Solved

Domain not available error on wireless clients

Posted on 2009-05-05
5
349 Views
Last Modified: 2013-11-12
At the start of the year, we changed our wireless security over to a more secure network (802.1x with PEAP and MSCHAPv2) authenticating to a Microsoft IAS Server (Windows Server 2003 Standard). I followed the very detailed solution guide from Microsoft (Securing Wireless LANs with PEAP and Passwords). It all works flawlessly until about 2 weeks later when a few laptops prompt a student with the message domain not available . Logging onto the laptop shows that it hasnt connected to wireless. Attempting to reconnect fails and the only way to get it going again is to do a gpupdate /force while plugged into the LAN and then do a restart. After that all is well again, until another 2 weeks or so. This is not just for one laptop, its totally random with any of our laptops. Usually it would be 5 or so that happen at the same time.
We are using Colubris/Procruve wireless solution, but dont think that is causing the problem as I had exactly the same problem at a previous workplace.
I have googled and havent really come up with much apart from a small forum with 2 or so other people with the same problem with no solution.
Has anyone deployed 802.1x with PEAP and run into the problem we are having?
Has anyone found a solution to this problem?
0
Comment
Question by:darem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24315884
How many clients do you have running against the IAS Server?  Since you are running standard edition of 2003, there are some limitations to consider:

-- You can configure no more than 50 RADIUS clients (NAS's)
-- You can configure no more than two Remote RADIUS server groups
-- You can't configure RADIUS clients by IP address range

If you have hit the 50 RADIUS Clients, that may be what is causing your issue.  Windows 2003 Enterprise Edition does not have the above limitations.
0
 

Author Comment

by:darem
ID: 24320679
* We have only two client configs on the IAS server so this is not an issue.
* We dont have more than two remote RADIUS server groups
* We are not using IP address ranges
0
 
LVL 3

Expert Comment

by:ISWSIMBX
ID: 24326446
The first limitation isn't related to the number of client configs on the RADIUS server, but the actual number of clients that can connect to it at one time.
0
 

Author Comment

by:darem
ID: 24350471
That number of clients does not affect us as only one client from each of two controllers makes a connection. We have had over 250 wireless connections happening without any problems so I can be pretty sure the number of clients is not a problem.

Through other research we have found that PEAP may be the problem and EAP-TLS is recommended so we are now trying that out.
0
 

Accepted Solution

by:
darem earned 0 total points
ID: 24371647
Changed the value on the machine password age to not expire until the end of the year and so far we have not had any further dropouts so we consider the case solved
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question