Undocking laptop and having to authenticate on wifi every time and not auto connecting
We are experiencing an odd issue with windows machines where when a user removes from dock the wifi doesnt connect automatically to our meraki AP's - user have to manually click on the SSID and authenticate every time. I look after the meraki infrastructure and experience the same issue.
At first i was convinced that is was a MS issue with policies and what not but not so sure now - so when users go from hardwire to wifi they have to manually do this, whereas some users don't.
we use RADIUS for authentication, AP's are MR32-33-34 firmware ver. 25.13 - any help is greatly appreciated.
Credential Guard is incompatible with NTLM authentication, so the PEAP-MSCHAPv2 and EAP-MSCHAPv2 based connections specified in the WiFi policy will not work. Microsoft recommends a certificate-based authentication method instead, such as PEAP-TLS or EAP-TLS:
Does it try to connect and fail - or it just doesn't try at all?
- doesnt try to connect
When users connect do they get any warnings (such as certificate warnings)? If so this will prevent auto-connect.
- they do get a warning the first time, but once cert is accepted it doesnt ask again.
Is the WiFi controlled by Windows 10 itself, or by a third party manager like some of the Intel WiFi NICs use?
- not sure, it seems to be by GPO as the wifi settings are locked.
*** may i add that, it connects fine manually but not automatically, example - you leave your desk to go to a meeting room and you have to connect manually every time, but, some do connect automatically.
Ideally the certificate used by the RADIUS server should be from a CA that the client trusts. This can stll be a private CA certificate. What I typically do is create a WiFi group policy, and place that trusted private certificate into that so that clients will trust it automatically.
If you are using an AD based CA server to issue the certificate then this is done automatically.
If the client is not initiating the connection automatically then you need to go look at the group policy. One of the "connect automatically" options has not been selected.