Security, WIDS/WIPS and Aruba ECS

Reply
Regular Contributor I
Posts: 179
Registered: ‎08-29-2008

Group Policy Deployment: IP traffic stops after 15 mins

CONFIGURATION:


  • I'm using Microsoft Server 2003 with the Group Policy schema extended to allow Server 2008 Group Policy Object (GPO) wireless extensions.

  • I've configured the GPO to automatically configure Window's wireless client to connect to a specific wireless network based upon Laptop's Active Directory (AD) Object's Container.

  • I use Windows Internet Authentication Service (IAS) and 802.1x authentication to allow access to the wireless network based upon User's AD Object's group membership.

  • I have over 2000 users accessing the wireless network at this location.



PROBLEM:The laptops lose IP conductivity exactly 15 mins after authentication. (our default GPO update refresh time)

TEMP FIX:


  • I've changed the GPO to only refresh on Login.

  • This change only works if there are less than 500 users accounts in the "Wireless Group".

  • I've made multiple groups linked to multiple IAS "Remote Access Policies" to make this work.



DESIRED FIX:


  • I would like to be able to have just one "Wireless Group" and one "Remote Access Policy" for ease of management.


Please share what you have done to use GPO's to configure clients and grant access via AIS, and whether there is a easier way to make this work?

Thanks!
Guru Elite
Posts: 21,031
Registered: ‎03-29-2007

Lose Connectivity

WorlisMan,

When the laptops lose connectivity, is it because the Wireless Windows configuration is somehow removed from the laptop? Is it possible that you have conflicting GPOs? Do a "gpresult" on a laptop before and after a failure to see exactly what policies are being pushed or removed from laptops. Also, is the reason why you extended the schema is to do WPA2?

What you described should be doable with your setup.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 179
Registered: ‎08-29-2008

Re: Group Policy Deployment: IP traffic stops after 15 mins

Greetings cjoseph

I believe what is happening is when the GPO updates, there is just enough of a break in communication with the AP that the encrypted tunnel loses its keys. I don't know how to confirm this, but the laptop still is associated with the AP but all IP traffic ceases.

No, there is just this one GPO. Eventually I will have multiple GPOs automatically setting up the clients for me.

I have run gpresults after the problem but not before, I'll give that a try and see if what the differences are.

Yes, I had to extend the schema to utilize WPA2.

Thanks cjoseph for the reply :)
Guru Elite
Posts: 21,031
Registered: ‎03-29-2007

logs.tar

Also,

Grab the logs.tar for that controller so that we can see what is happening on the controller side of things. You also might want to try to "show auth-tracebuf" command (https://airheads.arubanetworks.com/forum/cotd-show-auth-tracebuf) and start user debugging on the controller (config t> logging level debug user) to collect more datapoints. I'm not sure if reapplying the GPO for wireless computers would cause such an outage, but it would be interesting if it does.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 179
Registered: ‎08-29-2008

Re: Group Policy Deployment: IP traffic stops after 15 mins

Thanks for the suggestion cjoseph, I'll pull the information and get back with you.
Regular Contributor I
Posts: 179
Registered: ‎08-29-2008

Re: Group Policy Deployment: IP traffic stops after 15 mins

Well I tried to replicate this problem with my test env. but it is working as it should. I'm not sure if I need to use the live system but I can't afford to change its configuration right now. :confused:

I will keep in mind the suggestions and post back any insight or issues when I'm able to test it against the live system.

Thanks!
New Contributor
Posts: 3
Registered: ‎01-13-2009

Re: Group Policy Deployment: IP traffic stops after 15 mins

Did you happen to resolve this? I am running into a few clients that are having issues with loss of IP connectivity until rebooted even though it shows that the wireless client is associated.

Curious.

-Bret
Regular Contributor I
Posts: 179
Registered: ‎08-29-2008

Re: Group Policy Deployment: IP traffic stops after 15 mins

With out doing a thing, the issue corrected itself.

I believe it was a problem with Active Directory Synchronization, but I can't prove it. :confused:
Search Airheads
Showing results for 
Search instead for 
Did you mean: