RE: WireleSs domain user logon problems
- From: v-kzhao@xxxxxxxxxxxxxxxxxxxx (Ken Zhao [MSFT])
- Date: Tue, 08 Nov 2005 07:25:33 GMT
Hello Zuke,
Thank you for using newsgroup!
>From your post, a domain user is not able to logon AD via wireless
connection on a laptop. Based on your situation, could you help me collect
a screen shot of the error message so that I can perform further research?
To take a screen shot:
---------------------
1. Press the Pr Scrn key once on the keyboard when the error message
appears.
2. Click Start, go to Run, enter MSPAINT in the open dialog box, and then
Click OK.
3. Use Ctrl + V to paste the screenshot to the canvas.
4. From the File menu, go to Save and save it as a JPG file.
5. Send the JPG file to me as an attachment.
My mailbox: v-kzhao@xxxxxxxxxxxxx
At this moment, I am not sure if you are encountering this kind scenario as
below:
Actually, in some cases, if the wireless connection will not be
established, the domain authentication will not be performed when you logon
to AD via wireless connection. Based on the scenario, if you wait for few
minutes, and then the wireless connection will have been established, and
then you logon the machine, domain authentication should be performed.
According to the scenario, we think the issue should be related to the
wireless connection establishing. If the wireless connection is able to be
established between the wireless card and the wireless Access Point or
wireless router quickly, when you logon domain, the authentication will be
performed properly.
In addition, I agree with Steve's (MVP) suggestions. You may logon with the
user account by using network cable to create a cached logon credential.
When you logon domain with wireless connection next time, it will use the
cached logon credential. After the wireless network adapter initializes,
the wireless connection will not be established. You will be able to access
domain resources.
For related information about Local Security Policy, you may refer to the
steps:
1. Click Start\Run and type secpol.msc to open Local Security Policy window.
2. Navigate to Local Policies\Security Options\
3. In the right pane, you will find the following option about the number
of cached logons:
Interactive logon: Numbers of previous logons to cache
I hope the explanation and information can address your concern. If your
scenario is different form the situation above, please feel free to let me
know.
More references:
===================
826239: Small Delay in Logon to Network When You Use a Wireless Network
Connection
http://support.microsoft.com/default.aspx?scid=kb;en-us;826239
822725: 60-second to 120-second delay occurs in user authentication when
you log on to Windows XP in a wireless network
http://support.microsoft.com/default.aspx?scid=kb;en-us;822725
870974: You may not successfully log on to a domain by using a roaming
profile when you use a wireless connection in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;870974
Define 802.1X authentication for wireless networks on a client computer
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
erHelp/fe1d12a1-650a-4006-b389-e1f4ea68b991.mspx>
Define 802.1X authentication for wireless networks in Group Policy
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
erHelp/5506eeef-9e91-4cab-8e1e-3efb504d1b47.mspx>
Thanks & Regards,
Ken Zhao
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "zuke" <lgilmore@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: WireleSs domain user logon problems
| Date: Mon, 7 Nov 2005 14:47:26 -0800
| Lines: 46
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uFvs60#4FHA.3292@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: w160.z064002063.sjc-ca.dsl.cnc.net 64.2.63.160
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.win2000.active_directory:35495
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| I cannot log onto a AD wirelessly. I can join the computer to the domain
and
| make a computer account, unjoin the domain, and join again wirelessly,
but
| the user cannot log on. At the logon screen the complaint is "...domain
| unavailable." Event viewer shows domain controller can't be found (but I
| can join the computer to the domain using an admin logon account that
then
| cannot log onto the AD from this computer which I had just used to create
it
| own account in AD over the wire). I am using an Atheros chip in a
Toshiba
| Satallite and a Linksys WRT54G with WPA/AES. Everything is statically
| addressed (no DHCP).
|
| There is a thread with several posting on this issue in the newsgroup
| public.win2000.security: with the subject "Domain unavailable for some
| logins"
|
| The final post by the MVP is copied below:
|
| "The info shown in the reports generated for netdiag contain all the info
| that is included in ipconfig /all. Your reports all look great in that the
| domain controllers and domain clients are configured correctly and
| communicating with each other [well at least after startup] . I believe
the
| problem is your wireless network. What happens is that wireless network
| cards often do not initialize fast enough at startup to have network
| connectivity and contact a domain controller. One solution to fix the
| problem is to have the users that need to logon to the computer do so when
| it is connected to the network by cable. That should create a cached logon
| for that user and by default a domain computer can store 10 cached logons.
| This behavior is a security option controlled in Local Security Policy
under
| local policies/security options - number of previous logons to cache. Once
| the user has a cached logon he can logon via the wireless network via the
| cached logon and then after the wireless network adapter initializes it
will
| have network connectivity and the user will be able to use domain
resources.
|
| Beyond that you could contact the manufacturer of your wireless equipment
| and ask them if they have any solution which could be a driver upgrade or
a
| registry change for the wireless adapter or you may be stuck with
| performance as is. There may be particular brand of wireless network
| adapters that work better in an Active Directory domain environment but I
| can't recommend any based on my experience. You might also want to post in
| the Active_directory newsgroup with a topic along the lines of "wireless
| domain user logon problems" to see if anyone there has any recommendations
| or experience with that problem. --- Steve"
|
| ANY SUGGESTIONS WOULD BE WELCOME,
| ZUKE
|
|
|
.
- Follow-Ups:
- Re: WireleSs domain user logon problems
- From: Andrew Story
- Re: WireleSs domain user logon problems
- References:
- WireleSs domain user logon problems
- From: zuke
- WireleSs domain user logon problems
- Prev by Date: Re: DNS on DC and problem with MX entrie
- Next by Date: DsBind() failed with error 1722,The RPC server is unavailable
- Previous by thread: WireleSs domain user logon problems
- Next by thread: Re: WireleSs domain user logon problems
- Index(es):
Relevant Pages
|
