Unified Wired & Wireless Access

Reply
Occasional Contributor I
tbitner
Posts: 6
Registered: ‎03-30-2012

Windows 7 automatic authentication not working

Some laptops on our domain have to login to Windows with their FQDN, or their credentials won't pass through the Controller.  For example User1 can't authenticate to the internal 802.1x wireless if he logs in as "domain\user1".  However his credentials will automatically sign him into the wireless if he logs into Windows with user1@domain.com

 

Both sign-in methods are essentially the same and I can't figure why one is being incorrectly passed to the controller.

 

Thanks

Moderator
cjoseph
Posts: 12,898
Registered: ‎03-29-2007

Re: Windows 7 automatic authentication not working

The event viewer or log in the radius server will give you a starting point.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Aruba
clembo
Posts: 1,342
Registered: ‎04-13-2009

Re: Windows 7 automatic authentication not working

What are you using for your Radius server?   On the AD side, is it a single or multi-domain forest?  

 

As Colin mentioned, review of the Radius logs should give an indication as to what is going on.   Post the relavent parts of the log if you would like another set of eyes to have have a look.

------------------------------------------------
Systems Engineer, Northeast USA
ACDX | ACMX | ACCP

Occasional Contributor I
tbitner
Posts: 6
Registered: ‎03-30-2012

Re: Windows 7 automatic authentication not working

We are using a Windows Network Policy Server and AD is a single forest.  The radius logs are showing invalid username/password even though the credentials are correct.  It seems like the area where Windows stores the username/password isn't being read correctly from the wireless unless you login to the laptop as user@domain.com instead of "domain\user".  I'll see if I can get the logs...

 

 

Occasional Contributor I
tbitner
Posts: 6
Registered: ‎03-30-2012

Re: Windows 7 automatic authentication not working

Here is a good authentication from our Radius server:

 

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          4/3/2012 4:55:07 PM
Event ID:      6278
Task Category: Network Policy Server
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      DBPHQNPCM01.dbi.com
Description:
Network Policy Server granted full access to a user because the host met the defined health policy.

User:
                Security ID:                                         DBI\CTest
                Account Name:                                 DBI\CTest
                Account Domain:                                             DBI
                Fully Qualified Account Name: DBI\CTest

Client Machine:
                Security ID:                                         NULL SID
                Account Name:                                 -
                Fully Qualified Account Name: -
                OS-Version:                                       -
                Called Station Identifier:                             000B86116C80
                Calling Station Identifier:                            904CE5E1B571

NAS:
                NAS IPv4 Address:                           10.199.2.26
                NAS IPv6 Address:                           -
                NAS Identifier:                                 -
                NAS Port-Type:                                 Wireless - IEEE 802.11
                NAS Port:                                            0

RADIUS Client:
                Client Friendly Name:                   Aruba-Wireless
                Client IP Address:                                            10.199.2.26

Authentication Details:
                Connection Request Policy Name:          Secure Wireless Connections
                Network Policy Name:                  Secure Wireless Connections
                Authentication Provider:                             Windows
                Authentication Server:                 DBPHQNPCM01.dbi.com
                Authentication Type:                     MS-CHAPv2
                EAP Type:                                            -
                Account Session Identifier:                         -

Quarantine Information:
                Result:                                                  Full Access
                Extended-Result:                                            -
                Session Identifier:                                          -
                Help URL:                                            -
                System Health Validator Result(s):          -

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>6278</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12552</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8020000000000000</Keywords>
    <TimeCreated SystemTime="2012-04-03T20:55:07.395503000Z" />
    <EventRecordID>1288467</EventRecordID>
    <Correlation />
    <Execution ProcessID="464" ThreadID="2148" />
    <Channel>Security</Channel>
    <Computer>DBPHQNPCM01.dbi.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-5-21-1350845867-1362718457-871907280-22725</Data>
    <Data Name="SubjectUserName">DBI\CTest</Data>
    <Data Name="SubjectDomainName">DBI</Data>
    <Data Name="FullyQualifiedSubjectUserName">DBI\CTest</Data>
    <Data Name="SubjectMachineSID">S-1-0-0</Data>
    <Data Name="SubjectMachineName">-</Data>
    <Data Name="FullyQualifiedSubjectMachineName">-</Data>
    <Data Name="MachineInventory">-</Data>
    <Data Name="CalledStationID">000B86116C80</Data>
    <Data Name="CallingStationID">904CE5E1B571</Data>
    <Data Name="NASIPv4Address">10.199.2.26</Data>
    <Data Name="NASIPv6Address">-</Data>
    <Data Name="NASIdentifier">-</Data>
    <Data Name="NASPortType">Wireless - IEEE 802.11</Data>
    <Data Name="NASPort">0</Data>
    <Data Name="ClientName">Aruba-Wireless</Data>
    <Data Name="ClientIPAddress">10.199.2.26</Data>
    <Data Name="ProxyPolicyName">Secure Wireless Connections</Data>
    <Data Name="NetworkPolicyName">Secure Wireless Connections</Data>
    <Data Name="AuthenticationProvider">Windows</Data>
    <Data Name="AuthenticationServer">DBPHQNPCM01.dbi.com</Data>
    <Data Name="AuthenticationType">MS-CHAPv2</Data>
    <Data Name="EAPType">-</Data>
    <Data Name="AccountSessionIdentifier">-</Data>
    <Data Name="QuarantineState">Full Access</Data>
    <Data Name="ExtendedQuarantineState">-</Data>
    <Data Name="QuarantineSessionID">-</Data>
    <Data Name="QuarantineHelpURL">-</Data>
    <Data Name="QuarantineSystemHealthResult">-</Data>
  </EventData>
</Event>

 


 

Occasional Contributor I
tbitner
Posts: 6
Registered: ‎03-30-2012

Re: Windows 7 automatic authentication not working

Here is a bad authentication from our Radius server:

 

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          4/3/2012 5:03:21 PM
Event ID:      6273
Task Category: Network Policy Server
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      DBPHQNPCM01.dbi.com
Description:
Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
                Security ID:                                         NULL SID
                Account Name:                                 DBI\ctest
                Account Domain:                                             DBI
                Fully Qualified Account Name: DBI\ctest

Client Machine:
                Security ID:                                         NULL SID
                Account Name:                                 -
                Fully Qualified Account Name: -
                OS-Version:                                       -
                Called Station Identifier:                             000B86116C80
                Calling Station Identifier:                            904CE5E1B571

NAS:
                NAS IPv4 Address:                           10.199.2.26
                NAS IPv6 Address:                           -
                NAS Identifier:                                 -
                NAS Port-Type:                                 Wireless - IEEE 802.11
                NAS Port:                                            0

RADIUS Client:
                Client Friendly Name:                   Aruba-Wireless
                Client IP Address:                                            10.199.2.26

Authentication Details:
                Connection Request Policy Name:          Secure Wireless Connections
                Network Policy Name:                  -
                Authentication Provider:                             Windows
                Authentication Server:                 DBPHQNPCM01.dbi.com
                Authentication Type:                     MS-CHAPv2
                EAP Type:                                            -
                Account Session Identifier:                         -
                Logging Results:                                               Accounting information was written to the local log file.
                Reason Code:                                    16
                Reason:                                                                Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>6273</EventID>
    <Version>1</Version>
    <Level>0</Level>
    <Task>12552</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2012-04-03T21:03:21.826870900Z" />
    <EventRecordID>1288487</EventRecordID>
    <Correlation />
    <Execution ProcessID="464" ThreadID="2148" />
    <Channel>Security</Channel>
    <Computer>DBPHQNPCM01.dbi.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="SubjectUserSid">S-1-0-0</Data>
    <Data Name="SubjectUserName">DBI\ctest</Data>
    <Data Name="SubjectDomainName">DBI</Data>
    <Data Name="FullyQualifiedSubjectUserName">DBI\ctest</Data>
    <Data Name="SubjectMachineSID">S-1-0-0</Data>
    <Data Name="SubjectMachineName">-</Data>
    <Data Name="FullyQualifiedSubjectMachineName">-</Data>
    <Data Name="MachineInventory">-</Data>
    <Data Name="CalledStationID">000B86116C80</Data>
    <Data Name="CallingStationID">904CE5E1B571</Data>
    <Data Name="NASIPv4Address">10.199.2.26</Data>
    <Data Name="NASIPv6Address">-</Data>
    <Data Name="NASIdentifier">-</Data>
    <Data Name="NASPortType">Wireless - IEEE 802.11</Data>
    <Data Name="NASPort">0</Data>
    <Data Name="ClientName">Aruba-Wireless</Data>
    <Data Name="ClientIPAddress">10.199.2.26</Data>
    <Data Name="ProxyPolicyName">Secure Wireless Connections</Data>
    <Data Name="NetworkPolicyName">-</Data>
    <Data Name="AuthenticationProvider">Windows</Data>
    <Data Name="AuthenticationServer">DBPHQNPCM01.dbi.com</Data>
    <Data Name="AuthenticationType">MS-CHAPv2</Data>
    <Data Name="EAPType">-</Data>
    <Data Name="AccountSessionIdentifier">-</Data>
    <Data Name="ReasonCode">16</Data>
    <Data Name="Reason">Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.</Data>
    <Data Name="LoggingResult">Accounting information was written to the local log file.</Data>
  </EventData>
</Event>


 

Occasional Contributor I
tbitner
Posts: 6
Registered: ‎03-30-2012

Re: Windows 7 automatic authentication not working

UPDATE - I've gotten the "domain\user" to work but only if the LAN cable is disconnected at login.  IF the LAN cable is connected at login, the wireless will never work, so I have to logout, disconnect the CAT5, then log back in then the wireless connects perfectly.  I've tried enabling/disabling the wifi adapter, deleting the wireles network, and it won't connect until I logout.

Regular Contributor I
WorlisMan
Posts: 179
Registered: ‎08-29-2008

Re: Windows 7 automatic authentication not working

In your last post, If your asking if someone knows how to prevent the Wireless Card from turning off when the Ethernet port is being used... some laptops have a Wireless Card Property that disables wireless when it is plugged into an Ethernet drop.

 

For example, my Dell D510 has "Disable Upon Wired Connect" , I have it set to "Disabled" to preventing the wireless card from being turned off.

 

I believe I've also seen this setting in BIOS as well in Power Settings.

Occasional Contributor I
jakersey
Posts: 8
Registered: ‎08-17-2011

Re: Windows 7 automatic authentication not working

I am having similar issues. A laptop docked or plugged in to LAN, when disconnected from either and the wireless then turned on, we can not authenticate. We can logout or logoff, disconnect, power on and then access wireless. The radius server shows invalid user name or password, and attempting to input the password fails and eventually will lock account. I can recreate it with ease. This has only been an issue since an upgrade to Win7 on the laptop. 

Moderator
cjoseph
Posts: 12,898
Registered: ‎03-29-2007

Re: Windows 7 automatic authentication not working


jakersey wrote:

I am having similar issues. A laptop docked or plugged in to LAN, when disconnected from either and the wireless then turned on, we can not authenticate. We can logout or logoff, disconnect, power on and then access wireless. The radius server shows invalid user name or password, and attempting to input the password fails and eventually will lock account. I can recreate it with ease. This has only been an issue since an upgrade to Win7 on the laptop. 


Jakersey,

 

Maybe the Microsoft forum?

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Search Airheads
Showing results for 
Search instead for 
Do you mean