Wireless Network Policy Single Sign On Issue with Windows 8.1 only

I'll try to set this up as best I can. I have a laptop with a fresh Windows 8.1 install on it. It is on my domain, and I have a single GPO applied to it. In the GPO under Computer Configuration -> Windows Settings -> Security Settings -> Wireless Network Policies I have created a Windows Vista or later policy. In the policy I have configured single sign on.  I log into a local account on the laptop and plug it into a wired connection. I then run gpupdate on it. At that point I unplug the network cable, and log off. Now, from the login screen I click Other user, and it looks like the screenshot below.

Notice that "Windows will try to connect to" is present. I can login using domain credentials, and single sign on works perfectly. Now if I reboot the machine, the "Windows will try to connect to" is gone and single sign on does not work. If I log in with a local account and log out. The "Windows will try to connect to" is present again. I can login normally using domain credentials, and single sign on works perfectly again.

One other note: I installed a fresh copy of Windows 7 on the same model laptop, and put it in the same OU with that single GPO. Single sign on works perfectly with the Windows 7 machine every time. Including after reboots. Thank you, in advance, for any advice or comments. I will be happy to provide additional information if it is needed.

September 3rd, 2014 10:09pm

Hi 

As an easy way to fix this, you can manually log on the computer by manually typing thedomain name, log on like this: domain\username, then typing the password.

Besides, according to your post, the problem should be the client computer fails to detect the domain environment, I would suggest to leave the domain and join it later to check the result.

Meanwhile as your description, you can  add the domain account to the local adminstrator group to see the result.

For any other questions, you can post it back.

Regards

Free Windows Admin Tool Kit Click here and download it now
September 9th, 2014 1:31pm

Wade,

Thank you for your reply. I apologize, but I forgot to mention a very important detail. These laptops will be used in a higher education setting where they are checked out by students. For their initial logon, the users will need to be connected to the wireless network to allow them to authenticate. Single sign on is not essential with Windows 8, but it would eliminate a step. I can tell you that I'm fairly certain the single sign on policy is not functioning correctly with the Windows 8 device. You can't really get a more controlled test, and the Windows 7 device works perfectly with the same GPO. Any further advice is greatly appreciated.

Thanks!

September 9th, 2014 11:38pm

Hi keyserag,

I want to know if there is any other log generated when this happened? 

Besides, another situation is the group policy is not successfully applied to the Windows 8 system, to confirm this, run the "rsop.msc" command at the command line window, in this way you can check whether the group policy result.

Regards


Free Windows Admin Tool Kit Click here and download it now
September 11th, 2014 1:52pm

Wade,

I ran rsop, and I can confirm that the policy is applied (see screenshot below). I can also confirm that I am still seeing the behavior described above.

Thanks!

September 12th, 2014 10:22pm

keyserag,

Were you able to get this issue resolved since your last post?  Please keep us posted!

Mike

Windows Outreach Team IT Pro

Free Windows Admin Tool Kit Click here and download it now
September 29th, 2014 5:53pm

I was not able to resolve this. Still seeing this behavior across all of our mobile Windows 8.1 devices.
September 29th, 2014 7:07pm

Any update to this?
Free Windows Admin Tool Kit Click here and download it now
October 15th, 2014 10:25pm

keyserag,

Were you able to get this issue resolved since your last post?  Please keep us posted!

Mike

Windows Outreach Team IT Pro

Hi Michael,

We are still having this issue. Is there anything we can do?


January 27th, 2015 12:03am

I would like to jump into this conversation if I can. 

I work in a enterprise environment, with several thousand devices, and we use a single sign on configured WLAN profiles to connect my Windows 7 and Windows 8.1 laptops and tablets to our domain.  It was designed to allow the user to connect to the domain, using that same "Windows with try to connect to X" at login that the OP detailed (though ours is configured through WLAN profiles pushed from SCCM, with the certificates pushed through GP).

What I'm experiencing almost exactly the same as the OP, with every single device.  I'm not sure what else to check, or what I can configure to fix this.  I've tried adjusting the WLAN profile, the power settings on the devices, and I have double checked my policies.

When the message is present, it works flawlessly.  However when the message is not present a user with cached credentials can login, and they connect to the domain as soon as they login, but no "At logon" policies are applied (including the mapping of an H drive, as configured in Active Directory user profiles).

Michael (OP), were you able to find a way to resolve this issue?  This was the only place I could find that addressed exactly what I'm dealing with.

Free Windows Admin Tool Kit Click here and download it now
February 6th, 2015 3:32pm

When you look at the properties of the wlan profile, is it "me only" or "all users"?  Just shooting from the hip here.  Below is a link of what I am talking about:

https://social.technet.microsoft.com/Forums/windows/en-US/86c07850-f120-4b92-9575-dfc7cf57f788/wireless-before-login?forum=w7itpronetworking

 
February 9th, 2015 5:50pm

The WLAN Profile setting is set to "All Users".

Free Windows Admin Tool Kit Click here and download it now
February 10th, 2015 11:27pm

Good to know someone else is seeing the same problem. We ended up just rolling back to Windows 7. I'm surprised that they won't even address it here.
February 26th, 2015 11:24am

I just wanted to let you all know that in the process of trying to set this up at my organisation I also have this problem. I'm currently looking for a solution.
Free Windows Admin Tool Kit Click here and download it now
March 25th, 2015 2:25am

I managed to get this to work properly in my environment. I realized that I needed to export the wireless profile from the Group Policy editor and import it on the client (by using Group Policy). I realized this while reading through this article:

https://technet.microsoft.com/en-gb/magazine/2007.11.cableguy.aspx

You can see the "Export..." button in the screenshot posted by keyserag above. Select the profile name, in the Group Policy editor Properties dialog, i.e. the item that keyserag has blurred in his screenshot, then click the "Export..." button. You will be prompted to save the XML file. 

I use Computer Configuration > Preferences > Windows Settings > Files to copy the XML file to the clients:

Destination: %WindowsDir%\WirelessProfileExportFileName.XML

I then use Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks to run netsh and import the profile:

Action: netsh wlan add profile filename="%WindowsDir%\WirelessProfileExportFileName.XML"

The PCs using my policies are now ready to logon without any need for additional manual actions.

I've left out some detail here, I assume everyone will do something a little different anyway. Let me know if you need more help with this.


  • Edited by bndsc 23 hours 50 minutes ago fixed link
March 30th, 2015 3:30am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics