G
Guest
I have an SBS 2003 server and a Server 2003 member server set up using RADIUS
authentication and WPA2 encryption. From my laptop, I can connect using the
Intel PROSet Wireless Utility, but not the Windows Wireless Utility. Btw,
my laptop is not joined to the domain so it’s only using a user based
certificate.
I have two questions:
1 What do I need to do to get the Windows Utility to connect?
2 If I get randomly disconnected, and quite often using the Intel software
would I be right in suspecting the cause may be my access point not fully
supporting the WPA2 + RADIUS configuration? My servers aren't logging
anything regarding the disconnects.
I have included my complete Wireless Setup so hopefully this will help
pinpoint the issue.
My IAS log looks like this:
192.168.16.177,LRG\ryanv,10/10/2006,13:18:29,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 308,4132,Secured password
(EAP-MSCHAP v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:18:29,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 308,4132,Secured password
(EAP-MSCHAP
v2),4127,11,8100,1,4108,192.168.16.177,4116,0,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4155,1,4154,Use Windows authentication for all
users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4136,2,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:18:55,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 312,4132,Secured password
(EAP-MSCHAP v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:18:55,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 312,4132,Secured password
(EAP-MSCHAP
v2),4127,11,8100,1,4108,192.168.16.177,4116,0,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4155,1,4154,Use Windows authentication for all
users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4136,2,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:20:30,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 316,4132,Secured password
(EAP-MSCHAP v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:20:30,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 316,4132,Secured password
(EAP-MSCHAP
v2),4127,11,8100,1,4108,192.168.16.177,4116,0,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4155,1,4154,Use Windows authentication for all
users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4136,2,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:20:45,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 327,4132,Secured password
(EAP-MSCHAP v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:20:45,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 327,4132,Secured password
(EAP-MSCHAP v2),4127,11,8100,0,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan Vaillancourt,4120,0x014C52,4136,2,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:21:50,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 331,4132,Secured password
(EAP-MSCHAP v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:21:50,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 331,4132,Secured password
(EAP-MSCHAP
v2),4127,11,8100,1,4108,192.168.16.177,4116,0,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4155,1,4154,Use Windows authentication for all
users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4136,2,4142,0
My setup is as follows:
SMALL BUSINESS SERVER:
STEP #1 Install Certificate Services
On the SBS server, use the Windows add/remove components tool to install
Certificate Services
On the CA Type page, select Enterprise Root CA and then click next
On the CA Indentifying Information page, type Lloyd Research Group
Enterprise Root CA
Accept the default storage location for the Root CA
STEP #2 Install Domain Controller Certificate
On the SBS server, go to Start > Run, then type mmc
In the management console, go to File > Add/Remove Snap-in
Add Certificates and select Computer Account
In the Certificates console, expand Local Computer, then right-click
Personal and select Request New Certificate
On the Certificate Types page, select Domain Controller and click next
On the Certificate Friendly Name and Description Page, type the name of the
server and finish installing the certificate
STEP #3 Create Temporary ISA Access Rule
In the ISA Management Console, right-click SBS Protected Networks Access
Rule and select Configure RPC Protocol
Uncheck Enforce strict RPC compliance and then click OK
Right-click Firewall Policy and select New Access Rule (ISA blocks
certificate requests to a temporary rule is needed to let the traffic through)
Configure a new rule as follows:
Name: Temporary Allow All Traffic Rule (for troubleshooting)
Action: Allow
Protocols: All Outbound Traffic
From: All Networks (and Local Host)
To: All Networks (and Local Host)
Users: All Users
Schedule: Always
Content Types: All Content Types
Now apply the changes so the rule is enabled
RADIUS SERVER
STEP #1 Install Certificates to the RADIUS Server
IAS must be installed on a separate server if VPN access is needed on the
SBS server. Otherwise, RADIUS requests will fail.
On the IAS/RADIUS server, go to Start > Run, then type mmc
In the management console, go to File > Add/Remove Snap-in
Add Certificates and select Computer Account.
Add the Certificates snap-in again but this time for My User Account
In the Certificates console, expand Local Computer, then right-click
Personal and select Request New Certificate
On the Certificate Friendly Name and Description Page, type the name of the
server and finish installing the certificate
Expand Current User, then right-click Personal and select Request New
Certificate
On the Certificate Friendly Name and Description Page, type the name of the
user and finish installing the certificate
STEP #2
Go back to the SBS server and disable the Allow all traffic rule in the ISA
Management Console
STEP #3 Install and configure IAS
On the RADIUS server, use the Windows add/remove components tool to install
IAS
STEP #4 Configure RADIUS Client
Once IAS is installed open the Internet Authentication Service console from
the Administrative Tools menu
Right-click the Internet Authentication Service and select Register Server
in Active Directory
Follow the steps to register the RADIUS server
Right-click RADIUS Clients and select New RADIUS Client
Configure the Client as follows:
Friendly Name: D-Link DI-524
Address: 192.168.16.177
Client-Vendor: RADIUS Standard
Check Request must contain the Message Authenticator attribute
Shared Secret: <Enter a complex password>
STEP #5 Configure Wireless Policy
In the Internet Authentication Service console, right-click Remote Access
Policies and select New Remote Access Policy
Name the policy Wireless WPA2 PEAP Policy
On the Access Method page, select Wireless
Add Domain Admin, Domain Users, and Mobile Users to the Policy
On the Authentication Methods page, select Protected EAP (PEAP) and click
configure
The certificate issues should be <servername>.LRG.local
Check off Enable Fast Reconnect and finish creating the policy
Double-Click on the new policy and click Edit Profile
On the Authentication tab, click EAP Methods
Click Add and select Smart Card or other certificate and move it to the top
of the EAP types list. Then click OK. (This is created in for use with
domain computers with both user and computer certificates)
On the Encryption Tab, Only leave Strongest Encryption (MPPE 128 bit) checked
Click OK twice to apply the policy
ACCESS POINT
Setup the D-Link router as follows:
SSID: Lloyd Research Group
Channel: Auto Select
Mode Setting: G Mode
SSID Broadcast: Enabled
Security: WPA2
PSK/EAP: EAP
RADIUS Server 1: <IP of IAS server>
Port: 1812
Shared Secret: <same secret as in IAS RADIUS Client configuration>
WIRELESS CLIENT
STEP #1 Install User Certificate
Request user cert by navigating to http://lrgi-marlin/certsrv in Internet
Explorer
Click Request a certificate
Click User Certificate
Click Submit and install the User Certificate to the client computer
STEP #2 Configure Wireless Connection Profile
Settings in Intel PROSet connection Profile:
Mode: Enterprise Security
Network Authentication: WPA2-Enterprise
Data Encryption: AES-COMP
Authentication Type: PEAP
Authentication Protocol: MS-CHAP-V2
Domain: lrg
Roaming Identity: LRG\username
Check Validate Server Credentials under PEAP Server section
Certificate Issuer: Lloyd Research Group Enterprise Root CA
The Windows Wireless Utility Profile I am testing is configured as follows:
Network Name: Lloyd Research Group
Network Authentication: WPA2
Data Encryption: AES
EAP Type: Protected EAP (PEAP)
Authenticate as computer when computer information is available is unchecked
Authenticate as guest when user or computer information is unavailable is
unchecked
Validate Server Certificate is unchecked
Authentication Method: Secured password (EAP-MSCHAP v2)
Enable Fast Reconnect is checked
Automatically use my Windows logon name and password is unchecked (Since my
laptop isn’t joined to the domain, I want to be prompted for a username and
password)
So... any ideas?
authentication and WPA2 encryption. From my laptop, I can connect using the
Intel PROSet Wireless Utility, but not the Windows Wireless Utility. Btw,
my laptop is not joined to the domain so it’s only using a user based
certificate.
I have two questions:
1 What do I need to do to get the Windows Utility to connect?
2 If I get randomly disconnected, and quite often using the Intel software
would I be right in suspecting the cause may be my access point not fully
supporting the WPA2 + RADIUS configuration? My servers aren't logging
anything regarding the disconnects.
I have included my complete Wireless Setup so hopefully this will help
pinpoint the issue.
My IAS log looks like this:
192.168.16.177,LRG\ryanv,10/10/2006,13:18:29,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 308,4132,Secured password
(EAP-MSCHAP v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:18:29,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 308,4132,Secured password
(EAP-MSCHAP
v2),4127,11,8100,1,4108,192.168.16.177,4116,0,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4155,1,4154,Use Windows authentication for all
users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4136,2,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:18:55,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 312,4132,Secured password
(EAP-MSCHAP v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:18:55,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 312,4132,Secured password
(EAP-MSCHAP
v2),4127,11,8100,1,4108,192.168.16.177,4116,0,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4155,1,4154,Use Windows authentication for all
users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4136,2,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:20:30,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 316,4132,Secured password
(EAP-MSCHAP v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:20:30,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 316,4132,Secured password
(EAP-MSCHAP
v2),4127,11,8100,1,4108,192.168.16.177,4116,0,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4155,1,4154,Use Windows authentication for all
users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4136,2,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:20:45,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 327,4132,Secured password
(EAP-MSCHAP v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:20:45,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 327,4132,Secured password
(EAP-MSCHAP v2),4127,11,8100,0,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan Vaillancourt,4120,0x014C52,4136,2,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:21:50,IAS,PIRANHA,4128,D-Link
DI-524,4,192.168.16.177,5,0,30,00-11-95-75-ac-02,31,00-12-f0-4b-ff-22,32,DI-524,12,1380,61,19,4108,192.168.16.177,4116,0,4155,1,4154,Use
Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,25,311 1 192.168.17.111 10/10/2006 15:16:36 331,4132,Secured password
(EAP-MSCHAP v2),4127,11,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4136,1,4142,0
192.168.16.177,LRG\ryanv,10/10/2006,13:21:50,IAS,PIRANHA,4128,D-Link
DI-524,25,311 1 192.168.17.111 10/10/2006 15:16:36 331,4132,Secured password
(EAP-MSCHAP
v2),4127,11,8100,1,4108,192.168.16.177,4116,0,4130,LRG.local/MyBusiness/Users/SBSUsers/Ryan
Vaillancourt,4155,1,4154,Use Windows authentication for all
users,4129,LRG\ryanv,4149,Wireless WPA2 PEAP
Policy,6,2,4294967207,2,4294967206,4,4136,2,4142,0
My setup is as follows:
SMALL BUSINESS SERVER:
STEP #1 Install Certificate Services
On the SBS server, use the Windows add/remove components tool to install
Certificate Services
On the CA Type page, select Enterprise Root CA and then click next
On the CA Indentifying Information page, type Lloyd Research Group
Enterprise Root CA
Accept the default storage location for the Root CA
STEP #2 Install Domain Controller Certificate
On the SBS server, go to Start > Run, then type mmc
In the management console, go to File > Add/Remove Snap-in
Add Certificates and select Computer Account
In the Certificates console, expand Local Computer, then right-click
Personal and select Request New Certificate
On the Certificate Types page, select Domain Controller and click next
On the Certificate Friendly Name and Description Page, type the name of the
server and finish installing the certificate
STEP #3 Create Temporary ISA Access Rule
In the ISA Management Console, right-click SBS Protected Networks Access
Rule and select Configure RPC Protocol
Uncheck Enforce strict RPC compliance and then click OK
Right-click Firewall Policy and select New Access Rule (ISA blocks
certificate requests to a temporary rule is needed to let the traffic through)
Configure a new rule as follows:
Name: Temporary Allow All Traffic Rule (for troubleshooting)
Action: Allow
Protocols: All Outbound Traffic
From: All Networks (and Local Host)
To: All Networks (and Local Host)
Users: All Users
Schedule: Always
Content Types: All Content Types
Now apply the changes so the rule is enabled
RADIUS SERVER
STEP #1 Install Certificates to the RADIUS Server
IAS must be installed on a separate server if VPN access is needed on the
SBS server. Otherwise, RADIUS requests will fail.
On the IAS/RADIUS server, go to Start > Run, then type mmc
In the management console, go to File > Add/Remove Snap-in
Add Certificates and select Computer Account.
Add the Certificates snap-in again but this time for My User Account
In the Certificates console, expand Local Computer, then right-click
Personal and select Request New Certificate
On the Certificate Friendly Name and Description Page, type the name of the
server and finish installing the certificate
Expand Current User, then right-click Personal and select Request New
Certificate
On the Certificate Friendly Name and Description Page, type the name of the
user and finish installing the certificate
STEP #2
Go back to the SBS server and disable the Allow all traffic rule in the ISA
Management Console
STEP #3 Install and configure IAS
On the RADIUS server, use the Windows add/remove components tool to install
IAS
STEP #4 Configure RADIUS Client
Once IAS is installed open the Internet Authentication Service console from
the Administrative Tools menu
Right-click the Internet Authentication Service and select Register Server
in Active Directory
Follow the steps to register the RADIUS server
Right-click RADIUS Clients and select New RADIUS Client
Configure the Client as follows:
Friendly Name: D-Link DI-524
Address: 192.168.16.177
Client-Vendor: RADIUS Standard
Check Request must contain the Message Authenticator attribute
Shared Secret: <Enter a complex password>
STEP #5 Configure Wireless Policy
In the Internet Authentication Service console, right-click Remote Access
Policies and select New Remote Access Policy
Name the policy Wireless WPA2 PEAP Policy
On the Access Method page, select Wireless
Add Domain Admin, Domain Users, and Mobile Users to the Policy
On the Authentication Methods page, select Protected EAP (PEAP) and click
configure
The certificate issues should be <servername>.LRG.local
Check off Enable Fast Reconnect and finish creating the policy
Double-Click on the new policy and click Edit Profile
On the Authentication tab, click EAP Methods
Click Add and select Smart Card or other certificate and move it to the top
of the EAP types list. Then click OK. (This is created in for use with
domain computers with both user and computer certificates)
On the Encryption Tab, Only leave Strongest Encryption (MPPE 128 bit) checked
Click OK twice to apply the policy
ACCESS POINT
Setup the D-Link router as follows:
SSID: Lloyd Research Group
Channel: Auto Select
Mode Setting: G Mode
SSID Broadcast: Enabled
Security: WPA2
PSK/EAP: EAP
RADIUS Server 1: <IP of IAS server>
Port: 1812
Shared Secret: <same secret as in IAS RADIUS Client configuration>
WIRELESS CLIENT
STEP #1 Install User Certificate
Request user cert by navigating to http://lrgi-marlin/certsrv in Internet
Explorer
Click Request a certificate
Click User Certificate
Click Submit and install the User Certificate to the client computer
STEP #2 Configure Wireless Connection Profile
Settings in Intel PROSet connection Profile:
Mode: Enterprise Security
Network Authentication: WPA2-Enterprise
Data Encryption: AES-COMP
Authentication Type: PEAP
Authentication Protocol: MS-CHAP-V2
Domain: lrg
Roaming Identity: LRG\username
Check Validate Server Credentials under PEAP Server section
Certificate Issuer: Lloyd Research Group Enterprise Root CA
The Windows Wireless Utility Profile I am testing is configured as follows:
Network Name: Lloyd Research Group
Network Authentication: WPA2
Data Encryption: AES
EAP Type: Protected EAP (PEAP)
Authenticate as computer when computer information is available is unchecked
Authenticate as guest when user or computer information is unavailable is
unchecked
Validate Server Certificate is unchecked
Authentication Method: Secured password (EAP-MSCHAP v2)
Enable Fast Reconnect is checked
Automatically use my Windows logon name and password is unchecked (Since my
laptop isn’t joined to the domain, I want to be prompted for a username and
password)
So... any ideas?