WireleSs domain user logon problems

[zuke]

I cannot log onto a AD wirelessly. I can join the computer to the domain and
make a computer account, unjoin the domain, and join again wirelessly, but
the user cannot log on. At the logon screen the complaint is "...domain
unavailable." Event viewer shows domain controller can't be found (but I
can join the computer to the domain using an admin logon account that then
cannot log onto the AD from this computer which I had just used to create it
own account in AD over the wire). I am using an Atheros chip in a Toshiba
Satallite and a Linksys WRT54G with WPA/AES. Everything is statically
addressed (no DHCP).

There is a thread with several posting on this issue in the newsgroup
public.win2000.security: with the subject "Domain unavailable for some
logins"

The final post by the MVP is copied below:

"The info shown in the reports generated for netdiag contain all the info
that is included in ipconfig /all. Your reports all look great in that the
domain controllers and domain clients are configured correctly and
communicating with each other [well at least after startup] . I believe the
problem is your wireless network. What happens is that wireless network
cards often do not initialize fast enough at startup to have network
connectivity and contact a domain controller. One solution to fix the
problem is to have the users that need to logon to the computer do so when
it is connected to the network by cable. That should create a cached logon
for that user and by default a domain computer can store 10 cached logons.
This behavior is a security option controlled in Local Security Policy under
local policies/security options - number of previous logons to cache. Once
the user has a cached logon he can logon via the wireless network via the
cached logon and then after the wireless network adapter initializes it will
have network connectivity and the user will be able to use domain resources.

Beyond that you could contact the manufacturer of your wireless equipment
and ask them if they have any solution which could be a driver upgrade or a
registry change for the wireless adapter or you may be stuck with
performance as is. There may be particular brand of wireless network
adapters that work better in an Active Directory domain environment but I
can't recommend any based on my experience. You might also want to post in
the Active_directory newsgroup with a topic along the lines of "wireless
domain user logon problems" to see if anyone there has any recommendations
or experience with that problem. --- Steve"

ANY SUGGESTIONS WOULD BE WELCOME,
ZUKE

 

[Ken Zhao [MSFT]]

Hello Zuke,

Thank you for using newsgroup!

From your post, a domain user is not able to logon AD via wireless
connection on a laptop. Based on your situation, could you help me collect
a screen shot of the error message so that I can perform further research?

To take a screen shot:
---------------------
1. Press the Pr Scrn key once on the keyboard when the error message
appears.
2. Click Start, go to Run, enter MSPAINT in the open dialog box, and then
Click OK.
3. Use Ctrl + V to paste the screenshot to the canvas.
4. From the File menu, go to Save and save it as a JPG file.
5. Send the JPG file to me as an attachment.
My mailbox: (e-mail address removed)

At this moment, I am not sure if you are encountering this kind scenario as
below:

Actually, in some cases, if the wireless connection will not be
established, the domain authentication will not be performed when you logon
to AD via wireless connection. Based on the scenario, if you wait for few
minutes, and then the wireless connection will have been established, and
then you logon the machine, domain authentication should be performed.
According to the scenario, we think the issue should be related to the
wireless connection establishing. If the wireless connection is able to be
established between the wireless card and the wireless Access Point or
wireless router quickly, when you logon domain, the authentication will be
performed properly.

In addition, I agree with Steve's (MVP) suggestions. You may logon with the
user account by using network cable to create a cached logon credential.
When you logon domain with wireless connection next time, it will use the
cached logon credential. After the wireless network adapter initializes,
the wireless connection will not be established. You will be able to access
domain resources.

For related information about Local Security Policy, you may refer to the
steps:
1. Click Start\Run and type secpol.msc to open Local Security Policy window.
2. Navigate to Local Policies\Security Options\
3. In the right pane, you will find the following option about the number
of cached logons:
Interactive logon: Numbers of previous logons to cache

I hope the explanation and information can address your concern. If your
scenario is different form the situation above, please feel free to let me
know.

More references:
===================
826239: Small Delay in Logon to Network When You Use a Wireless Network
Connection
http://support.microsoft.com/default.aspx?scid=kb;en-us;826239

822725: 60-second to 120-second delay occurs in user authentication when
you log on to Windows XP in a wireless network
http://support.microsoft.com/default.aspx?scid=kb;en-us;822725

870974: You may not successfully log on to a domain by using a roaming
profile when you use a wireless connection in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;870974

Define 802.1X authentication for wireless networks on a client computer
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
erHelp/fe1d12a1-650a-4006-b389-e1f4ea68b991.mspx>

Define 802.1X authentication for wireless networks in Group Policy
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
erHelp/5506eeef-9e91-4cab-8e1e-3efb504d1b47.mspx>

Thanks & Regards,

Ken Zhao

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
| From: "zuke" <lgilmore@NO_SPAMrainbowgrocery.net>
| Subject: WireleSs domain user logon problems
| Date: Mon, 7 Nov 2005 14:47:26 -0800
| Lines: 46
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uFvs60#[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: w160.z064002063.sjc-ca.dsl.cnc.net 64.2.63.160
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.win2000.active_directory:35495
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| I cannot log onto a AD wirelessly. I can join the computer to the domain
and
| make a computer account, unjoin the domain, and join again wirelessly,
but
| the user cannot log on. At the logon screen the complaint is "...domain
| unavailable." Event viewer shows domain controller can't be found (but I
| can join the computer to the domain using an admin logon account that
then
| cannot log onto the AD from this computer which I had just used to create
it
| own account in AD over the wire). I am using an Atheros chip in a
Toshiba
| Satallite and a Linksys WRT54G with WPA/AES. Everything is statically
| addressed (no DHCP).
|
| There is a thread with several posting on this issue in the newsgroup
| public.win2000.security: with the subject "Domain unavailable for some
| logins"
|
| The final post by the MVP is copied below:
|
| "The info shown in the reports generated for netdiag contain all the info
| that is included in ipconfig /all. Your reports all look great in that the
| domain controllers and domain clients are configured correctly and
| communicating with each other [well at least after startup] . I believe
the
| problem is your wireless network. What happens is that wireless network
| cards often do not initialize fast enough at startup to have network
| connectivity and contact a domain controller. One solution to fix the
| problem is to have the users that need to logon to the computer do so when
| it is connected to the network by cable. That should create a cached logon
| for that user and by default a domain computer can store 10 cached logons.
| This behavior is a security option controlled in Local Security Policy
under
| local policies/security options - number of previous logons to cache. Once
| the user has a cached logon he can logon via the wireless network via the
| cached logon and then after the wireless network adapter initializes it
will
| have network connectivity and the user will be able to use domain
resources.
|
| Beyond that you could contact the manufacturer of your wireless equipment
| and ask them if they have any solution which could be a driver upgrade or
a
| registry change for the wireless adapter or you may be stuck with
| performance as is. There may be particular brand of wireless network
| adapters that work better in an Active Directory domain environment but I
| can't recommend any based on my experience. You might also want to post in
| the Active_directory newsgroup with a topic along the lines of "wireless
| domain user logon problems" to see if anyone there has any recommendations
| or experience with that problem. --- Steve"
|
| ANY SUGGESTIONS WOULD BE WELCOME,
| ZUKE
|
|
|

 

[Andrew Story]

I've seen this behaviour before.

A way that I got around it was (depending on manufacturer of Wireless NIC
you have this may/maynot work) was to update the driver to a revision that
support pre-logon authentication and configure. This initialises the
Wireless NIC's software when you logon to Windows, which in turn renews Ip
address/contacts DC etc.

HTH, Andrew.

Hello Zuke,

Thank you for using newsgroup!

From your post, a domain user is not able to logon AD via wireless
connection on a laptop. Based on your situation, could you help me collect
a screen shot of the error message so that I can perform further research?

To take a screen shot:
---------------------
1. Press the Pr Scrn key once on the keyboard when the error message
appears.
2. Click Start, go to Run, enter MSPAINT in the open dialog box, and then
Click OK.
3. Use Ctrl + V to paste the screenshot to the canvas.
4. From the File menu, go to Save and save it as a JPG file.
5. Send the JPG file to me as an attachment.
My mailbox: (e-mail address removed)

At this moment, I am not sure if you are encountering this kind scenario as
below:

Actually, in some cases, if the wireless connection will not be
established, the domain authentication will not be performed when you logon
to AD via wireless connection. Based on the scenario, if you wait for few
minutes, and then the wireless connection will have been established, and
then you logon the machine, domain authentication should be performed.
According to the scenario, we think the issue should be related to the
wireless connection establishing. If the wireless connection is able to be
established between the wireless card and the wireless Access Point or
wireless router quickly, when you logon domain, the authentication will be
performed properly.

In addition, I agree with Steve's (MVP) suggestions. You may logon with the
user account by using network cable to create a cached logon credential.
When you logon domain with wireless connection next time, it will use the
cached logon credential. After the wireless network adapter initializes,
the wireless connection will not be established. You will be able to access
domain resources.

For related information about Local Security Policy, you may refer to the
steps:
1. Click Start\Run and type secpol.msc to open Local Security Policy window.
2. Navigate to Local Policies\Security Options\
3. In the right pane, you will find the following option about the number
of cached logons:
Interactive logon: Numbers of previous logons to cache

I hope the explanation and information can address your concern. If your
scenario is different form the situation above, please feel free to let me
know.

More references:
===================
826239: Small Delay in Logon to Network When You Use a Wireless Network
Connection
http://support.microsoft.com/default.aspx?scid=kb;en-us;826239

822725: 60-second to 120-second delay occurs in user authentication when
you log on to Windows XP in a wireless network
http://support.microsoft.com/default.aspx?scid=kb;en-us;822725

870974: You may not successfully log on to a domain by using a roaming
profile when you use a wireless connection in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;870974

Define 802.1X authentication for wireless networks on a client computer
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
erHelp/fe1d12a1-650a-4006-b389-e1f4ea68b991.mspx>

Define 802.1X authentication for wireless networks in Group Policy
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
erHelp/5506eeef-9e91-4cab-8e1e-3efb504d1b47.mspx>

Thanks & Regards,

Ken Zhao

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
| From: "zuke" <lgilmore@NO_SPAMrainbowgrocery.net>
| Subject: WireleSs domain user logon problems
| Date: Mon, 7 Nov 2005 14:47:26 -0800
| Lines: 46
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uFvs60#[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: w160.z064002063.sjc-ca.dsl.cnc.net 64.2.63.160
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.win2000.active_directory:35495
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| I cannot log onto a AD wirelessly. I can join the computer to the domain
and
| make a computer account, unjoin the domain, and join again wirelessly,
but
| the user cannot log on. At the logon screen the complaint is "...domain
| unavailable." Event viewer shows domain controller can't be found (but I
| can join the computer to the domain using an admin logon account that
then
| cannot log onto the AD from this computer which I had just used to create
it
| own account in AD over the wire). I am using an Atheros chip in a
Toshiba
| Satallite and a Linksys WRT54G with WPA/AES. Everything is statically
| addressed (no DHCP).
|
| There is a thread with several posting on this issue in the newsgroup
| public.win2000.security: with the subject "Domain unavailable for some
| logins"
|
| The final post by the MVP is copied below:
|
| "The info shown in the reports generated for netdiag contain all the info
| that is included in ipconfig /all. Your reports all look great in that the
| domain controllers and domain clients are configured correctly and
| communicating with each other [well at least after startup] . I believe
the
| problem is your wireless network. What happens is that wireless network
| cards often do not initialize fast enough at startup to have network
| connectivity and contact a domain controller. One solution to fix the
| problem is to have the users that need to logon to the computer do so when
| it is connected to the network by cable. That should create a cached logon
| for that user and by default a domain computer can store 10 cached logons.
| This behavior is a security option controlled in Local Security Policy
under
| local policies/security options - number of previous logons to cache. Once
| the user has a cached logon he can logon via the wireless network via the
| cached logon and then after the wireless network adapter initializes it
will
| have network connectivity and the user will be able to use domain
resources.
|
| Beyond that you could contact the manufacturer of your wireless equipment
| and ask them if they have any solution which could be a driver upgrade or
a
| registry change for the wireless adapter or you may be stuck with
| performance as is. There may be particular brand of wireless network
| adapters that work better in an Active Directory domain environment but I
| can't recommend any based on my experience. You might also want to post in
| the Active_directory newsgroup with a topic along the lines of "wireless
| domain user logon problems" to see if anyone there has any recommendations
| or experience with that problem. --- Steve"
|
| ANY SUGGESTIONS WOULD BE WELCOME,
| ZUKE
|
|
|

 

[zuke]

Hello,

There soes not appear to be any lataer rsvisions thatn a MAy 26, 2004
driver. The chip is an Atheros 5004G. The only opnion I've found is John
Dvorak in PC MAG, that Toshiba is using it "...is not a good sign," which
ic not exactly positive. In anycase, I'venthe latest driver. Maybe an older
one would be better?

The really peculiar thing is that I can create and delete the computer
account in Active Directory from this same notebook, using a domain admin
account that then cannot logon as an AD user to the same notebook. They
always get the following message: "The system cannot log you on now because
the domain X is not available." Generally this is a network connetivity
issue, but generally also prevents one from adding or deleting the computer
account in AD. On the same notebook, everything works fine using the Realtek
wired connection.

Regards,
Zuke

I've seen this behaviour before.

A way that I got around it was (depending on manufacturer of Wireless NIC
you have this may/maynot work) was to update the driver to a revision that
support pre-logon authentication and configure. This initialises the
Wireless NIC's software when you logon to Windows, which in turn renews Ip
address/contacts DC etc.

HTH, Andrew.

Hello Zuke,

Thank you for using newsgroup!

From your post, a domain user is not able to logon AD via wireless
connection on a laptop. Based on your situation, could you help me
collect
a screen shot of the error message so that I can perform further
research?

To take a screen shot:
---------------------
1. Press the Pr Scrn key once on the keyboard when the error message
appears.
2. Click Start, go to Run, enter MSPAINT in the open dialog box, and then
Click OK.
3. Use Ctrl + V to paste the screenshot to the canvas.
4. From the File menu, go to Save and save it as a JPG file.
5. Send the JPG file to me as an attachment.
My mailbox: (e-mail address removed)

At this moment, I am not sure if you are encountering this kind scenario as
below:

Actually, in some cases, if the wireless connection will not be
established, the domain authentication will not be performed when you logon
to AD via wireless connection. Based on the scenario, if you wait for few
minutes, and then the wireless connection will have been established, and
then you logon the machine, domain authentication should be performed.
According to the scenario, we think the issue should be related to the
wireless connection establishing. If the wireless connection is able to
be
established between the wireless card and the wireless Access Point or
wireless router quickly, when you logon domain, the authentication will
be
performed properly.

In addition, I agree with Steve's (MVP) suggestions. You may logon with the
user account by using network cable to create a cached logon credential.
When you logon domain with wireless connection next time, it will use the
cached logon credential. After the wireless network adapter initializes,
the wireless connection will not be established. You will be able to access
domain resources.

For related information about Local Security Policy, you may refer to the
steps:
1. Click Start\Run and type secpol.msc to open Local Security Policy window.
2. Navigate to Local Policies\Security Options\
3. In the right pane, you will find the following option about the number
of cached logons:
Interactive logon: Numbers of previous logons to cache

I hope the explanation and information can address your concern. If your
scenario is different form the situation above, please feel free to let
me
know.

More references:
===================
826239: Small Delay in Logon to Network When You Use a Wireless Network
Connection
http://support.microsoft.com/default.aspx?scid=kb;en-us;826239

822725: 60-second to 120-second delay occurs in user authentication when
you log on to Windows XP in a wireless network
http://support.microsoft.com/default.aspx?scid=kb;en-us;822725

870974: You may not successfully log on to a domain by using a roaming
profile when you use a wireless connection in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;870974

Define 802.1X authentication for wireless networks on a client computer
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
erHelp/fe1d12a1-650a-4006-b389-e1f4ea68b991.mspx>

Define 802.1X authentication for wireless networks in Group Policy
<http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
erHelp/5506eeef-9e91-4cab-8e1e-3efb504d1b47.mspx>

Thanks & Regards,

Ken Zhao

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
| From: "zuke" <lgilmore@NO_SPAMrainbowgrocery.net>
| Subject: WireleSs domain user logon problems
| Date: Mon, 7 Nov 2005 14:47:26 -0800
| Lines: 46
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uFvs60#[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: w160.z064002063.sjc-ca.dsl.cnc.net 64.2.63.160
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.win2000.active_directory:35495
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| I cannot log onto a AD wirelessly. I can join the computer to the
domain
and
| make a computer account, unjoin the domain, and join again wirelessly,
but
| the user cannot log on. At the logon screen the complaint is "...domain
| unavailable." Event viewer shows domain controller can't be found (but I
| can join the computer to the domain using an admin logon account that
then
| cannot log onto the AD from this computer which I had just used to create
it
| own account in AD over the wire). I am using an Atheros chip in a
Toshiba
| Satallite and a Linksys WRT54G with WPA/AES. Everything is statically
| addressed (no DHCP).
|
| There is a thread with several posting on this issue in the newsgroup
| public.win2000.security: with the subject "Domain unavailable for some
| logins"
|
| The final post by the MVP is copied below:
|
| "The info shown in the reports generated for netdiag contain all the info
| that is included in ipconfig /all. Your reports all look great in that the
| domain controllers and domain clients are configured correctly and
| communicating with each other [well at least after startup] . I believe
the
| problem is your wireless network. What happens is that wireless network
| cards often do not initialize fast enough at startup to have network
| connectivity and contact a domain controller. One solution to fix the
| problem is to have the users that need to logon to the computer do so when
| it is connected to the network by cable. That should create a cached logon
| for that user and by default a domain computer can store 10 cached logons.
| This behavior is a security option controlled in Local Security Policy
under
| local policies/security options - number of previous logons to cache. Once
| the user has a cached logon he can logon via the wireless network via the
| cached logon and then after the wireless network adapter initializes it
will
| have network connectivity and the user will be able to use domain
resources.
|
| Beyond that you could contact the manufacturer of your wireless equipment
| and ask them if they have any solution which could be a driver upgrade or
a
| registry change for the wireless adapter or you may be stuck with
| performance as is. There may be particular brand of wireless network
| adapters that work better in an Active Directory domain environment but I
| can't recommend any based on my experience. You might also want to post in
| the Active_directory newsgroup with a topic along the lines of
"wireless
| domain user logon problems" to see if anyone there has any recommendations
| or experience with that problem. --- Steve"
|
| ANY SUGGESTIONS WOULD BE WELCOME,
| ZUKE
|
|
|

 

[zuke]

Hello,

There is an option in the Atheros wireless chip config utility labled, "Let
windows manage..."

Once I checked this, I opened the windows (WinXP SP2) wireless Networks
config and checked the box "Use Windows to configure my wireless settings",
opened the windows utility, entered my WPA/AES key, and rebooted.

Logons work fine now.

Whoot!
Zuke

I cannot log onto a AD wirelessly. I can join the computer to the domain
and make a computer account, unjoin the domain, and join again wirelessly,
but the user cannot log on. At the logon screen the complaint is "...domain
unavailable." Event viewer shows domain controller can't be found (but I
can join the computer to the domain using an admin logon account that then
cannot log onto the AD from this computer which I had just used to create
it own account in AD over the wire). I am using an Atheros chip in a
Toshiba Satallite and a Linksys WRT54G with WPA/AES. Everything is
statically addressed (no DHCP).

There is a thread with several posting on this issue in the newsgroup
public.win2000.security: with the subject "Domain unavailable for some
logins"

The final post by the MVP is copied below:

"The info shown in the reports generated for netdiag contain all the info
that is included in ipconfig /all. Your reports all look great in that the
domain controllers and domain clients are configured correctly and
communicating with each other [well at least after startup] . I believe
the problem is your wireless network. What happens is that wireless
network
cards often do not initialize fast enough at startup to have network
connectivity and contact a domain controller. One solution to fix the
problem is to have the users that need to logon to the computer do so when
it is connected to the network by cable. That should create a cached logon
for that user and by default a domain computer can store 10 cached logons.
This behavior is a security option controlled in Local Security Policy
under
local policies/security options - number of previous logons to cache. Once
the user has a cached logon he can logon via the wireless network via the
cached logon and then after the wireless network adapter initializes it
will
have network connectivity and the user will be able to use domain
resources.

Beyond that you could contact the manufacturer of your wireless equipment
and ask them if they have any solution which could be a driver upgrade or
a
registry change for the wireless adapter or you may be stuck with
performance as is. There may be particular brand of wireless network
adapters that work better in an Active Directory domain environment but I
can't recommend any based on my experience. You might also want to post in
the Active_directory newsgroup with a topic along the lines of "wireless
domain user logon problems" to see if anyone there has any recommendations
or experience with that problem. --- Steve"

ANY SUGGESTIONS WOULD BE WELCOME,
ZUKE

 

[Ken Zhao [MSFT]]

Hello Zuke,

Thank you for your reply and the detailed additional feedback on how you
were successful in resolving this issue. I believe your solution will
benefit many other users, and we really value having you as a Microsoft
customer. At this point, I would like to provide a simple summary for your
reference in the future:

Problem Description:
A domain user is not able to logon AD via wireless connection on a laptop

Resolution:
Change the setting "Let windows manage" in the Atheros wireless chip
configuration utility

If you have any other questions or concerns, please do not hesitate to
contact us. It is always our pleasure to be of assistance.

Thanks & Regards,

Ken Zhao

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| From: "zuke" <lgilmore@NO_SPAMrainbowgrocery.net>
| References: <uFvs60#[email protected]>
| Subject: SOLUTION
| Date: Tue, 8 Nov 2005 11:30:51 -0800
| Lines: 68
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Response
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: w160.z064002063.sjc-ca.dsl.cnc.net 64.2.63.160
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.win2000.active_directory:35536
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hello,
|
| There is an option in the Atheros wireless chip config utility labled,
"Let
| windows manage..."
|
| Once I checked this, I opened the windows (WinXP SP2) wireless Networks
| config and checked the box "Use Windows to configure my wireless
settings",
| opened the windows utility, entered my WPA/AES key, and rebooted.
|
| Logons work fine now.
|
| Whoot!
| Zuke
| | >I cannot log onto a AD wirelessly. I can join the computer to the domain
| >and make a computer account, unjoin the domain, and join again
wirelessly,
| >but the user cannot log on. At the logon screen the complaint is
"...domain
| >unavailable." Event viewer shows domain controller can't be found (but
I
| >can join the computer to the domain using an admin logon account that
then
| >cannot log onto the AD from this computer which I had just used to
create
| >it own account in AD over the wire). I am using an Atheros chip in a
| >Toshiba Satallite and a Linksys WRT54G with WPA/AES. Everything is
| >statically addressed (no DHCP).
| >
| > There is a thread with several posting on this issue in the newsgroup
| > public.win2000.security: with the subject "Domain unavailable for some
| > logins"
| >
| > The final post by the MVP is copied below:
| >
| > "The info shown in the reports generated for netdiag contain all the
info
| > that is included in ipconfig /all. Your reports all look great in that
the
| > domain controllers and domain clients are configured correctly and
| > communicating with each other [well at least after startup] . I believe
| > the problem is your wireless network. What happens is that wireless
| > network
| > cards often do not initialize fast enough at startup to have network
| > connectivity and contact a domain controller. One solution to fix the
| > problem is to have the users that need to logon to the computer do so
when
| > it is connected to the network by cable. That should create a cached
logon
| > for that user and by default a domain computer can store 10 cached
logons.
| > This behavior is a security option controlled in Local Security Policy
| > under
| > local policies/security options - number of previous logons to cache.
Once
| > the user has a cached logon he can logon via the wireless network via
the
| > cached logon and then after the wireless network adapter initializes it
| > will
| > have network connectivity and the user will be able to use domain
| > resources.
| >
| > Beyond that you could contact the manufacturer of your wireless
equipment
| > and ask them if they have any solution which could be a driver upgrade
or
| > a
| > registry change for the wireless adapter or you may be stuck with
| > performance as is. There may be particular brand of wireless network
| > adapters that work better in an Active Directory domain environment but
I
| > can't recommend any based on my experience. You might also want to post
in
| > the Active_directory newsgroup with a topic along the lines of "wireless
| > domain user logon problems" to see if anyone there has any
recommendations
| > or experience with that problem. --- Steve"
| >
| > ANY SUGGESTIONS WOULD BE WELCOME,
| > ZUKE
| >
| >
|
|
|