Re: WireleSs domain user logon problems
- From: "Andrew Story" <andrewDOTstoryATjameswalkerDOTbiz>
- Date: Tue, 8 Nov 2005 11:32:36 -0000
I've seen this behaviour before.
A way that I got around it was (depending on manufacturer of Wireless NIC
you have this may/maynot work) was to update the driver to a revision that
support pre-logon authentication and configure. This initialises the
Wireless NIC's software when you logon to Windows, which in turn renews Ip
address/contacts DC etc.
HTH, Andrew.
"Ken Zhao [MSFT]" <v-kzhao@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:pT8HeWD5FHA.652@xxxxxxxxxxxxxxxxxxxxxxxx
> Hello Zuke,
>
> Thank you for using newsgroup!
>
> From your post, a domain user is not able to logon AD via wireless
> connection on a laptop. Based on your situation, could you help me collect
> a screen shot of the error message so that I can perform further research?
>
> To take a screen shot:
> ---------------------
> 1. Press the Pr Scrn key once on the keyboard when the error message
> appears.
> 2. Click Start, go to Run, enter MSPAINT in the open dialog box, and then
> Click OK.
> 3. Use Ctrl + V to paste the screenshot to the canvas.
> 4. From the File menu, go to Save and save it as a JPG file.
> 5. Send the JPG file to me as an attachment.
> My mailbox: v-kzhao@xxxxxxxxxxxxx
>
> At this moment, I am not sure if you are encountering this kind scenario
as
> below:
>
> Actually, in some cases, if the wireless connection will not be
> established, the domain authentication will not be performed when you
logon
> to AD via wireless connection. Based on the scenario, if you wait for few
> minutes, and then the wireless connection will have been established, and
> then you logon the machine, domain authentication should be performed.
> According to the scenario, we think the issue should be related to the
> wireless connection establishing. If the wireless connection is able to be
> established between the wireless card and the wireless Access Point or
> wireless router quickly, when you logon domain, the authentication will be
> performed properly.
>
> In addition, I agree with Steve's (MVP) suggestions. You may logon with
the
> user account by using network cable to create a cached logon credential.
> When you logon domain with wireless connection next time, it will use the
> cached logon credential. After the wireless network adapter initializes,
> the wireless connection will not be established. You will be able to
access
> domain resources.
>
> For related information about Local Security Policy, you may refer to the
> steps:
> 1. Click Start\Run and type secpol.msc to open Local Security Policy
window.
> 2. Navigate to Local Policies\Security Options\
> 3. In the right pane, you will find the following option about the number
> of cached logons:
> Interactive logon: Numbers of previous logons to cache
>
> I hope the explanation and information can address your concern. If your
> scenario is different form the situation above, please feel free to let me
> know.
>
> More references:
> ===================
> 826239: Small Delay in Logon to Network When You Use a Wireless Network
> Connection
> http://support.microsoft.com/default.aspx?scid=kb;en-us;826239
>
> 822725: 60-second to 120-second delay occurs in user authentication when
> you log on to Windows XP in a wireless network
> http://support.microsoft.com/default.aspx?scid=kb;en-us;822725
>
> 870974: You may not successfully log on to a domain by using a roaming
> profile when you use a wireless connection in Windows XP
> http://support.microsoft.com/default.aspx?scid=kb;en-us;870974
>
> Define 802.1X authentication for wireless networks on a client computer
>
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
> erHelp/fe1d12a1-650a-4006-b389-e1f4ea68b991.mspx>
>
> Define 802.1X authentication for wireless networks in Group Policy
>
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
> erHelp/5506eeef-9e91-4cab-8e1e-3efb504d1b47.mspx>
>
> Thanks & Regards,
>
> Ken Zhao
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
>
>
> --------------------
> | From: "zuke" <lgilmore@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | Subject: WireleSs domain user logon problems
> | Date: Mon, 7 Nov 2005 14:47:26 -0800
> | Lines: 46
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> | X-RFC2646: Format=Flowed; Original
> | Message-ID: <uFvs60#4FHA.3292@xxxxxxxxxxxxxxxxxxxx>
> | Newsgroups: microsoft.public.win2000.active_directory
> | NNTP-Posting-Host: w160.z064002063.sjc-ca.dsl.cnc.net 64.2.63.160
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.win2000.active_directory:35495
> | X-Tomcat-NG: microsoft.public.win2000.active_directory
> |
> | I cannot log onto a AD wirelessly. I can join the computer to the domain
> and
> | make a computer account, unjoin the domain, and join again wirelessly,
> but
> | the user cannot log on. At the logon screen the complaint is "...domain
> | unavailable." Event viewer shows domain controller can't be found (but
I
> | can join the computer to the domain using an admin logon account that
> then
> | cannot log onto the AD from this computer which I had just used to
create
> it
> | own account in AD over the wire). I am using an Atheros chip in a
> Toshiba
> | Satallite and a Linksys WRT54G with WPA/AES. Everything is statically
> | addressed (no DHCP).
> |
> | There is a thread with several posting on this issue in the newsgroup
> | public.win2000.security: with the subject "Domain unavailable for some
> | logins"
> |
> | The final post by the MVP is copied below:
> |
> | "The info shown in the reports generated for netdiag contain all the
info
> | that is included in ipconfig /all. Your reports all look great in that
the
> | domain controllers and domain clients are configured correctly and
> | communicating with each other [well at least after startup] . I believe
> the
> | problem is your wireless network. What happens is that wireless network
> | cards often do not initialize fast enough at startup to have network
> | connectivity and contact a domain controller. One solution to fix the
> | problem is to have the users that need to logon to the computer do so
when
> | it is connected to the network by cable. That should create a cached
logon
> | for that user and by default a domain computer can store 10 cached
logons.
> | This behavior is a security option controlled in Local Security Policy
> under
> | local policies/security options - number of previous logons to cache.
Once
> | the user has a cached logon he can logon via the wireless network via
the
> | cached logon and then after the wireless network adapter initializes it
> will
> | have network connectivity and the user will be able to use domain
> resources.
> |
> | Beyond that you could contact the manufacturer of your wireless
equipment
> | and ask them if they have any solution which could be a driver upgrade
or
> a
> | registry change for the wireless adapter or you may be stuck with
> | performance as is. There may be particular brand of wireless network
> | adapters that work better in an Active Directory domain environment but
I
> | can't recommend any based on my experience. You might also want to post
in
> | the Active_directory newsgroup with a topic along the lines of "wireless
> | domain user logon problems" to see if anyone there has any
recommendations
> | or experience with that problem. --- Steve"
> |
> | ANY SUGGESTIONS WOULD BE WELCOME,
> | ZUKE
> |
> |
> |
>
.
- Follow-Ups:
- Re: WireleSs domain user logon problems
- From: zuke
- Re: WireleSs domain user logon problems
- References:
- WireleSs domain user logon problems
- From: zuke
- RE: WireleSs domain user logon problems
- From: Ken Zhao [MSFT]
- WireleSs domain user logon problems
- Prev by Date: Access is denied then I try to delete "krasched" DC
- Next by Date: Delegating Rights
- Previous by thread: RE: WireleSs domain user logon problems
- Next by thread: Re: WireleSs domain user logon problems
- Index(es):
Relevant Pages
|
Loading
