Sign in with
Sign up | Sign in
Your question

GP Logon Script Fails on Wireless XP Clients

Last response: in Windows 2000/NT
Share
July 15, 2004 5:09:05 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

For some reason wireless XP clients are not running an OU
GP. I am using 802.1x and IAS to authenticate the
clients. According to Application Log and RSOP they are
failing with the following error:

Windows cannot obtain the domain controller name for your
computer network. (The specified domain either does not
exist or could not be contacted. ). Group Policy
processing aborted.

It seems that there is a timing problem between
authenticating via 802.1x and executing the GP. When I
disable wireless and used a wired connectection the GP
works fine.

Is there a way to delay the GP from executing until the
802.1x authentication is complete?
Anonymous
a b F Wireless
July 16, 2004 6:19:07 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi James

Are you referring to computer configuration settings or user configuration
settings in this case?

What options do you have set on the Authentication Tab of the properties for
the wireless interface?

You could try Computer Configuration -> Administrative Templates ->
System -> Logon -> Always wait for the network at computer startup and
logon.
(this setting probably requires you to logon once with a wired connection
before it'll take in wireless).

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.



"James" <anonymous@discussions.microsoft.com> wrote in message
news:2de7501c46aa7$947ba3b0$a501280a@phx.gbl...
> For some reason wireless XP clients are not running an OU
> GP. I am using 802.1x and IAS to authenticate the
> clients. According to Application Log and RSOP they are
> failing with the following error:
>
> Windows cannot obtain the domain controller name for your
> computer network. (The specified domain either does not
> exist or could not be contacted. ). Group Policy
> processing aborted.
>
> It seems that there is a timing problem between
> authenticating via 802.1x and executing the GP. When I
> disable wireless and used a wired connectection the GP
> works fine.
>
> Is there a way to delay the GP from executing until the
> 802.1x authentication is complete?
July 16, 2004 6:19:08 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I am referring to Logon script under User Configuration.
I am using PEAP for wireless authentication, with IAS and
internal certificates. I moved the script from logon to
logoff and it runs on the wireless clients when they
logoff. The script also runs with a wired connection.

I am looking for the setting you mentioned, however I do
not see it listed. Under Computer Config->Admin Temps-
>System->Logon I see the following:
Run logon scripts synchronously
Run startup scripts asynchronously
Run startup scripts visible
Run shutdown scripts visible
Maximum wait time for Group Policy scripts
Delete cached copies of roaming profiles
Do not detect slow network connections
Slow network connection timeout for user profiles
Wait for remote user profile
Prompt user when slow link is detected
Timeout for dialog boxes
Log users off when roaming profile fails
Maximum retries to unload and update user profile
Add the Administrators security group to roaming user
profiles
Do not check for user ownership of Roaming Profile Folders
Only allow local user profiles

Any idea why I would be missing the setting you are
referring to?

>-----Original Message-----
>Hi James
>
>Are you referring to computer configuration settings or
user configuration
>settings in this case?
>
>What options do you have set on the Authentication Tab
of the properties for
>the wireless interface?
>
>You could try Computer Configuration -> Administrative
Templates ->
>System -> Logon -> Always wait for the network at
computer startup and
>logon.
> (this setting probably requires you to logon once with
a wired connection
>before it'll take in wireless).
>
>Kind regards
>--
>Mark Renoden [MSFT]
>Windows Platform Support Team
>Email: markreno@online.microsoft.com
>
>Please note you'll need to strip ".online" from my email
address to email
>me; I'll post a response back to the group.
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>
>"James" <anonymous@discussions.microsoft.com> wrote in
message
>news:2de7501c46aa7$947ba3b0$a501280a@phx.gbl...
>> For some reason wireless XP clients are not running an
OU
>> GP. I am using 802.1x and IAS to authenticate the
>> clients. According to Application Log and RSOP they are
>> failing with the following error:
>>
>> Windows cannot obtain the domain controller name for
your
>> computer network. (The specified domain either does not
>> exist or could not be contacted. ). Group Policy
>> processing aborted.
>>
>> It seems that there is a timing problem between
>> authenticating via 802.1x and executing the GP. When I
>> disable wireless and used a wired connectection the GP
>> works fine.
>>
>> Is there a way to delay the GP from executing until the
>> 802.1x authentication is complete?
>
>
>.
>
Anonymous
a b F Wireless
July 19, 2004 12:41:31 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi James

I forgot that this is a Windows XP only setting. Windows 2000 waits for the
network anyway. Do you have "Authenticate as computer when computer
information is available" set? I'm wondering if this has something to do
with credentials changing over at logon.

You could try taking a network trace to see what's going on.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.



"James" <anonymous@discussions.microsoft.com> wrote in message
news:2ed9f01c46b5e$6f578100$a301280a@phx.gbl...
>I am referring to Logon script under User Configuration.
> I am using PEAP for wireless authentication, with IAS and
> internal certificates. I moved the script from logon to
> logoff and it runs on the wireless clients when they
> logoff. The script also runs with a wired connection.
>
> I am looking for the setting you mentioned, however I do
> not see it listed. Under Computer Config->Admin Temps-
>>System->Logon I see the following:
> Run logon scripts synchronously
> Run startup scripts asynchronously
> Run startup scripts visible
> Run shutdown scripts visible
> Maximum wait time for Group Policy scripts
> Delete cached copies of roaming profiles
> Do not detect slow network connections
> Slow network connection timeout for user profiles
> Wait for remote user profile
> Prompt user when slow link is detected
> Timeout for dialog boxes
> Log users off when roaming profile fails
> Maximum retries to unload and update user profile
> Add the Administrators security group to roaming user
> profiles
> Do not check for user ownership of Roaming Profile Folders
> Only allow local user profiles
>
> Any idea why I would be missing the setting you are
> referring to?
>
>>-----Original Message-----
>>Hi James
>>
>>Are you referring to computer configuration settings or
> user configuration
>>settings in this case?
>>
>>What options do you have set on the Authentication Tab
> of the properties for
>>the wireless interface?
>>
>>You could try Computer Configuration -> Administrative
> Templates ->
>>System -> Logon -> Always wait for the network at
> computer startup and
>>logon.
>> (this setting probably requires you to logon once with
> a wired connection
>>before it'll take in wireless).
>>
>>Kind regards
>>--
>>Mark Renoden [MSFT]
>>Windows Platform Support Team
>>Email: markreno@online.microsoft.com
>>
>>Please note you'll need to strip ".online" from my email
> address to email
>>me; I'll post a response back to the group.
>>
>>This posting is provided "AS IS" with no warranties, and
> confers no rights.
>>
>>
>>
>>"James" <anonymous@discussions.microsoft.com> wrote in
> message
>>news:2de7501c46aa7$947ba3b0$a501280a@phx.gbl...
>>> For some reason wireless XP clients are not running an
> OU
>>> GP. I am using 802.1x and IAS to authenticate the
>>> clients. According to Application Log and RSOP they are
>>> failing with the following error:
>>>
>>> Windows cannot obtain the domain controller name for
> your
>>> computer network. (The specified domain either does not
>>> exist or could not be contacted. ). Group Policy
>>> processing aborted.
>>>
>>> It seems that there is a timing problem between
>>> authenticating via 802.1x and executing the GP. When I
>>> disable wireless and used a wired connectection the GP
>>> works fine.
>>>
>>> Is there a way to delay the GP from executing until the
>>> 802.1x authentication is complete?
>>
>>
>>.
>>
!