Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Laptops Unable to access domain.

: Hello all!

We have a several cisco 4400 wireless controllers and a cisco WLC. All clients autheticate to an AAA server. Acces points are cisco LWAP 1242. Security is PEAP TKIP ms-chap. Machine and user authetication.
Settings are pushed out through grou policy. A new user can log on to a laptop (without cached credetials) and get all their network settings....most of the time. Randomly we have laptops that after being restarted, recieve "yourdomain.com is not availalbe" error message. The laptops will work fine for weeks and then random laptops start to get this error. If we wire them into the network, run a gpupdate, they logon fine. Shutdown, unplug, and the wireless works fine again.. I am not sure if this is an ms group policy issue or a wireless issue. Has any one experienced this or have any idea of a setting change or a gp setting that I may have missed??

Clients are mostly windows 7 some XP

Domain Windows 2008r2

ACS 4.2

Group policy settings - wifi config settings enabled and configured correctly

Always wait for network enabled.
allow fast reconnect disabled (was recommended by a cisco tech)

Disabled computer passwords for domain about 2 months ago to see if the computers reseting their passwords were an issue.

Any help or advice is greatly appreciated.

8 REPLIES
Hall of Fame Super Silver

Laptops Unable to access domain.

Are you able to isolate the issue with either machine or user authentication issues or are you doing both?  I know that in Windows 7, you can enable SSO so that the the Windows 7 will connect to the wireless before prompting for the login.

-Scott
*** Please rate helpful posts ***
New Member

Laptops Unable to access domain.

Hey Scott....

We are doing both.  I am assuming it's a machine authentication issue since it seems like the machine doesn't authenticate to the domain to allow the users to authenticate.

I haven't tried the SSO with windows 7. That is something I can give a shot, but I still have issues with some XP clients. all though they seemed to have declined since we disabled computer passwords in group policy.

Hall of Fame Super Silver

Re: Laptops Unable to access domain.

Windows XP has a registry hack for machine auth, but it's not 100%. The problem I have seen is the login scripts and drive mapping failing when users are on the wireless and not wired. The SSO has helped and in other senerio's, my clients have done workarounds to get the scrips working.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: Laptops Unable to access domain.

we see that too occasionally. If a user has cached credtials, their drives won't pop or printers don't install, a quick logoff and back on usually does the trick, but the domain unavailable is driving me nuts. The laptop will work spot on for several weeks, and then just stop. Which made me try the route of disabling the computer passwords. I have also recently tried making the netlogon service dependant on the wlan services..... but not sure how that is working since like I said above, a laptop will work for awhile and then have the issue.

We are school district and have about 1200 laptops through out the district. 600 of them located in our High School. We have access points in about every other classroom.

thanks for your replies. Greatly appreciated. I am going to test out the SSO on the windows 7 clients over the holidays.

Thanks for the replies..... anything else that comes to mind is greatly appreciated.

Tim

Hall of Fame Super Silver

Re: Laptops Unable to access domain.

You are using windows zero for the wireless correct? There is no other installed supplicant?

-Scott
*** Please rate helpful posts ***
New Member

Re: Laptops Unable to access domain.

Correct.

Laptops Unable to access domain.

3 Things I would check first to make sure your not hitting any of these issues.

#1) If you are using WPA Encryption make sure AES option is disabled on the controller.

#2) Check the time settings on the laptops I have seen the laptop time cause issues when it connects via the wireless

#3) check the order of the wirelss networks in the windows zero config make sure your desired network is at the top.

These are all things I have seen cause this type of random behavior.

Does the ACS logs show the computer trying to authenticate when it stops working?

Re: Laptops Unable to access domain.

3 Things I would check first to make sure your not hitting any of these issues.

#1) If you are using WPA Encryption make sure AES option is disabled on the controller.

#2) Check the time settings on the laptops I have seen the laptop time cause issues when it connects via the wireless

#3) check the order of the wirelss networks in the windows zero config make sure your desired network is at the top.

These are all things I have seen cause this type of random behavior.

Does the ACS logs show the computer trying to authenticate when it stops working?

689
Views
0
Helpful
8
Replies