GP Logon Script Fails on Wireless XP Clients

[James]

For some reason wireless XP clients are not running an OU
GP. I am using 802.1x and IAS to authenticate the
clients. According to Application Log and RSOP they are
failing with the following error:

Windows cannot obtain the domain controller name for your
computer network. (The specified domain either does not
exist or could not be contacted. ). Group Policy
processing aborted.

It seems that there is a timing problem between
authenticating via 802.1x and executing the GP. When I
disable wireless and used a wired connectection the GP
works fine.

Is there a way to delay the GP from executing until the
802.1x authentication is complete?

 

[Mark Renoden [MSFT]]

Hi James

Are you referring to computer configuration settings or user configuration
settings in this case?

What options do you have set on the Authentication Tab of the properties for
the wireless interface?

You could try Computer Configuration -> Administrative Templates ->
System -> Logon -> Always wait for the network at computer startup and
logon.
(this setting probably requires you to logon once with a wired connection
before it'll take in wireless).

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[James]

I am referring to Logon script under User Configuration.
I am using PEAP for wireless authentication, with IAS and
internal certificates. I moved the script from logon to
logoff and it runs on the wireless clients when they
logoff. The script also runs with a wired connection.

I am looking for the setting you mentioned, however I do
not see it listed. Under Computer Config->Admin Temps-

System->Logon I see the following:

Run logon scripts synchronously
Run startup scripts asynchronously
Run startup scripts visible
Run shutdown scripts visible
Maximum wait time for Group Policy scripts
Delete cached copies of roaming profiles
Do not detect slow network connections
Slow network connection timeout for user profiles
Wait for remote user profile
Prompt user when slow link is detected
Timeout for dialog boxes
Log users off when roaming profile fails
Maximum retries to unload and update user profile
Add the Administrators security group to roaming user
profiles
Do not check for user ownership of Roaming Profile Folders
Only allow local user profiles

Any idea why I would be missing the setting you are
referring to?

-----Original Message-----
Hi James

Are you referring to computer configuration settings or user configuration
settings in this case?

What options do you have set on the Authentication Tab of the properties for
the wireless interface?

You could try Computer Configuration -> Administrative Templates ->
System -> Logon -> Always wait for the network at computer startup and
logon.
(this setting probably requires you to logon once with a wired connection
before it'll take in wireless).

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

For some reason wireless XP clients are not running an OU
GP. I am using 802.1x and IAS to authenticate the
clients. According to Application Log and RSOP they are
failing with the following error:

Windows cannot obtain the domain controller name for your
computer network. (The specified domain either does not
exist or could not be contacted. ). Group Policy
processing aborted.

It seems that there is a timing problem between
authenticating via 802.1x and executing the GP. When I
disable wireless and used a wired connectection the GP
works fine.

Is there a way to delay the GP from executing until the
802.1x authentication is complete?

.

 

[Mark Renoden [MSFT]]

Hi James

I forgot that this is a Windows XP only setting. Windows 2000 waits for the
network anyway. Do you have "Authenticate as computer when computer
information is available" set? I'm wondering if this has something to do
with credentials changing over at logon.

You could try taking a network trace to see what's going on.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

I am referring to Logon script under User Configuration.
I am using PEAP for wireless authentication, with IAS and
internal certificates. I moved the script from logon to
logoff and it runs on the wireless clients when they
logoff. The script also runs with a wired connection.

I am looking for the setting you mentioned, however I do
not see it listed. Under Computer Config->Admin Temps-

System->Logon I see the following:

Run logon scripts synchronously
Run startup scripts asynchronously
Run startup scripts visible
Run shutdown scripts visible
Maximum wait time for Group Policy scripts
Delete cached copies of roaming profiles
Do not detect slow network connections
Slow network connection timeout for user profiles
Wait for remote user profile
Prompt user when slow link is detected
Timeout for dialog boxes
Log users off when roaming profile fails
Maximum retries to unload and update user profile
Add the Administrators security group to roaming user
profiles
Do not check for user ownership of Roaming Profile Folders
Only allow local user profiles

Any idea why I would be missing the setting you are
referring to?

-----Original Message-----
Hi James

Are you referring to computer configuration settings or user configuration
settings in this case?

What options do you have set on the Authentication Tab of the properties for
the wireless interface?

You could try Computer Configuration -> Administrative Templates ->
System -> Logon -> Always wait for the network at computer startup and
logon.
(this setting probably requires you to logon once with a wired connection
before it'll take in wireless).

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

For some reason wireless XP clients are not running an OU
GP. I am using 802.1x and IAS to authenticate the
clients. According to Application Log and RSOP they are
failing with the following error:

Windows cannot obtain the domain controller name for your
computer network. (The specified domain either does not
exist or could not be contacted. ). Group Policy
processing aborted.

It seems that there is a timing problem between
authenticating via 802.1x and executing the GP. When I
disable wireless and used a wired connectection the GP
works fine.

Is there a way to delay the GP from executing until the
802.1x authentication is complete?

.