Questions

Windows 7, WPA2-Enterprise, can't authenticate to domain

Tags:
+
0 Votes
Locked

Windows 7, WPA2-Enterprise, can't authenticate to domain

brian
Greetings,

We are currently rolling out Windows 7 to a large number of workstations, including wireless devices. Some of our laptops are used only on a once-a-month basis by physicians. The remainder of the time, the laptops are locked up in a cabinet.

Our issue is that we cannot connect to the domain wirelessly the first time a user logs into a laptop. It appears that the credentials have to cached on the local machine before they can log on wirelessly. The error we get is, "no logon server available".

It simply would not be practical to have every possible physician physically log into every laptop with a wired connection prior to using them wirelessly. We never had this issue with Windows XP because we used the Lenovo ThinkVantage tool which evidently connected and authenticated to the WAP/domain before the Windows logon even came up.

What needs to happen to allow first-time users to log in wirelessly? Unfortunately, I can't offer much information regarding policies server configuration as I don't work in administration.

Thanks much!
  • +
    1 Votes
    CG IT

    It's a quirk of Windows 7 that you have to include the domainname in the "append suffix" in advanced TCP/IP settings / DNS for the network card [wired or wireless].

    +
    0 Votes
    brian

    That did it, thanks much!

    +
    0 Votes
    jrbarnes

    It wasn't a rollout of new windows 7 images, however. We had several classrooms of laptops and multiple instructor laptops configured for our old SSIDs. We needed to prepare them for the new SSID, so prior to rollout out our new wireless config we created a GPO with a wireless profile that primed all the machines for the new network. Alternatively, if you are upgrading everyone to Windows 7, why not configure the wireless in the base image prior to deployment?

    Edit: I just re-read your issue. We had the same issue as well. It's sort of a catch-22, where you need to authenticate the wireless to connect to the domain, but you can't connect to the domain until you authenticate the wireless. We created a network policy that allows domain computers to connect to the wireless, and when a user logs in it switches from computer auth to user auth.

  • +
    1 Votes
    CG IT

    It's a quirk of Windows 7 that you have to include the domainname in the "append suffix" in advanced TCP/IP settings / DNS for the network card [wired or wireless].

    +
    0 Votes
    brian

    That did it, thanks much!

    +
    0 Votes
    jrbarnes

    It wasn't a rollout of new windows 7 images, however. We had several classrooms of laptops and multiple instructor laptops configured for our old SSIDs. We needed to prepare them for the new SSID, so prior to rollout out our new wireless config we created a GPO with a wireless profile that primed all the machines for the new network. Alternatively, if you are upgrading everyone to Windows 7, why not configure the wireless in the base image prior to deployment?

    Edit: I just re-read your issue. We had the same issue as well. It's sort of a catch-22, where you need to authenticate the wireless to connect to the domain, but you can't connect to the domain until you authenticate the wireless. We created a network policy that allows domain computers to connect to the wireless, and when a user logs in it switches from computer auth to user auth.