Hello All, Weve had difficulty with our Windows 7 clients authenticating to our wireless network. Im hoping someone out there has experienced the same thing and can offer some help. Some info about our environment: Single Windows 2008 R2 domain with 6 DCs MS Radius server Aruba wireless controllers The Problem: The client computer boots, Auths as machine (802.1X successful)User enters creds User auth (802.1X successful) To this point, everything is working normally. Next is where it gets weird. During the logon process, there is another machine auth2-5 minutes later another User auth OS is up and usable (connected to wireless network); however, no homefolder is mapped and GPP didnt apply properly. From what I understand, after the user has logged in, Windows never attempts another machine authentication. When the user logs out, Windows can attempt it. Can anyone offer some insight to what is causing this? I have logs available if anyone is interested. Thanks in advance for any help you can offer! -- Brett -- Brett

Hi, Please check whether it makes any difference if you turn off fast log on. Computer Configuration \ Administrative Templates \ System \ Logon \ Always wait for the network at computer startup and logon Juke Chou TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.Juke Chou TechNet Community Support

Hi Juke, Yes I do have clients configured to Always wait for the network at computer startup and logon. Behavior persists with the setting enabled. -- Brett

Hi, How about if you enalbe single sign on for this network? Otherwise, for a workround, you could compose a script to manually run gpupdate/force after user log on. Juke Chou TechNet Community Support

I did a network trace to gain more insight. I dont understand why after 802.1X auth is successful on port 1, it then initiates 802.1X auth on port 2. Can you offer any insight? 10487 3:50:19 PM 8/23/2012 63.0340126 ONEX_MicrosoftWindowsOneX ONEX_MicrosoftWindowsOneX:Port(1 (0x1)): Authentication Starting {ONEX_MicrosoftWindowsOneX:126, NetEvent:5} 10867 3:50:19 PM 8/23/2012 63.3403904 ONEX_MicrosoftWindowsOneX ONEX_MicrosoftWindowsOneX:Port(1 (0x1)): Time taken for this authentication = 281 (0x119) ms {ONEX_MicrosoftWindowsOneX:126, NetEvent:5} Then >>> 11718 3:50:35 PM 8/23/2012 79.3196653 ONEX_MicrosoftWindowsOneX ONEX_MicrosoftWindowsOneX:OneXDestroySupplicantPort {ONEX_MicrosoftWindowsOneX:126, NetEvent:5} 11938 3:50:36 PM 8/23/2012 80.0530315 ONEX_MicrosoftWindowsOneX ONEX_MicrosoftWindowsOneX:Finished initializing a new port with id=2 (0x2) and friendly name=Dell Wireless 1504 802.11b/g/n (2.4GHz) {ONEX_MicrosoftWindowsOneX:126, NetEvent:5} 11959 3:50:36 PM 8/23/2012 80.0556734 ONEX_MicrosoftWindowsOneX ONEX_MicrosoftWindowsOneX:OneXStartAuthentication {ONEX_MicrosoftWindowsOneX:126, NetEvent:5} 11964 3:50:36 PM 8/23/2012 80.0557074 svchost.exe (1036) ONEX_MicrosoftWindowsOneX ONEX_MicrosoftWindowsOneX:Port(2 (0x2)): Starting a new 802.1X authentication (MSM initiated) 11965 3:50:36 PM 8/23/2012 80.0557333 svchost.exe (1036) ONEX_MicrosoftWindowsOneX ONEX_MicrosoftWindowsOneX:Port(2 (0x2)): Authentication Starting -- Brett

Brett, Are you sure the computer authentication and user authentication during the boot and user logon are both successful? Based on my experience, the home folder and GPP should be applied after the computer authentication and user authentication during the boot and user logon are successful. What about if you run gpupdate /force? Will the home folder and GPP be applied? Best Regards Scott Xie

Thanks for the reply. Viewing wireless controller logs indicates that both initial auths are successful. However shortly after the user auth, there is a deauth logged (on the wireless controller). I don't know if this is something with our configuration or something goofy with the Win 7 supplicant. Running gpupdate /force after the user is logged on does apply the GPP but does NOT map the home folder or create the %homefolder% environment variable. I wrote a PowerShell script that let's us work around this issue, but user logon still takes too long (3-5+ min) to be acceptable with our environment. -- Brett

Brett, Windows supplicant will only do computer authentication and user authentication one time. It should not do the second time after the wireless has already be connected. Could you please help confirm if there is any third party wireless supplicant which does it? I think you can try a Clean Boot and see if the issue could be resolved. --------------------------- a. Click Start, click Run, type "msconfig" (without the quotation marks) in the Open box, and then click OK. b. In the Startup tab, click the "Disable All" button. c. In the Services tab, check the "Hide All Microsoft Services" checkbox, and then click the "Disable All" button. d. Click OK and restart your computer. Best Regards Scott Xie