Undocking laptop and having to authenticate on wifi every time and not auto connecting

OmegaTag
Conversationalist

Undocking laptop and having to authenticate on wifi every time and not auto connecting

We are experiencing an odd issue with windows machines where when a user removes from dock the wifi doesnt connect automatically to our meraki AP's - user have to manually click on the SSID and authenticate every time. I look after the meraki infrastructure and experience the same issue. 

 

At first i was convinced that is was a MS issue with policies and what not but not so sure now - so when users go from hardwire to wifi they have to manually do this, whereas some users don't.

 

we use RADIUS for authentication, AP's are MR32-33-34 firmware ver. 25.13 - any help is greatly appreciated.

4 Replies 4
SoCalRacer
Kind of a big deal

If you are using Windows 10 and Defender then I would look at the GPO and possibly disable Credential Guard

 

https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-gu...

 

Credential Guard is incompatible with NTLM authentication, so the PEAP-MSCHAPv2 and EAP-MSCHAPv2 based connections specified in the WiFi policy will not work.  Microsoft recommends a certificate-based authentication method instead, such as PEAP-TLS or EAP-TLS:

PhilipDAth
Kind of a big deal
Kind of a big deal

>We are experiencing an odd issue with windows machines where when a user removes from dock the wifi doesnt connect automatically to our meraki AP's

 

Does it try to connect and fail - or it just doesn't try at all?

 

When users connect do they get any warnings (such as certificate warnings)?  If so this will prevent auto-connect.

 

Is the WiFi controlled by Windows 10 itself, or by a third party manager like some of the Intel WiFi NICs use?

OmegaTag
Conversationalist

Sorry for delay - 

Does it try to connect and fail - or it just doesn't try at all?

- doesnt try to connect

 

When users connect do they get any warnings (such as certificate warnings)?  If so this will prevent auto-connect.

- they do get a warning the first time, but once cert is accepted it doesnt ask again.

 

Is the WiFi controlled by Windows 10 itself, or by a third party manager like some of the Intel WiFi NICs use?

- not sure, it seems to be by GPO as the wifi settings are locked.

 

*** may i add that, it connects fine manually but not automatically, example - you leave your desk to go to a meeting room and you have to connect manually every time, but, some do connect automatically.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Ideally the certificate used by the RADIUS server should be from a CA that the client trusts.  This can stll be a private CA certificate.  What I typically do is create a WiFi group policy, and place that trusted private certificate into that so that clients will trust it automatically.

If you are using an AD based CA server to issue the certificate then this is done automatically.

 

If the client is not initiating the connection automatically then you need to go look at the group policy.  One of the "connect automatically" options has not been selected.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels