|
windows
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
GPO Wireless Settings DisappearingHello All
I am having a strange and random problem with our wireless enabled machines. All of our wireless settings are controlled by a wireless gpo. All of our computers/laptops are Windows XP with SP2. Each client has KB893357-v2 and KB917021-v3 hotfixes applied. We are using Windows 2003 Standard servers with IAS and server specific certificates. We have a selection of machines for whatever reason that appear to be losing their GPO'd controlled settings, which then means they are not able to connect to the network! Has anyone experienced this problem before or can someone suggest anything that we could do to rectify the problem? Any help is appreciated. Phill We need more information to help. What does the GPO do? Is local policy or
domain policy? -- Show quoteHide quoteBob Lin, MS-MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com "SCL" <S**@discussions.microsoft.com> wrote in message news:8B5CF67D-1646-4AB3-B0BF-30A4C9C62B9D@microsoft.com... > Hello All > > I am having a strange and random problem with our wireless enabled > machines. > All of our wireless settings are controlled by a wireless gpo. All of our > computers/laptops are Windows XP with SP2. Each client has KB893357-v2 > and > KB917021-v3 hotfixes applied. We are using Windows 2003 Standard servers > with IAS and server specific certificates. > > We have a selection of machines for whatever reason that appear to be > losing > their GPO'd controlled settings, which then means they are not able to > connect to the network! > > Has anyone experienced this problem before or can someone suggest anything > that we could do to rectify the problem? > > Any help is appreciated. > > Phill Sorry for the long reply but below is the contents of the policies that we
are using. These policies are enforced on all machines and it is only a small handful of machines that are having the problem. One day they are working and the next they are not. We are using two policies for the wireless and I believe all are domain policies. The first GPO we have called Wi-Fi3 WPA2. The settings for this are as follows: Computer Configuration (Enabled) > Windows Settings > Wireless Network > General > Name Wi-Fi 3 WPA2 Description Third POLICY Check for policy changes every 180 minutes Networks to access Access point (infrastructure) networks only Use Windows to configure wireless network settings for clients Enabled Automatically connect to non-preferred networks Disabled The following settings have been made using Vista to amend the WiFi 3 WPA2 policy as XP doesn't have a policy for WPA2. Global Settings > Use Windows wireless LAN network services for clients Enabled Allow user to view denied networks Enabled Allow everyone to create all user profiles Enabled Network Filters > Use Windows wireless LAN network services for clients Enabled Allow user to view denied networks Enabled Allow everyone to create all user profiles Enabled Preferred Network Profiles > OUR NETWORK NAME Use Windows wireless LAN network services for clients Enabled Allow user to view denied networks Enabled Allow everyone to create all user profiles Enabled Security Settings > Authentication WPA2 Encryption AES Use 802.1X Enabled Pairwise Master Key (PMK) Caching Enabled PMK Time-to-Live (minutes) 720 Number of Entries in PMK Cache 128 Use Network Pre-authentication Disabled IEEE 802.1X Settings > Computer Authentication User re-authentication Maximum EAPOL-Start Messages Sent 3 Held Period (seconds) 1 Start Period (seconds) 5 Authentication Period (seconds) 18 The PKI Policy is as follows: Computer Configuration (Enabled) > Windows Settings > Security Settings > Public Key Policies/Autoenrollment Settings > Enroll certificates automatically Enabled Renew expired certificates, update pending certificates, and remove revoked certificates Disabled Update certificates that use certificate templates Disabled Public Key Policies/Encrypting File System Allow users to encrypt files using Encrypting File System (EFS) Enabled Public Key Policies/Trusted Root Certification Authorities Allow users to select new root certification authorities (CAs) to trust Enabled Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only Certificates This lists the trusted certificates that each client must have to connect to the network I hope this is enough information as I couldn't extract anymore out of the GPO's. If you need anymore information please let me know. Phill Show quoteHide quote "Robert L. (MS-MVP)" wrote: > We need more information to help. What does the GPO do? Is local policy or > domain policy? > > -- > Bob Lin, MS-MVP, MCSE & CNE > Networking, Internet, Routing, VPN Troubleshooting on > http://www.ChicagoTech.net > How to Setup Windows, Network, VPN & Remote Access on > http://www.HowToNetworking.com > "SCL" <S**@discussions.microsoft.com> wrote in message > news:8B5CF67D-1646-4AB3-B0BF-30A4C9C62B9D@microsoft.com... > > Hello All > > > > I am having a strange and random problem with our wireless enabled > > machines. > > All of our wireless settings are controlled by a wireless gpo. All of our > > computers/laptops are Windows XP with SP2. Each client has KB893357-v2 > > and > > KB917021-v3 hotfixes applied. We are using Windows 2003 Standard servers > > with IAS and server specific certificates. > > > > We have a selection of machines for whatever reason that appear to be > > losing > > their GPO'd controlled settings, which then means they are not able to > > connect to the network! > > > > Has anyone experienced this problem before or can someone suggest anything > > that we could do to rectify the problem? > > > > Any help is appreciated. > > > > Phill > > Can the problematic computers connect to the wireless? If not, any errors in
the IAS event viewer? -- Show quoteHide quoteBob Lin, MS-MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com "SCL" <S**@discussions.microsoft.com> wrote in message news:122F6E59-35D8-4FEC-92C1-774C3F4F9908@microsoft.com... > Sorry for the long reply but below is the contents of the policies that we > are using. These policies are enforced on all machines and it is only a > small handful of machines that are having the problem. One day they are > working and the next they are not. > > We are using two policies for the wireless and I believe all are domain > policies. > > The first GPO we have called Wi-Fi3 WPA2. The settings for this are as > follows: > > Computer Configuration (Enabled) > Windows Settings > Wireless Network > > General > > Name Wi-Fi 3 WPA2 > Description Third POLICY > Check for policy changes every 180 minutes > Networks to access Access point (infrastructure) networks only > Use Windows to configure wireless network settings for clients > Enabled > Automatically connect to non-preferred networks Disabled > > The following settings have been made using Vista to amend the WiFi 3 WPA2 > policy as XP doesn't have a policy for WPA2. > > Global Settings > > Use Windows wireless LAN network services for clients Enabled > Allow user to view denied networks Enabled > Allow everyone to create all user profiles Enabled > > Network Filters > > Use Windows wireless LAN network services for clients Enabled > Allow user to view denied networks Enabled > Allow everyone to create all user profiles Enabled > > Preferred Network Profiles > OUR NETWORK NAME > Use Windows wireless LAN network services for clients Enabled > Allow user to view denied networks Enabled > Allow everyone to create all user profiles Enabled > > Security Settings > > Authentication WPA2 > Encryption AES > Use 802.1X Enabled > Pairwise Master Key (PMK) Caching Enabled > PMK Time-to-Live (minutes) 720 > Number of Entries in PMK Cache 128 > Use Network Pre-authentication Disabled > > IEEE 802.1X Settings > > Computer Authentication User re-authentication > Maximum EAPOL-Start Messages Sent 3 > Held Period (seconds) 1 > Start Period (seconds) 5 > Authentication Period (seconds) 18 > > The PKI Policy is as follows: > > Computer Configuration (Enabled) > Windows Settings > Security Settings > > Public Key Policies/Autoenrollment Settings > > Enroll certificates automatically Enabled > Renew expired certificates, update pending certificates, and > remove > revoked certificates Disabled > Update certificates that use certificate templates Disabled > > Public Key Policies/Encrypting File System > Allow users to encrypt files using Encrypting File System (EFS) > Enabled > > Public Key Policies/Trusted Root Certification Authorities > Allow users to select new root certification authorities (CAs) to > trust Enabled > Client computers can trust the following certificate stores > Third-Party Root Certification Authorities and Enterprise Root > Certification > Authorities > To perform certificate-based authentication of users and > computers, > CAs must meet the following criteria Registered in Active Directory only > > Certificates > This lists the trusted certificates that each client must have to connect > to > the network > > I hope this is enough information as I couldn't extract anymore out of the > GPO's. If you need anymore information please let me know. > > Phill > > "Robert L. (MS-MVP)" wrote: > >> We need more information to help. What does the GPO do? Is local policy >> or >> domain policy? >> >> -- >> Bob Lin, MS-MVP, MCSE & CNE >> Networking, Internet, Routing, VPN Troubleshooting on >> http://www.ChicagoTech.net >> How to Setup Windows, Network, VPN & Remote Access on >> http://www.HowToNetworking.com >> "SCL" <S**@discussions.microsoft.com> wrote in message >> news:8B5CF67D-1646-4AB3-B0BF-30A4C9C62B9D@microsoft.com... >> > Hello All >> > >> > I am having a strange and random problem with our wireless enabled >> > machines. >> > All of our wireless settings are controlled by a wireless gpo. All of >> > our >> > computers/laptops are Windows XP with SP2. Each client has KB893357-v2 >> > and >> > KB917021-v3 hotfixes applied. We are using Windows 2003 Standard >> > servers >> > with IAS and server specific certificates. >> > >> > We have a selection of machines for whatever reason that appear to be >> > losing >> > their GPO'd controlled settings, which then means they are not able to >> > connect to the network! >> > >> > Has anyone experienced this problem before or can someone suggest >> > anything >> > that we could do to rectify the problem? >> > >> > Any help is appreciated. >> > >> > Phill >> >> The problematic computers can connect when they have the GPO's, the problem
happens when the GPO's themselves seem to be removed from the machines for no reason. The stupidity of it is, the computers have been working for days/weeks/months without problem and then the user logs onto their machine and for whatever reason the machine doesn't receive/keep the GPO's that have been applied for the wireless. We know the machines have kept other GPO's for example we GPO the Windows Firewall and these machines still have the correct settings. Phill Show quoteHide quote "Robert L. (MS-MVP)" wrote: > Can the problematic computers connect to the wireless? If not, any errors in > the IAS event viewer? > > -- > Bob Lin, MS-MVP, MCSE & CNE > Networking, Internet, Routing, VPN Troubleshooting on > http://www.ChicagoTech.net > How to Setup Windows, Network, VPN & Remote Access on > http://www.HowToNetworking.com > "SCL" <S**@discussions.microsoft.com> wrote in message > news:122F6E59-35D8-4FEC-92C1-774C3F4F9908@microsoft.com... > > Sorry for the long reply but below is the contents of the policies that we > > are using. These policies are enforced on all machines and it is only a > > small handful of machines that are having the problem. One day they are > > working and the next they are not. > > > > We are using two policies for the wireless and I believe all are domain > > policies. > > > > The first GPO we have called Wi-Fi3 WPA2. The settings for this are as > > follows: > > > > Computer Configuration (Enabled) > Windows Settings > Wireless Network > > > General > > > Name Wi-Fi 3 WPA2 > > Description Third POLICY > > Check for policy changes every 180 minutes > > Networks to access Access point (infrastructure) networks only > > Use Windows to configure wireless network settings for clients > > Enabled > > Automatically connect to non-preferred networks Disabled > > > > The following settings have been made using Vista to amend the WiFi 3 WPA2 > > policy as XP doesn't have a policy for WPA2. > > > > Global Settings > > > Use Windows wireless LAN network services for clients Enabled > > Allow user to view denied networks Enabled > > Allow everyone to create all user profiles Enabled > > > > Network Filters > > > Use Windows wireless LAN network services for clients Enabled > > Allow user to view denied networks Enabled > > Allow everyone to create all user profiles Enabled > > > > Preferred Network Profiles > OUR NETWORK NAME > > Use Windows wireless LAN network services for clients Enabled > > Allow user to view denied networks Enabled > > Allow everyone to create all user profiles Enabled > > > > Security Settings > > > Authentication WPA2 > > Encryption AES > > Use 802.1X Enabled > > Pairwise Master Key (PMK) Caching Enabled > > PMK Time-to-Live (minutes) 720 > > Number of Entries in PMK Cache 128 > > Use Network Pre-authentication Disabled > > > > IEEE 802.1X Settings > > > Computer Authentication User re-authentication > > Maximum EAPOL-Start Messages Sent 3 > > Held Period (seconds) 1 > > Start Period (seconds) 5 > > Authentication Period (seconds) 18 > > > > The PKI Policy is as follows: > > > > Computer Configuration (Enabled) > Windows Settings > Security Settings > > > Public Key Policies/Autoenrollment Settings > > > Enroll certificates automatically Enabled > > Renew expired certificates, update pending certificates, and > > remove > > revoked certificates Disabled > > Update certificates that use certificate templates Disabled > > > > Public Key Policies/Encrypting File System > > Allow users to encrypt files using Encrypting File System (EFS) > > Enabled > > > > Public Key Policies/Trusted Root Certification Authorities > > Allow users to select new root certification authorities (CAs) to > > trust Enabled > > Client computers can trust the following certificate stores > > Third-Party Root Certification Authorities and Enterprise Root > > Certification > > Authorities > > To perform certificate-based authentication of users and > > computers, > > CAs must meet the following criteria Registered in Active Directory only > > > > Certificates > > This lists the trusted certificates that each client must have to connect > > to > > the network > > > > I hope this is enough information as I couldn't extract anymore out of the > > GPO's. If you need anymore information please let me know. > > > > Phill > > > > "Robert L. (MS-MVP)" wrote: > > > >> We need more information to help. What does the GPO do? Is local policy > >> or > >> domain policy? > >> > >> -- > >> Bob Lin, MS-MVP, MCSE & CNE > >> Networking, Internet, Routing, VPN Troubleshooting on > >> http://www.ChicagoTech.net > >> How to Setup Windows, Network, VPN & Remote Access on > >> http://www.HowToNetworking.com > >> "SCL" <S**@discussions.microsoft.com> wrote in message > >> news:8B5CF67D-1646-4AB3-B0BF-30A4C9C62B9D@microsoft.com... > >> > Hello All > >> > > >> > I am having a strange and random problem with our wireless enabled > >> > machines. > >> > All of our wireless settings are controlled by a wireless gpo. All of > >> > our > >> > computers/laptops are Windows XP with SP2. Each client has KB893357-v2 > >> > and > >> > KB917021-v3 hotfixes applied. We are using Windows 2003 Standard > >> > servers > >> > with IAS and server specific certificates. > >> > > >> > We have a selection of machines for whatever reason that appear to be > >> > losing > >> > their GPO'd controlled settings, which then means they are not able to > >> > connect to the network! > >> > > >> > Has anyone experienced this problem before or can someone suggest > >> > anything > >> > that we could do to rectify the problem? > >> > > >> > Any help is appreciated. > >> > > >> > Phill > >> > >> > > Forgot to mention there are no entries in the IAS logs when these computers
fail to connect due to no wireless settings. Show quoteHide quote "SCL" wrote: > The problematic computers can connect when they have the GPO's, the problem > happens when the GPO's themselves seem to be removed from the machines for no > reason. > > The stupidity of it is, the computers have been working for > days/weeks/months without problem and then the user logs onto their machine > and for whatever reason the machine doesn't receive/keep the GPO's that have > been applied for the wireless. > > We know the machines have kept other GPO's for example we GPO the Windows > Firewall and these machines still have the correct settings. > > Phill > > "Robert L. (MS-MVP)" wrote: > > > Can the problematic computers connect to the wireless? If not, any errors in > > the IAS event viewer? > > > > -- > > Bob Lin, MS-MVP, MCSE & CNE > > Networking, Internet, Routing, VPN Troubleshooting on > > http://www.ChicagoTech.net > > How to Setup Windows, Network, VPN & Remote Access on > > http://www.HowToNetworking.com > > "SCL" <S**@discussions.microsoft.com> wrote in message > > news:122F6E59-35D8-4FEC-92C1-774C3F4F9908@microsoft.com... > > > Sorry for the long reply but below is the contents of the policies that we > > > are using. These policies are enforced on all machines and it is only a > > > small handful of machines that are having the problem. One day they are > > > working and the next they are not. > > > > > > We are using two policies for the wireless and I believe all are domain > > > policies. > > > > > > The first GPO we have called Wi-Fi3 WPA2. The settings for this are as > > > follows: > > > > > > Computer Configuration (Enabled) > Windows Settings > Wireless Network > > > > General > > > > Name Wi-Fi 3 WPA2 > > > Description Third POLICY > > > Check for policy changes every 180 minutes > > > Networks to access Access point (infrastructure) networks only > > > Use Windows to configure wireless network settings for clients > > > Enabled > > > Automatically connect to non-preferred networks Disabled > > > > > > The following settings have been made using Vista to amend the WiFi 3 WPA2 > > > policy as XP doesn't have a policy for WPA2. > > > > > > Global Settings > > > > Use Windows wireless LAN network services for clients Enabled > > > Allow user to view denied networks Enabled > > > Allow everyone to create all user profiles Enabled > > > > > > Network Filters > > > > Use Windows wireless LAN network services for clients Enabled > > > Allow user to view denied networks Enabled > > > Allow everyone to create all user profiles Enabled > > > > > > Preferred Network Profiles > OUR NETWORK NAME > > > Use Windows wireless LAN network services for clients Enabled > > > Allow user to view denied networks Enabled > > > Allow everyone to create all user profiles Enabled > > > > > > Security Settings > > > > Authentication WPA2 > > > Encryption AES > > > Use 802.1X Enabled > > > Pairwise Master Key (PMK) Caching Enabled > > > PMK Time-to-Live (minutes) 720 > > > Number of Entries in PMK Cache 128 > > > Use Network Pre-authentication Disabled > > > > > > IEEE 802.1X Settings > > > > Computer Authentication User re-authentication > > > Maximum EAPOL-Start Messages Sent 3 > > > Held Period (seconds) 1 > > > Start Period (seconds) 5 > > > Authentication Period (seconds) 18 > > > > > > The PKI Policy is as follows: > > > > > > Computer Configuration (Enabled) > Windows Settings > Security Settings > > > > Public Key Policies/Autoenrollment Settings > > > > Enroll certificates automatically Enabled > > > Renew expired certificates, update pending certificates, and > > > remove > > > revoked certificates Disabled > > > Update certificates that use certificate templates Disabled > > > > > > Public Key Policies/Encrypting File System > > > Allow users to encrypt files using Encrypting File System (EFS) > > > Enabled > > > > > > Public Key Policies/Trusted Root Certification Authorities > > > Allow users to select new root certification authorities (CAs) to > > > trust Enabled > > > Client computers can trust the following certificate stores > > > Third-Party Root Certification Authorities and Enterprise Root > > > Certification > > > Authorities > > > To perform certificate-based authentication of users and > > > computers, > > > CAs must meet the following criteria Registered in Active Directory only > > > > > > Certificates > > > This lists the trusted certificates that each client must have to connect > > > to > > > the network > > > > > > I hope this is enough information as I couldn't extract anymore out of the > > > GPO's. If you need anymore information please let me know. > > > > > > Phill > > > > > > "Robert L. (MS-MVP)" wrote: > > > > > >> We need more information to help. What does the GPO do? Is local policy > > >> or > > >> domain policy? > > >> > > >> -- > > >> Bob Lin, MS-MVP, MCSE & CNE > > >> Networking, Internet, Routing, VPN Troubleshooting on > > >> http://www.ChicagoTech.net > > >> How to Setup Windows, Network, VPN & Remote Access on > > >> http://www.HowToNetworking.com > > >> "SCL" <S**@discussions.microsoft.com> wrote in message > > >> news:8B5CF67D-1646-4AB3-B0BF-30A4C9C62B9D@microsoft.com... > > >> > Hello All > > >> > > > >> > I am having a strange and random problem with our wireless enabled > > >> > machines. > > >> > All of our wireless settings are controlled by a wireless gpo. All of > > >> > our > > >> > computers/laptops are Windows XP with SP2. Each client has KB893357-v2 > > >> > and > > >> > KB917021-v3 hotfixes applied. We are using Windows 2003 Standard > > >> > servers > > >> > with IAS and server specific certificates. > > >> > > > >> > We have a selection of machines for whatever reason that appear to be > > >> > losing > > >> > their GPO'd controlled settings, which then means they are not able to > > >> > connect to the network! > > >> > > > >> > Has anyone experienced this problem before or can someone suggest > > >> > anything > > >> > that we could do to rectify the problem? > > >> > > > >> > Any help is appreciated. > > >> > > > >> > Phill > > >> > > >> > > > > 
Other interesting topics
Yet another WPA2 question
Printers No Longer Accessible On Wireless Network certificate required to connect to (working) NetGear1 router. Issue Resolved! Thanks Vista machine consuming most of internet connectivity Everytime I start my computer I have to repair my internet connec Re: creating a wifi zone in my house Laptop issues connecting with NIC and Wireless No access - can't find path Wireless Drops Internet - Network Still Works |
|||||||||||||||||||||||
