Re: Wireless network w/ SBS

Hopefully Owen will have an answer for this. Here's some info that may be
relevant, or at least relevant to a conversation Owen and I have been having
offline about this.

I rebooted a wireless client PC that does not have a wired connection. From
my desktop, I can ping that PC by name and IP, so it's definitely getting an
IP address from DHCP.

Without having logged in, I tried to remotely manage the wireless client, to
connect over RDP, and to execute a command using psexec. All failed.

I logged into the laptop and checked the Windows Firewall. It was using the
non-domain settings. With non-domain settings, remote access is blocked,
which explains all of the failures in the previous paragraph.

I set the Network Location Awareness service to Automatic startup and
rebooted the wireless PC. At that point, everything works including RDP and
remote management. This tells me that the laptop is applying group policy
before it knows it's connected to the domain. I suppose that could be
because it takes longer to establish the wireless connection, but I suspect
it's just that NLA isn't starting soon enough, and setting it to Automatic
remedies that. That's a problem I've seen on several desktops as well. If
you're interested in how this interesting technology works, see
http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx

So in summary, the wireless client should function just like a wired client.
If it doesn't, log in and check the firewall. If it's using the non-domain
settings, change the startup type for NLA to Automatic. Unfortunately, that
doesn't answer Robert's problem with DHCP. Owen?

"Robert R Kircher, Jr." <rkircher@xxxxxxxxxxxxxxxx> wrote in message
news:e1q08XT$GHA.396@xxxxxxxxxxxxxxxxxxxxxxx
One other thing and maybe I'm just not understanding things.

The WAP/RADUIS/Connection all is working just fine, but only when the user
is logged in. If for example the PC is rebooted it will not acquire an IP
address until someone logs in. The prevents access to the PC until a user
is logged into the system. Although I haven't had time to test it yet, I
can't see how computer level profiles will work either.

What I'm really in need of is the PC to acquire and maintain its wireless
connection even if a user is not logged on. Am I misunderstanding
something? Or is something still not correct with my config?

--

Rob
"A disturbing new study finds that studies are disturbing"



"Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:%23JzWe4R$GHA.924@xxxxxxxxxxxxxxxxxxxxxxx
Make sure that in your WAP, you have Authentication set to port 1812 and
Accounting set to 1813. Apparently this error is indicating that IAS
received an Accounting packet on 1812.


"Robert R Kircher, Jr." <rkircher@xxxxxxxxxxxxxxxx> wrote in message
news:egJfFjR$GHA.1560@xxxxxxxxxxxxxxxxxxxxxxx
Owen,

Thanks again for you help. The WAP arrived today and I believe I have
it set up as per your instructions, however, I am receiving the
following error in my server logs

Source IAS
Event ID: 16

A RADIUS message with the Code field set to 4, which is not valid, was
received on port 1812 from RADIUS client NameWAP1. Valid values of the
RADIUS Code field are documented in RFC 2865.

Any ideas?

--

Rob
"A disturbing new study finds that studies are disturbing"



"Owen Williams [SBS MVP]" <Owen@xxxxxxxxxxxxxxxxxx> wrote in message
news:MPG.1fb14240809811619896cc@xxxxxxxxxxxxxxxxxxxxx
In article <OCCdKfJ$GHA.2300@xxxxxxxxxxxxxxxxxxxx>,
rkircher@xxxxxxxxxxxxxxxx
says...

A revised doc? Now you tell me after I spent my afternoon going over
your
current doc and configuring my server. ;-)

Not to worry - the updates are minor for your situation.

I have a AP due tomorrow that
should work and if I can get it to work I'm just going to go that way.

Good choice - I think you will be pleased with the result.

BUT, I am now confused. Using my current equipment and WPA PSK I can't
get
my wireless card to acquire an IP address until after the user is
logged on.
I assume that the key is stored within the users profile and isn't
passed to
the AP until after the user logs in. But if I read you post correctly
you
are saying that I should be able to set it up so the key is passed
before
the user logs on and therefore acquire an IP and gain access to pre
logged
in things like GP?

What am I missing.

OK, even though you expect to go the RADIUS route, let's pursue this a
bit in
case it might help others. You will need to bear with me. I have not
used a
non-RADIUS wireless configuration with an SBS network for almost 2
years. I
still use WPA-PSK with my peer-to-peer network clients. But in those
cases a
wireless router is providing DHCP services. Router-based DHCP is
possible but
not recommended with SBS. It can be a bit tricky to set up and is not
as
manageable as using SBS DHCP.

First, if this is a 2-NIC SBS, the WAP _must_ be connected to the
LAN-side, not
to the Internet-side. If you are using a wireless router rather than a
true
WAP, you must disable DHCP on the router and you must NOT use its "WAN"
or
"Internet" Ethernet jack, only the LAN jack(s).

From here on, all of the steps apply to the wireless PC(s), not the
server.

If there is a wireless NIC utility, verify it is configured to "Use
Windows to
configure my wireless network" or something similar. The exact wording
and
location varies by vendor, so you may need to poke around a little.
You may
need to restart the computer for this change to be effective.

Verify the Windows "Wireless Zero Configuration" service is set to a
startup
type of "Automatic" and is started.

In "Network Connections," open the Properties page of the wireless NIC
and
click the "Wireless Networks" tab. Verify "Use Windows to configure my
wireless network settings" is checked. Under "Preferred networks"
click the
SSID of the WAP servicing your SBS network. If necessary, click the
[Move up]
button until it is at the top. (While not strictly required, consider
removing
other SSIDs for now.) With your SSID selected, click [Properties].

On the Authentication tab, everything may be greyed-out. But
"Authenticate as
computer when computer information is available" should be checked.

On the Connection tab, "Connect when this network is in range" should
be
checked.

[OK] as needed to close all the boxes. Restart the computer. When you
login,
see if normal startup processing occurs. Please report back your
results!

-- Owen Williams [SBS MVP]








.