Re: WireleSs domain user logon problems
- From: "zuke" <lgilmore@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 8 Nov 2005 10:43:54 -0800
Hello,
There soes not appear to be any lataer rsvisions thatn a MAy 26, 2004
driver. The chip is an Atheros 5004G. The only opnion I've found is John
Dvorak in PC MAG, that Toshiba is using it "...is not a good sign," which
ic not exactly positive. In anycase, I'venthe latest driver. Maybe an older
one would be better?
The really peculiar thing is that I can create and delete the computer
account in Active Directory from this same notebook, using a domain admin
account that then cannot logon as an AD user to the same notebook. They
always get the following message: "The system cannot log you on now because
the domain X is not available." Generally this is a network connetivity
issue, but generally also prevents one from adding or deleting the computer
account in AD. On the same notebook, everything works fine using the Realtek
wired connection.
Regards,
Zuke
"Andrew Story" <andrewDOTstoryATjameswalkerDOTbiz> wrote in message
news:OrxpfgF5FHA.3136@xxxxxxxxxxxxxxxxxxxxxxx
> I've seen this behaviour before.
>
> A way that I got around it was (depending on manufacturer of Wireless NIC
> you have this may/maynot work) was to update the driver to a revision that
> support pre-logon authentication and configure. This initialises the
> Wireless NIC's software when you logon to Windows, which in turn renews Ip
> address/contacts DC etc.
>
> HTH, Andrew.
>
> "Ken Zhao [MSFT]" <v-kzhao@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:pT8HeWD5FHA.652@xxxxxxxxxxxxxxxxxxxxxxxx
>> Hello Zuke,
>>
>> Thank you for using newsgroup!
>>
>> From your post, a domain user is not able to logon AD via wireless
>> connection on a laptop. Based on your situation, could you help me
>> collect
>> a screen shot of the error message so that I can perform further
>> research?
>>
>> To take a screen shot:
>> ---------------------
>> 1. Press the Pr Scrn key once on the keyboard when the error message
>> appears.
>> 2. Click Start, go to Run, enter MSPAINT in the open dialog box, and then
>> Click OK.
>> 3. Use Ctrl + V to paste the screenshot to the canvas.
>> 4. From the File menu, go to Save and save it as a JPG file.
>> 5. Send the JPG file to me as an attachment.
>> My mailbox: v-kzhao@xxxxxxxxxxxxx
>>
>> At this moment, I am not sure if you are encountering this kind scenario
> as
>> below:
>>
>> Actually, in some cases, if the wireless connection will not be
>> established, the domain authentication will not be performed when you
> logon
>> to AD via wireless connection. Based on the scenario, if you wait for few
>> minutes, and then the wireless connection will have been established, and
>> then you logon the machine, domain authentication should be performed.
>> According to the scenario, we think the issue should be related to the
>> wireless connection establishing. If the wireless connection is able to
>> be
>> established between the wireless card and the wireless Access Point or
>> wireless router quickly, when you logon domain, the authentication will
>> be
>> performed properly.
>>
>> In addition, I agree with Steve's (MVP) suggestions. You may logon with
> the
>> user account by using network cable to create a cached logon credential.
>> When you logon domain with wireless connection next time, it will use the
>> cached logon credential. After the wireless network adapter initializes,
>> the wireless connection will not be established. You will be able to
> access
>> domain resources.
>>
>> For related information about Local Security Policy, you may refer to the
>> steps:
>> 1. Click Start\Run and type secpol.msc to open Local Security Policy
> window.
>> 2. Navigate to Local Policies\Security Options\
>> 3. In the right pane, you will find the following option about the number
>> of cached logons:
>> Interactive logon: Numbers of previous logons to cache
>>
>> I hope the explanation and information can address your concern. If your
>> scenario is different form the situation above, please feel free to let
>> me
>> know.
>>
>> More references:
>> ===================
>> 826239: Small Delay in Logon to Network When You Use a Wireless Network
>> Connection
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;826239
>>
>> 822725: 60-second to 120-second delay occurs in user authentication when
>> you log on to Windows XP in a wireless network
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;822725
>>
>> 870974: You may not successfully log on to a domain by using a roaming
>> profile when you use a wireless connection in Windows XP
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;870974
>>
>> Define 802.1X authentication for wireless networks on a client computer
>>
> <http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
>> erHelp/fe1d12a1-650a-4006-b389-e1f4ea68b991.mspx>
>>
>> Define 802.1X authentication for wireless networks in Group Policy
>>
> <http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
>> erHelp/5506eeef-9e91-4cab-8e1e-3efb504d1b47.mspx>
>>
>> Thanks & Regards,
>>
>> Ken Zhao
>>
>> Microsoft Online Partner Support
>> Get Secure! - www.microsoft.com/security
>>
>> =====================================================
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>> =====================================================
>> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>>
>>
>>
>>
>> --------------------
>> | From: "zuke" <lgilmore@xxxxxxxxxxxxxxxxxxxxxxxxx>
>> | Subject: WireleSs domain user logon problems
>> | Date: Mon, 7 Nov 2005 14:47:26 -0800
>> | Lines: 46
>> | X-Priority: 3
>> | X-MSMail-Priority: Normal
>> | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>> | X-RFC2646: Format=Flowed; Original
>> | Message-ID: <uFvs60#4FHA.3292@xxxxxxxxxxxxxxxxxxxx>
>> | Newsgroups: microsoft.public.win2000.active_directory
>> | NNTP-Posting-Host: w160.z064002063.sjc-ca.dsl.cnc.net 64.2.63.160
>> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
>> | Xref: TK2MSFTNGXA01.phx.gbl
>> microsoft.public.win2000.active_directory:35495
>> | X-Tomcat-NG: microsoft.public.win2000.active_directory
>> |
>> | I cannot log onto a AD wirelessly. I can join the computer to the
>> domain
>> and
>> | make a computer account, unjoin the domain, and join again wirelessly,
>> but
>> | the user cannot log on. At the logon screen the complaint is "...domain
>> | unavailable." Event viewer shows domain controller can't be found (but
> I
>> | can join the computer to the domain using an admin logon account that
>> then
>> | cannot log onto the AD from this computer which I had just used to
> create
>> it
>> | own account in AD over the wire). I am using an Atheros chip in a
>> Toshiba
>> | Satallite and a Linksys WRT54G with WPA/AES. Everything is statically
>> | addressed (no DHCP).
>> |
>> | There is a thread with several posting on this issue in the newsgroup
>> | public.win2000.security: with the subject "Domain unavailable for some
>> | logins"
>> |
>> | The final post by the MVP is copied below:
>> |
>> | "The info shown in the reports generated for netdiag contain all the
> info
>> | that is included in ipconfig /all. Your reports all look great in that
> the
>> | domain controllers and domain clients are configured correctly and
>> | communicating with each other [well at least after startup] . I believe
>> the
>> | problem is your wireless network. What happens is that wireless network
>> | cards often do not initialize fast enough at startup to have network
>> | connectivity and contact a domain controller. One solution to fix the
>> | problem is to have the users that need to logon to the computer do so
> when
>> | it is connected to the network by cable. That should create a cached
> logon
>> | for that user and by default a domain computer can store 10 cached
> logons.
>> | This behavior is a security option controlled in Local Security Policy
>> under
>> | local policies/security options - number of previous logons to cache.
> Once
>> | the user has a cached logon he can logon via the wireless network via
> the
>> | cached logon and then after the wireless network adapter initializes it
>> will
>> | have network connectivity and the user will be able to use domain
>> resources.
>> |
>> | Beyond that you could contact the manufacturer of your wireless
> equipment
>> | and ask them if they have any solution which could be a driver upgrade
> or
>> a
>> | registry change for the wireless adapter or you may be stuck with
>> | performance as is. There may be particular brand of wireless network
>> | adapters that work better in an Active Directory domain environment but
> I
>> | can't recommend any based on my experience. You might also want to post
> in
>> | the Active_directory newsgroup with a topic along the lines of
>> "wireless
>> | domain user logon problems" to see if anyone there has any
> recommendations
>> | or experience with that problem. --- Steve"
>> |
>> | ANY SUGGESTIONS WOULD BE WELCOME,
>> | ZUKE
>> |
>> |
>> |
>>
>
>
.
- References:
- WireleSs domain user logon problems
- From: zuke
- RE: WireleSs domain user logon problems
- From: Ken Zhao [MSFT]
- Re: WireleSs domain user logon problems
- From: Andrew Story
- WireleSs domain user logon problems
- Prev by Date: Windows 2003 AD and Authentication Domains
- Next by Date: Re: DDNS ok with Jetdirect HP??
- Previous by thread: Re: WireleSs domain user logon problems
- Next by thread: SOLUTION
- Index(es):
Relevant Pages
|
|
