locked
Wired 802.1x - Windows Log on problem RRS feed

  • Question

  • We have dot1x on all the of our Xp computers (SP 3)

    I have several computers that seems to have problem logging into the domain every morning when it boots up.  It will say "Domain not available".  However, if we let the computer sit for about 5 minutes the user will eventually log in.

    We don't know what the exact cause is, been trying all the different solutions.  Anyone got any idea?
    Monday, December 8, 2008 9:57 PM

Answers

  • i had this issue if I used vista and dot1x.  would bootup vista, then cntr-alt-del then login as soon as I could, and it would use cached credentials.  I also was getting irratic drive mappings.  If i tried logging in with a new user, it wouldn't let me saying domain could not be found.   I had to enable the administrative template in GPO for "wait until networking" or something similiar.  This delays the boot and allows the services to get up and running prior to the bootup.   I used to have to use this a long time ago for wireless networks so they could login using them.  I would hope they would have fixed this issue since then, but if I don't use this, I get funny drive mappings, and irratic connections.  Also VLAN hopping during the login time, will screw up lots too, I'm having an issue with vista now doing this, hopefully we'll find something.
    Derek
    Thursday, January 8, 2009 12:05 AM

All replies

  • Your computer authentication accurs rather slow, what authentication server you are using ? 2008 or 2003?  chek errors on your logs

    Tuesday, December 9, 2008 8:13 AM
  • i've have had the same problem.

    i setup a testlab with a 2003 DC, 2008 NPS and DHCP, and a cisco 3750 switch.
    I configured the DHCP server with multiple scopes and gateways, so that a client gets an IP address of the vlan were it resides (x.x.20.x for vlan 20, x.x.30.x for vlan 30, etc.)

    i noticed when a XP client changes from vlan, and thus IP address, it takes much longer to get an IP address assigned from the DHCP server the if a Vista client changes from vlans.
    Now does have Vista a revised TCP stack, so maybe that causes the address renewal performance in vista.


    So the error "domain not available" is likely to be caused that the XP client doesn't have an IP address yet.

    Friday, December 12, 2008 12:47 PM
  • here's what i found.

    Event ID 15506

    Found out there's a 1200 block out timer.   in event log id

    Network authentication attempts have been temporarily suspended on this network adapter.
    Network Adapter: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
    Interface GUID: 9219d220-ec6f-4380-8cdd-ea711fa843bf
    Reason Code: 327685
    Length of block timer (seconds): 1200



    How do I shorten the timer?

    Thanks!
    Thomson.
    Monday, December 15, 2008 6:59 PM
  • Hello Thomson, maybe you can check if XP SP3 with roaming profile works with 2008 NAP, thank you
    Monday, January 5, 2009 8:37 AM
  • i had this issue if I used vista and dot1x.  would bootup vista, then cntr-alt-del then login as soon as I could, and it would use cached credentials.  I also was getting irratic drive mappings.  If i tried logging in with a new user, it wouldn't let me saying domain could not be found.   I had to enable the administrative template in GPO for "wait until networking" or something similiar.  This delays the boot and allows the services to get up and running prior to the bootup.   I used to have to use this a long time ago for wireless networks so they could login using them.  I would hope they would have fixed this issue since then, but if I don't use this, I get funny drive mappings, and irratic connections.  Also VLAN hopping during the login time, will screw up lots too, I'm having an issue with vista now doing this, hopefully we'll find something.
    Derek
    Thursday, January 8, 2009 12:05 AM