Wireless Access

Good Evening,

I wanted to share an experience with this problem.  First the background:

Windows 7 Enterprise Laptop Clients 30 Per Room 

10 Rooms of this setup

Each Room 2 Aruba AP 105s and 30 T460i Lenovo Laptops with the 6300 Centrino Chipset from Intel

All machines joined to a mixed 2003/2008 Active Directory Domain with about 140,000 User Objects

Controller Environment:

Two of these controller with 2 x10 Gig Connections to each core Nortel 8600 Routing Switch

GigE Connection to the Internet with 3 Way ISP Diversity

DHCP and DNS Supplied by InfoBlox Appliances

Problem:

Student power on the T460i Laptops and when the login screen comes(msgina) immediately try to login

They get "No Logon servers available" or "Cannot establish trust relationship"

Everyone immediately throws up their hands and scream this doesn't work!!!!

Technicians arrive on site and everything works no problems.

Actions Taken:

Making changes to the default machine auth role to authenticated from a special guest role.

Enabling PMKID

Increasing the 4 way radius hand shake from 1000 to 5000

Flipped back and forward between the Windows Zero Config client and the Intel Wireless client

Findings:

All of the above had absolutely nothing to do with the problem and provided no relief.

The problem with these laptops and the installed Windows 7 Image is that it takes the

integrated network adapter a full minute to come online after you are presented with the

logon screen.

Secondly, when the laptops wake up from their sleep mode or from the lid being closed and reopened

it takes almost 40 seconds for the wireless card to re-activate.

We currently have several labs in our remote centers connected to Aruba 600 controllers and they experience none of these issues.

So to that end we grabbed an ASUS USB-N13 adapter that we stock for those sites and installed the driver on the T460i.

The adapter was lit and connected before the logon screen was displayed to the user.  There is no way to beat the

adapter and create this condition.

We upgraded to the driver to the 15.02 code that was release August 13, 2012 and may have shaved two seconds off of the enormous delay.

We also found that all of the T460s laptop we got at the beginning of the year did not have this same problem.

Internet Solutions:

We found this article which we may decide to implement:

I'm not sure if this solves your question or if it even is what you are asking, but it seems like your computer
is trying to logon to a domain server before the network is ready. If this is case, you might want to change
the group policy.
Go to Start -> type in "gpedit.msc" in the run/search field.
In the Local Group Policy Editor that pops up, go to "Computer Configuration" -> "Administrative
Templates" -> "System" -> "Logon" -> "Always wait for the network at computer startup and logon"
Double click the latter and set it to "enabled".

and this:

I was trying to get our computers to autologin as a domain admin user after imaging. To get this to work I
did the following
1. In the Local Group Policy Editor, go to "Computer Configuration" -> "Administrative Templates" ->
"System" -> "Logon" -> "Always wait for the network at computer startup and logon" as @bloodphilia
said
2. In the Local Group Policy Editor go to "Computer Configuration" -> "Administrative Templates" ->
"System" -> "Group Policy" -> set "Startup policy processing wait time" to 120.
For some reason the "Always wait for the network at computer startup and logon" doesn't always work, it
seems like it was just a matter of timing. About 80% of the time I would get an error of "no domain
controllers available". The added delay of the "Startup policy processing wait time" made it so the
autologin always works.

We are contemplating implementing these changes but are concerned about slowing down other machines that don't suffer this problem.

I may record a video and post it so that you can actually see the problem.

Bottom Line:  The Aruba wireless system was functioning flawlessly but was the convenient target for failing to do some research and make detailed observations. Twenty years ago as a mainframe system programmer, my mentor told me to "Sit on your hands" when you've done everything and rechecked everything.  We made lots of changes and opened tickets etc because we foolishly didn't take a clinical approach to diagnosing the problem.

What authentication are the clients using? You mentioned you made changes to the default machine auth role. Does this role have ACL's blocking LDAP traffic to your domain controllers?

---

@snyer wrote:

What authentication are the clients using? You mentioned you made changes to the default machine auth role. Does this role have ACL's blocking LDAP traffic to your domain controllers?

---

No, inititially we had a special role thhat supplied DHCP, DNS, Domain Controller Access and blocked access to all of the campus user segments.

We changed to "allow all" as recommended in another thread.

The clients are authenticating to a Radius Server (Win2k3) exposing crendenitals via active directory.

I have the same issue with 802.1x Machine Auth, PEAP, WPA2 Ent.. Waiting for the network connection setting via GP helped to some extent but unfurtuntely we are still experienceing the issue randomly. If you or anyone else happen figure out what else could be done to aleviate the problem I would appreciate your insight.

Any updates on your problem.  It is definetely something to do with WIndows 7 Enterprise as far as we can tell.

I've got a similar issue - but I'm also seeing RADIUS server timeout errors out the wazoo.

The result of that is machines that appear to fail out at random.. turn on a lab of 32 laptops and 2-4 wont connect...tech comes out and the machines work fine. This happens on our Chromebooks, Lenovo x130, Lenovo S10-3, etc.

I didn't spot this error until we demo'ed Airwave - but you can check this out via the CLI with the following command:

show aaa authentication-server radius statistics