Controllerless Networks

Reply
Contributor I

NETLOGON and GPO issues with 802.1x

Hello,

 

I have an issue with a ClearPass implementation.

We have ArubaOS switches (5400) and Comware (5510) switches.

It is for wired authentication.

The have HP elite workstations with windows 7.

They are very fast. Full memory I7 core and SSD.

We use EAP-PEAP with User/computer authentication.

We also tried only computer authentication put even worse results.

 

What happens.

The machine boots and performs machine authentication.

If we direct logon when the crtl-alt-delete appears we have an issue.

We have netlogon failer and the GPO’s are not loaded.

If we then logoff and logon everything is fine.

 

If the machine boots and performs machine authentication.

If we then wait 10 seconds when the crtl-alt-delete appears we have no issues and all looks fine.

 

We use

Enable single sign-on for this network

Perform immediately before user logon

 

We also tried all the thinks below

https://support.microsoft.com/en-nz/help/938449/netlogon-event-id-5719-or-group-policy-event-1129-is-logged-when-you-s

 

----------------------------------------------------------------------------------------
Aruba ACCX #749, ACDX #793, ACMP, ACEAP | HPE Master AS

contact: thierry.lubbers@axez.nl
Guru Elite

Re: NETLOGON and GPO issues with 802.1x

Does the client pass authentication?

What do the access tracker messages in ClearPass say?  


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Contributor I

Re: NETLOGON and GPO issues with 802.1x

Hello cjoseph,

 

Yes, from a authentication it all looks fine.

The machine is authenticated and afterwards the user.

We use the same vlan for the machine and the user.

 

So no timeouts or authentication failers.

----------------------------------------------------------------------------------------
Aruba ACCX #749, ACDX #793, ACMP, ACEAP | HPE Master AS

contact: thierry.lubbers@axez.nl
Guru Elite

Re: NETLOGON and GPO issues with 802.1x

Can you ping the ip address of the computer and see how soon after authentication it actually gets an ip address that is pingable?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Contributor I

Re: NETLOGON and GPO issues with 802.1x

I need to check that next time i am at the customer site.

We already installed a new windows DHCP server with no luck.

 

I will place a extra switch that will be a DHCP server for the specifice VLAN and put some test clients in it. 

 

This will be end next week.

 

----------------------------------------------------------------------------------------
Aruba ACCX #749, ACDX #793, ACMP, ACEAP | HPE Master AS

contact: thierry.lubbers@axez.nl
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: