none
Wireless Network Policy Single Sign On Issue with Windows 8.1 only RRS feed

  • Pertanyaan

  • I'll try to set this up as best I can. I have a laptop with a fresh Windows 8.1 install on it. It is on my domain, and I have a single GPO applied to it. In the GPO under Computer Configuration -> Windows Settings -> Security Settings -> Wireless Network Policies I have created a Windows Vista or later policy. In the policy I have configured single sign on.  I log into a local account on the laptop and plug it into a wired connection. I then run gpupdate on it. At that point I unplug the network cable, and log off. Now, from the login screen I click Other user, and it looks like the screenshot below.

    Notice that "Windows will try to connect to" is present. I can login using domain credentials, and single sign on works perfectly. Now if I reboot the machine, the "Windows will try to connect to" is gone and single sign on does not work. If I log in with a local account and log out. The "Windows will try to connect to" is present again. I can login normally using domain credentials, and single sign on works perfectly again.

    One other note: I installed a fresh copy of Windows 7 on the same model laptop, and put it in the same OU with that single GPO. Single sign on works perfectly with the Windows 7 machine every time. Including after reboots. Thank you, in advance, for any advice or comments. I will be happy to provide additional information if it is needed.

    Rabu, 03 September 2014 19.09

Semua Balasan

  • Hi 

    As an easy way to fix this, you can manually log on the computer by manually typing thedomain name, log on like this: “domain\username”, then typing the password.

    Besides, according to your post, the problem should be the client computer fails to detect the domain environment, I would suggest to leave the domain and join it later to check the result.

    Meanwhile as your description, you can  add the domain account to the local adminstrator group to see the result.

    For any other questions, you can post it back.

    Regards


    Wade Liu
    TechNet Community Support


    • Diedit oleh Wade__Liu Selasa, 09 September 2014 10.31
    Selasa, 09 September 2014 10.31
  • Wade,

    Thank you for your reply. I apologize, but I forgot to mention a very important detail. These laptops will be used in a higher education setting where they are checked out by students. For their initial logon, the users will need to be connected to the wireless network to allow them to authenticate. Single sign on is not essential with Windows 8, but it would eliminate a step. I can tell you that I'm fairly certain the single sign on policy is not functioning correctly with the Windows 8 device. You can't really get a more controlled test, and the Windows 7 device works perfectly with the same GPO. Any further advice is greatly appreciated.

    Thanks!

    Selasa, 09 September 2014 20.38
  • Hi keyserag,

    I want to know if there is any other log generated when this happened? 

    Besides, another situation is the group policy is not successfully applied to the Windows 8 system, to confirm this, run the "rsop.msc" command at the command line window, in this way you can check whether the group policy result.

    Regards



    Wade Liu
    TechNet Community Support

    Kamis, 11 September 2014 10.52
  • Wade,

    I ran rsop, and I can confirm that the policy is applied (see screenshot below). I can also confirm that I am still seeing the behavior described above.

    Thanks!

    Jumat, 12 September 2014 19.22
  • keyserag,

    Were you able to get this issue resolved since your last post?  Please keep us posted!

    Mike

    Windows Outreach Team – IT Pro

    Senin, 29 September 2014 14.53
    Moderator
  • I was not able to resolve this. Still seeing this behavior across all of our mobile Windows 8.1 devices.
    Senin, 29 September 2014 16.07
  • Any update to this?
    Rabu, 15 Oktober 2014 19.25
  • keyserag,

    Were you able to get this issue resolved since your last post?  Please keep us posted!

    Mike

    Windows Outreach Team – IT Pro

    Hi Michael,

    We are still having this issue. Is there anything we can do?


    Senin, 26 Januari 2015 21.03
  • I would like to jump into this conversation if I can. 

    I work in a enterprise environment, with several thousand devices, and we use a single sign on configured WLAN profiles to connect my Windows 7 and Windows 8.1 laptops and tablets to our domain.  It was designed to allow the user to connect to the domain, using that same "Windows with try to connect to X" at login that the OP detailed (though ours is configured through WLAN profiles pushed from SCCM, with the certificates pushed through GP).

    What I'm experiencing almost exactly the same as the OP, with every single device.  I'm not sure what else to check, or what I can configure to fix this.  I've tried adjusting the WLAN profile, the power settings on the devices, and I have double checked my policies.

    When the message is present, it works flawlessly.  However when the message is not present a user with cached credentials can login, and they connect to the domain as soon as they login, but no "At logon" policies are applied (including the mapping of an H drive, as configured in Active Directory user profiles).

    Michael (OP), were you able to find a way to resolve this issue?  This was the only place I could find that addressed exactly what I'm dealing with.

    Jumat, 06 Februari 2015 20.29
  • Deleted
    Senin, 09 Februari 2015 22.48
  • The WLAN Profile setting is set to "All Users".

    Selasa, 10 Februari 2015 20.27
  • Good to know someone else is seeing the same problem. We ended up just rolling back to Windows 7. I'm surprised that they won't even address it here.
    Kamis, 26 Februari 2015 16.21
  • I just wanted to let you all know that in the process of trying to set this up at my organisation I also have this problem. I'm currently looking for a solution.
    Rabu, 25 Maret 2015 06.23
  • I managed to get this to work properly in my environment. I realized that I needed to export the wireless profile from the Group Policy editor and import it on the client (by using Group Policy). I realized this while reading through this article:

    https://technet.microsoft.com/en-gb/magazine/2007.11.cableguy.aspx

    You can see the "Export..." button in the screenshot posted by keyserag above. Select the profile name, in the Group Policy editor Properties dialog, i.e. the item that keyserag has blurred in his screenshot, then click the "Export..." button. You will be prompted to save the XML file. 

    I use Computer Configuration > Preferences > Windows Settings > Files to copy the XML file to the clients:

    Destination: %WindowsDir%\WirelessProfileExportFileName.XML

    I then use Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks to run netsh and import the profile:

    Action: netsh wlan add profile filename="%WindowsDir%\WirelessProfileExportFileName.XML"

    The PCs using my policies are now ready to logon without any need for additional manual actions.

    I've left out some detail here, I assume everyone will do something a little different anyway. Let me know if you need more help with this.


    • Diedit oleh bndsc Senin, 30 Maret 2015 07.30 fixed link
    Senin, 30 Maret 2015 07.28
  • I managed to get this to work properly in my environment. I realized that I needed to export the wireless profile from the Group Policy editor and import it on the client (by using Group Policy). I realized this while reading through this article:

    https://technet.microsoft.com/en-gb/magazine/2007.11.cableguy.aspx

    You can see the "Export..." button in the screenshot posted by keyserag above. Select the profile name, in the Group Policy editor Properties dialog, i.e. the item that keyserag has blurred in his screenshot, then click the "Export..." button. You will be prompted to save the XML file. 

    I use Computer Configuration > Preferences > Windows Settings > Files to copy the XML file to the clients:

    Destination: %WindowsDir%\WirelessProfileExportFileName.XML

    I then use Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks to run netsh and import the profile:

    Action: netsh wlan add profile filename="%WindowsDir%\WirelessProfileExportFileName.XML"

    The PCs using my policies are now ready to logon without any need for additional manual actions.

    I've left out some detail here, I assume everyone will do something a little different anyway. Let me know if you need more help with this.


    Sorry for the long delay in responding. I tested this method and saw the exact same behavior as I did in the original post.  Also, the "problem" still seems to exist in Windows 10 with preliminary testing. If anyone has any insight, it would be much appreciated. 
    Kamis, 21 Januari 2016 16.23
  • Dear Microsoft Community

    I have the same problem. The "Windows will try to connect to [WLANSSID]" is not present at first.

    When i boot a Windows 10 Machine and click on the Lock Screen, i get to the Logon Screen where the "Windows will try to connect to [WLANSSID]" is not present. But when i just wait till the Lock Screen comes back and after that i click on it to get to the Logon Screen, the "Windows will try to connect to [WLANSSID]" is present and WLAN login works.

    So how i can force Windows 10 to show "Windows will try to connect to [WLANSSID]" after Boot and Lock Screen within the Logon Screen at first attempt? Or is there a way or hotkey to get back to the LOCK Screen from the Logon Screen manually?

    In Windows 7 all is working like a charm.

    Kind regards,

    Eiven

    Jumat, 21 Oktober 2016 10.29
  • We are having this exact issue, and I cannot figure it out.  It only seems to happen to our new model Laptops on Windows 10.

    I have a Latitude E6440 - brand new Windows 10 Image, etc. Wireless will work fine - we get the message at the login screen that the computer will attempt to login via wireless.  Drives map, etc.  Works great.

    However on our newer Dell machines - same image - once we patch the system, that message disappears.  Mapped drives do not work.

    I am trying different driver types, as I think that is where the issue lies (a newly imaged machine, before I patch, will work like the older ones).  Driving me crazy trying to figure out why.

    Kamis, 10 Oktober 2019 13.17
  • Hutcha,

    Do you have any sort of control over how the wireless authentication is occurring in your organization?

    The reason I ask is that we moved from User-based to Machine-based authentication and all of our major problems went away.  Users no longer have issues logging in for the first time, and we can remotely connect to laptops after reboot now as well.  It's a world of difference, not to mention more secure since it limits what can connect to our network.

    If changing that is not an option, one other thing you can try (a simpler test) is to enable the Group Policy setting "Always wait for the network at computer startup and logon".  This one did help us when we were still on User-based authentication.  The policy object can be found under Computer Configuration -> Policies -> Administrative Templates -> System -> Logon.

    Kamis, 10 Oktober 2019 13.35
  • Hutcha,

    Do you have any sort of control over how the wireless authentication is occurring in your organization?

    The reason I ask is that we moved from User-based to Machine-based authentication and all of our major problems went away.  Users no longer have issues logging in for the first time, and we can remotely connect to laptops after reboot now as well.  It's a world of difference, not to mention more secure since it limits what can connect to our network.

    If changing that is not an option, one other thing you can try (a simpler test) is to enable the Group Policy setting "Always wait for the network at computer startup and logon".  This one did help us when we were still on User-based authentication.  The policy object can be found under Computer Configuration -> Policies -> Administrative Templates -> System -> Logon.

    At this point not much, as Wireless is not my "project" - but I am getting tired of it not being fixed.

    We already have that setting in GPO - and have been running Wireless successfully in Windows 7 for a number of years now.  The problem has only started to appear now that our hardware is newer.

    Doing more testing today, I can advise that it only seems to happen with the newer Intel AC cards.  I have two Laptops, both with the same Windows 10 image/patch level.  The one with the Intel Card flashes (for a quick second) the will try to sign into the SSID, but it then disappears.  The login scripts, etc. don't run.

    The older Laptop with a Dell Wireless Card works flawlessly.  

    This tells me that my Wifi settings are correct (at least for older hardware).  



    • Diedit oleh hutcha Kamis, 10 Oktober 2019 14.25
    Kamis, 10 Oktober 2019 14.19
  • We will also see errors like this in Event Viewer:

    I suspect is something to do with WLAN-AutoConfig as I believe we see that 100% across the board, on the Intel Devices.

    Kamis, 10 Oktober 2019 14.28