Controllerless Networks

Hello,

I have an issue with a ClearPass implementation.

We have ArubaOS switches (5400) and Comware (5510) switches.

It is for wired authentication.

The have HP elite workstations with windows 7.

They are very fast. Full memory I7 core and SSD.

We use EAP-PEAP with User/computer authentication.

We also tried only computer authentication put even worse results.

What happens.

The machine boots and performs machine authentication.

If we direct logon when the crtl-alt-delete appears we have an issue.

We have netlogon failer and the GPO’s are not loaded.

If we then logoff and logon everything is fine.

If the machine boots and performs machine authentication.

If we then wait 10 seconds when the crtl-alt-delete appears we have no issues and all looks fine.

We use

Enable single sign-on for this network

Perform immediately before user logon

We also tried all the thinks below

https://support.microsoft.com/en-nz/help/938449/netlogon-event-id-5719-or-group-policy-event-1129-is-logged-when-you-s

Does the client pass authentication?

What do the access tracker messages in ClearPass say?  

Hello cjoseph,

Yes, from a authentication it all looks fine.

The machine is authenticated and afterwards the user.

We use the same vlan for the machine and the user.

So no timeouts or authentication failers.

Can you ping the ip address of the computer and see how soon after authentication it actually gets an ip address that is pingable?

I need to check that next time i am at the customer site.

We already installed a new windows DHCP server with no luck.

I will place a extra switch that will be a DHCP server for the specifice VLAN and put some test clients in it. 

This will be end next week.