs loads of testing really, (jut thought if its password cacheing logging in as admin would not help)
 
machine or user policy that stops non admin accounts (either because they are in different OU's or because they are non-admin) loggin in if no DC is contactable, or possibly stops the passwords getting cached...

needs loads of testing really, (jut thought if its password cacheing logging in as admin would not help)

i'll have a look at the staff user policy, see if it is active, then check is the staff laptops have a seperate policy (although the latter should be void if one account works...so it 'shouldnt' be a machine policy)

Thanks :)
 
Totally wrong, we have 150+ laptops that connect to a Cisco Ap. When the system starts up it connects to the WiFi at the logon screen. If it fails to get a dhcp address or can't find the WiFi SSID then it won't connect.

I stand corrected!

it would seem you are correct! <assuming the machine is all SP'd up>

IOU 40p...
 
Right...to confirm, if the Admin account log ins, then off, the staff can log in fine...But as soon as they restart etc, they can not log back in until the Admin account logs on

My boss said something about IIS potentially?
 
I stand corrected!

it would seem you are correct! <assuming the machine is all SP'd up>

IOU 40p...

In this case, XP Pro VLK SP3. I just had a quick check on the policy and there is no settings what so ever for WiFi to connect before startup what so ever. We use standard SCCM to deploy workstations, inc laptops. Nothing special about our builds.

We also use App-V for applications so no applications are installed. your talking 4000 odd workstations here.
 
I'm at a loss to be honest...I've looked through group polcies, looked at NPS (IAS) on the server...But its impossible to know what im looking for
 
If possible, hook up the netbook via Ethernet and have the user logon. Unplug the cable and reboot. See if they can then logon without the rigmarole. XP should cache the credentials after logging on via the wired LAN.
 
Back
Top Bottom