0

First time posting here, although I've found many helpful answers on the various StackExchange sites over time.

My current problem is that I cannot get WLAN prelogon to work on wireless laptops, no matter what I do. If the user logs on once using a wired connection, Windows will cache their credentials and let them log on after that with no problems, but if they haven't logged onto a particular laptop, or if the cached credentials expire, then the logon doesn't work.

I've set up the WLAN Prelogon registry key, and I've added the selected WLAN profile via a group policy. Domain controller certificates are, likewise, pushed down to the system via a group policy.

I've got a Windows 2012 R2 AD domain that all the laptops are members of. Wifi network is Ubiquiti UniFi using RADIUS back to the domain for wifi authentication. Laptops are a mix of Dell models, but most are running Windows 7 (I know) or Windows 10.

I've honestly been beating my head against this on and off for months and can't find the problem. I've searched for solutions but every one I find lists steps I've already taken. If anyone has suggestions on steps to take to isolate the cause of the problem, or if anyone has run into the same problem before, I'd appreciate any guidance.

Thorkull
  • 11
  • 3
  • 2
    Make sure that the the machines are joined to the domain and that you allow machine authentications on your RADIUS server. On the client side, make sure that use Windows logon and use single sign-on are enabled in the wireless profile. Windows will use machine authentication prelogin and switch to the user login after they authenticate to the domain. – YLearn Oct 20 '17 at 21:28
  • Ok, the machine login is not something I'd looked at. I'll check it out later when I get the chance. All the machines are on the domain and are set to use Windows logon and SSO, forgot to mention that. – Thorkull Oct 21 '17 at 14:04

1 Answers1

-1

Sounds to me like working as intended. Just have the user hardwire in, log in. then do what is needed.

L3XT3CH
  • 11
  • 3
  • That's not how WLAN Prelogon is supposed to work. It's supposed to log you onto the WLAN before AD auth happens so that you can auth via AD. This is not logging you onto the WLAN so no AD auth can happen (unless your credentials are already cached locally, which defeats the purpose of having WLAN Prelogon enabled). – Thorkull Oct 20 '17 at 21:23
  • I cant speak for anyone else including you but I have never logged a system on to a corporate wireless without first logging in at some point into a "wired' connection. Not saying it cannot be done only that I have never done / seen it. – L3XT3CH Oct 23 '17 at 12:55