Controllerless Networks

last person joined: 3 hours ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

NETLOGON and GPO issues with 802.1x

This thread has been viewed 2 times
  • 1.  NETLOGON and GPO issues with 802.1x

    Posted Apr 25, 2018 07:59 AM

    Hello,

     

    I have an issue with a ClearPass implementation.

    We have ArubaOS switches (5400) and Comware (5510) switches.

    It is for wired authentication.

    The have HP elite workstations with windows 7.

    They are very fast. Full memory I7 core and SSD.

    We use EAP-PEAP with User/computer authentication.

    We also tried only computer authentication put even worse results.

     

    What happens.

    The machine boots and performs machine authentication.

    If we direct logon when the crtl-alt-delete appears we have an issue.

    We have netlogon failer and the GPO’s are not loaded.

    If we then logoff and logon everything is fine.

     

    If the machine boots and performs machine authentication.

    If we then wait 10 seconds when the crtl-alt-delete appears we have no issues and all looks fine.

     

    We use

    Enable single sign-on for this network

    Perform immediately before user logon

     

    We also tried all the thinks below

    https://support.microsoft.com/en-nz/help/938449/netlogon-event-id-5719-or-group-policy-event-1129-is-logged-when-you-s

     



  • 2.  RE: NETLOGON and GPO issues with 802.1x

    Posted Apr 25, 2018 08:19 AM

    Does the client pass authentication?

    What do the access tracker messages in ClearPass say?  



  • 3.  RE: NETLOGON and GPO issues with 802.1x

    Posted Apr 25, 2018 08:24 AM

    Hello cjoseph,

     

    Yes, from a authentication it all looks fine.

    The machine is authenticated and afterwards the user.

    We use the same vlan for the machine and the user.

     

    So no timeouts or authentication failers.



  • 4.  RE: NETLOGON and GPO issues with 802.1x

    Posted Apr 25, 2018 08:28 AM

    Can you ping the ip address of the computer and see how soon after authentication it actually gets an ip address that is pingable?



  • 5.  RE: NETLOGON and GPO issues with 802.1x

    Posted Apr 25, 2018 08:38 AM

    I need to check that next time i am at the customer site.

    We already installed a new windows DHCP server with no luck.

     

    I will place a extra switch that will be a DHCP server for the specifice VLAN and put some test clients in it. 

     

    This will be end next week.