none
Surface Pro Wifi only and domain login

    Question

  • We are testing a new surface pro.  How do they expect people to put these on a domain when you have protected wifi using radius authentication (not 802.x)  I logged into the surface with a local user account and connected to wifi and joined the pc to the domain then rebooted, and when we try to log on we get no logon servers avaliable.  It would also be nice if we could buy a truck load of these and use 2012 direct access, but they are not running enterprise edition so that won't work.  I really don't understand why MS makes people have enterprise edition to use direct access.  It could launch sales of these devices if it was builtin.  thoughts on wifi logins?
    Monday, February 18, 2013 4:46 PM

Answers

  • The WiFi authentication appears to be at the user level. That's why your system does not have a connection to the domain network currently. If you logon to the system once while connected with an ethernet cable, you will be authenticated with cached credentials. Then the system will connect to the wifi network.

    Ray - Author of Windows 7 for XP Professionals

    Monday, February 18, 2013 11:34 PM

All replies

  • The WiFi authentication appears to be at the user level. That's why your system does not have a connection to the domain network currently. If you logon to the system once while connected with an ethernet cable, you will be authenticated with cached credentials. Then the system will connect to the wifi network.

    Ray - Author of Windows 7 for XP Professionals

    Monday, February 18, 2013 11:34 PM
  • I've had a similar experience where we push out our wireless profiles to all clients and utilize radius.  The surface pro has been domain joined using a network USB dongle and i can see the policy (seems on 8 MS made it terribly difficult to see the wireless profiles) through a command line but it will not connect.  I've read that it's something to do with the wireless card maker and not supporting Cisco or PEAP but I'm not sure just yet.

    I'd love to hear if anyone else gets these on a domain with radius involved.

    Friday, February 22, 2013 8:26 PM
  • I just tried this and it worked flawless.  A few step but pretty easy

    log in as local admin

    go to group policy and enable run as another user

    run a program as the user you want to log in as

    log off

    log on as domain user

    • Proposed as answer by SkyWave IT Thursday, March 07, 2013 6:46 PM
    Monday, March 04, 2013 9:59 PM
  • Thank you!

    http://www.howtogeek.com/114708/how-to-run-windows-8-apps-as-a-different-user-from-the-start-screen/

    For a detailed procedure.

    Thursday, March 07, 2013 6:50 PM
  • This is a problem with 802.1x authentication as well. Login using cached credentials before 802.1x wifi connection allows login, but prevents user login scripts from running. Not a good solution for domain-joined tablets in a secure network environment.
    Thursday, March 21, 2013 7:46 PM
  • I was able to take my Surface Pro to work and login with my Microsoft account, join it to the domain, and then when I tried to login using a domain account I got an error saying no logon servers available. Probably happens because know wireless network adapters have been configured for that user so at the login screen you don't have access to domain controllers for authentication and no profile has been create with cached user information for local logon.

    Granted a hard wire connection could solve this but without that your SOL right?

    Well I worked around the issue by logging in again to my Microsoft account on the Surface and then connecting to my works WIFI, next I remote desktop connected to the Surface from another PC at work using the domain account which in turn creates the user profile for the domain account on the Surface. To remote into it the Surface wants to kick out the other user that’s signed in (the Microsoft account) which loses the wireless connection and in turn kills the remote
    desktop connection but you'll have what you need now to login locally with the domain account. Just jump over to the Surface and login with the domain account
    and it takes you to the start screen then configure your wireless connection and your good to go with a domain account on your Surface.

    Come ‘on Microsoft!




    • Edited by Tyler Cook Thursday, April 18, 2013 9:10 PM
    Thursday, April 18, 2013 9:10 PM
  • We are demo'ing a few Surface tablets and ran into the same problem. We set them up to authenticate based on the machine itself rather than based on user credentials and that's working very well so far. It's all 802.1x with PEAP, certificates are coming from our in-house CA, but using computer authentication rather than the user credentials. So far so good and it sounds like that method of wireless connection could help some folks in this thread.

    Friday, April 26, 2013 8:50 PM
  • I too have radius active on our Meraki wireless network. if I uninstall/reinstall the Marvell wireless card I can connect, if I reboot it errors and "can't connect to this network" although I can connect to any other wireless networks with non-radius authentication, even our guest network that uses 802.11x so I think it's something to do with Radius/Marvel driver. I have other win 8 domain machines that do not have this issue.

    surface pro

    domain joined

    user as local admin

      

    • Edited by Rick Sch Tuesday, June 04, 2013 10:15 PM
    Tuesday, June 04, 2013 10:13 PM
  • Hi everyone,

    Just received some Surface Pro's to play with, here is how I got them on a Radius (with username/password authentication) wireless network and then joined to the domain:

    • Login to device using whatever account is already setup
    • Press Winkey+X and select Control Panel
    • Go to Network and Internet then Network and Sharing Center
    • Set up a new connection or network
    • Select Manually connect to a wireless network
    • Enter Network name, select Security type (WPA2-Enterprise) & Encryption type
    • Press Next, then select Change connection settings
    • Go to the Security tab
    • Change network authentication to Microsoft: Protected EAP (PEAP) then select Advanced settings
    • Check Specify authentication mode: change drop list to User or computer authentication
    • Click on Save credentials and enter your domain\username & password used to authenticate with Radius
    • OK through everything to finalise your connection settings

    You should now be able to select your wireless network from the network list and it will connect using the provided credentials. Next up you will want to join your domain and reboot. Log on as a domain user to test.

    Finally you will want to forget this wireless network and re-add it to use the logged on users credentials. Go to the network list (swipe from right, Settings, Wireless), right click on your network and select Forget. Recreate the wireless network using the same procedure as above except leave out the specify authentication part.

    • Authentication method should still be Microsoft: PEAP, then go in to Settings
    • Select Authentication Method: Secured password (EAP-MSCHAP v2), then go in to Configure
    • Automatically use my Windows log-on name and password (and domain if any) should be checked

    Obviously everyone's network is different so you may have to tune it a bit differently. I hope that this helps at least one person by saving a bit of time.

    • Proposed as answer by mlody45 Thursday, June 13, 2013 2:07 PM
    Thursday, June 06, 2013 3:07 AM
  • How did i achieved login to domain on my test surface. Loged in to local user.

    Go to SSID wireless network properties, select Advanced setting,

    Check "Enable single sign on for the this network.

    Select Perform immediately before user logon.

    Check Allow additional dialogs to be displayed during single sign on.

    Bingo... You will see tow login box to one for the domain and other one for wireless login.

    Regards

    Natesh

    Monday, June 24, 2013 7:59 AM
  • Just login in as local Admin, then into Network and Sharing Center, Internet/Connections, Wireless Properties,Security,Advanced Settings and change Authentication mode to Computer instead of User Authentication! Simple as that!
    Friday, August 30, 2013 6:41 AM
  • Which means what? I now have to purchase s third-party USB WiFi adapter for every Surface Pro?
    Tuesday, September 17, 2013 5:23 PM
  • Still having issues after joining the domain connecting to Meraki wireless with radius, works or other domain tablets and windows 8 computers - won't connect at all!
    Tuesday, October 29, 2013 9:45 PM
  • Did this ever get resolved?  We are having similar issues with a couple Win 8.1 laptops using Meraki AP's.

    Wednesday, March 19, 2014 2:45 PM