cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Undocking laptop and having to authenticate on wifi every time and not auto connecting

Highlighted
Conversationalist

Undocking laptop and having to authenticate on wifi every time and not auto connecting

We are experiencing an odd issue with windows machines where when a user removes from dock the wifi doesnt connect automatically to our meraki AP's - user have to manually click on the SSID and authenticate every time. I look after the meraki infrastructure and experience the same issue. 

 

At first i was convinced that is was a MS issue with policies and what not but not so sure now - so when users go from hardwire to wifi they have to manually do this, whereas some users don't.

 

we use RADIUS for authentication, AP's are MR32-33-34 firmware ver. 25.13 - any help is greatly appreciated.

4 REPLIES 4
Highlighted
Kind of a big deal

Re: Undocking laptop and having to authenticate on wifi every time and not auto connecting

If you are using Windows 10 and Defender then I would look at the GPO and possibly disable Credential Guard

 

https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-gu...

 

Credential Guard is incompatible with NTLM authentication, so the PEAP-MSCHAPv2 and EAP-MSCHAPv2 based connections specified in the WiFi policy will not work.  Microsoft recommends a certificate-based authentication method instead, such as PEAP-TLS or EAP-TLS:

Kind of a big deal

Re: Undocking laptop and having to authenticate on wifi every time and not auto connecting

>We are experiencing an odd issue with windows machines where when a user removes from dock the wifi doesnt connect automatically to our meraki AP's

 

Does it try to connect and fail - or it just doesn't try at all?

 

When users connect do they get any warnings (such as certificate warnings)?  If so this will prevent auto-connect.

 

Is the WiFi controlled by Windows 10 itself, or by a third party manager like some of the Intel WiFi NICs use?

Highlighted
Conversationalist

Re: Undocking laptop and having to authenticate on wifi every time and not auto connecting

Sorry for delay - 

Does it try to connect and fail - or it just doesn't try at all?

- doesnt try to connect

 

When users connect do they get any warnings (such as certificate warnings)?  If so this will prevent auto-connect.

- they do get a warning the first time, but once cert is accepted it doesnt ask again.

 

Is the WiFi controlled by Windows 10 itself, or by a third party manager like some of the Intel WiFi NICs use?

- not sure, it seems to be by GPO as the wifi settings are locked.

 

*** may i add that, it connects fine manually but not automatically, example - you leave your desk to go to a meeting room and you have to connect manually every time, but, some do connect automatically.

 

Highlighted
Kind of a big deal

Re: Undocking laptop and having to authenticate on wifi every time and not auto connecting

Ideally the certificate used by the RADIUS server should be from a CA that the client trusts.  This can stll be a private CA certificate.  What I typically do is create a WiFi group policy, and place that trusted private certificate into that so that clients will trust it automatically.

If you are using an AD based CA server to issue the certificate then this is done automatically.

 

If the client is not initiating the connection automatically then you need to go look at the group policy.  One of the "connect automatically" options has not been selected.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.