Solved

domain login issue when users leave wifi switched on

Posted on 2013-02-01
18
546 Views
Last Modified: 2013-02-05
Hi all,
Started getting a few issues with two users, they appear to have problems on login when the leave the computer Wi-Fi enabled.  There machine uses ethernet to connect to the domain, but it appears that the machines tries to access the domain via Wi-Fi first.
Is there a change I can make to the order of the networks cards or even tell the machine to never use the WiFi card as a means to login to the domain?
0
Comment
Question by:Emanuel
  • 8
  • 7
  • 3
18 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 38843145
I would bridge them together so it doesn't use the wifi when its plugged into the network but it uses the wifi when its not connected
0
 

Author Comment

by:Emanuel
ID: 38843224
OK.  But the users never use Wifi for network domain activity,
0
 
LVL 77

Expert Comment

by:arnold
ID: 38843260
Check whether the metric setting on the wifi is lower than the one on the wired connection.
netstat -rn
The metric value/weight the lower number has the higher preference.
Usually, the wired connection has a lower metric of 20 while the wireless has 50 or higher.

Is the system in question booted while on the LAN or is the system resuming from a hibernation state?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Emanuel
ID: 38843302
I would assume its from booting.

Is there a way to change the weight/metric?
0
 

Author Comment

by:Emanuel
ID: 38843313
Currently my laptop is showing
Ethernet as 10 Metric
WiFi as 25 Metric
IP Range on Ethernet as 266 Metric
IP Range on WiFI as 281 Metric

The laptop which has a problem
Ethernet as 45 Metric
WiFi as 10 Metric
0
 
LVL 77

Expert Comment

by:arnold
ID: 38843330
Look at the adapter setting properties of tcp/IP they likely changed from auto and manually adjusted the metric entry on each.(network sharing center, adapter settings)

http://stackoverflow.com/questions/7785874/setting-network-adapter-metric-priority-in-windows-7
0
 

Author Comment

by:Emanuel
ID: 38843371
Its weird, because on my laptop the preference in Advanced Settings is also that my WiFi should be utilised first however it isn't.

So will tweaking make any difference?
0
 
LVL 77

Expert Comment

by:arnold
ID: 38843380
Yes if wired is first, it will have a higher preference with a lower metric value.
This way when both wired and wireless are connected the wired network will have preference. The issue is reversed if the Domain LAN is on the wifi while the wired is not on the domain line.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 38843405
if you bridge the wifi and nic or restrict them from the wifi network that will work
0
 
LVL 77

Expert Comment

by:arnold
ID: 38843412
There is no need to bridge. The system is used in multiple environments. Oe has wifi I.e. when the reason takes the laptop off-site.
The issue is not to connect two distinct networks.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 38843492
I do it on my laptop when I take in the office I can use the wifi or use the lan for better performance so block the user from the wifi in the office so they must use a network port
0
 
LVL 77

Expert Comment

by:arnold
ID: 38843566
My understanding is that the laptop in question has the wifi enabled but not connected to the AD LAN but is connected (phone hotspot) and the AD network via Ethernet.
0
 

Author Comment

by:Emanuel
ID: 38843597
Hi Arnold, you are correct.  We have a wifi which is used for web only primarly for visitors, but some staff use it for browsing.
The domain is only available via ethernet.
0
 
LVL 77

Expert Comment

by:arnold
ID: 38843647
Bridging would/could compromise the AD LAN by bridging two distinc and purposefully separated networks/functions.
If this allowed by company policy for the configuration of these laptops to use the wifi?
If it is, the only option available to the user are:
Disable the wifi before the login.
To modify their settings for the network interface to match your laptop while adding a login script that will add a more preferred route via the wifi connection
I.e. on login the batch file will run something akin to
Route add 0.0.0.0 mask 0.0.0.0 metric 5 if <wifi>
This will change the preference on the default gateway to prefer the wifi network for networks not otherwise already defined.
0
 

Author Comment

by:Emanuel
ID: 38843831
Hi Arnold,
Understanding what you have written am I correct in if I add a route that gives preference to the Ethernet by using your script method it could fix a bulk of my problems.

Route add 192.0.0.0 mask 255.0.0.0 metric 5 if <LAN>

Another question is my is there a generic term for ethernet to adjust this metric.  On my laptop the card is realtek, on the other it is intel.
I noticed that in your route add command you used the generic term wifi.

Regards,
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 38844632
No, my suggestion is the reverse given the preference on the ethernet is required to login without delay.  
I.e. you would alter the preference on on the order of the network adapters from wifi, ethernet to ethernet, wifi.
Then when the user successfully logs into the system, the login/startup (startup in this context means startup of session, the start up folder in the start menu hierarchy) runs and if the wifi adapter is active, it is added with a preferred route.

Not sure I understand what you mean by, "generic term for ethernet to adjust this metric"?

Have to rethink, since you need to determine the IP on the WIFI to be included in the command.
powershell "get-wmiobject -class win32_networka
dapterconfiguration | format-wide -property ipaddress"

Open in new window

http://blogs.technet.com/b/danstolts/archive/2012/01/31/using-powershell-to-get-or-set-networkadapterconfiguration-view-and-change-network-settings-including-dhcp-dns-ip-address-and-more-dynamic-and-static-step-by-step.aspx
http://technet.microsoft.com/en-us/library/dd347677.aspx

you could use a powershell script to determine the current IP/s
And using that information to construct the powershell equivalent to route add to reprioritize.

The nagging feeling I have is I suspect your firm would not be open to such a situation where effectively if the user who uses the "GUEST" WIFI on their company system which has full access to the company network, is a security risk. i.e. while browsing the user's system gets a virus which is then spread through the LAN.
0
 

Author Comment

by:Emanuel
ID: 38854658
Generic term, I meant in your regard to your line of code
Route add 0.0.0.0 mask 0.0.0.0 metric 5 if <wifi>

<wifi> is that a generic term you can use in a script?

However with your great help I believe I have completed what I need to.  Based on our network I know the IP address range of the WiFi and of the Lan, and because they are different my script basically makes the 192. range the priority (lower metric) and the 10. range the  low priority and higher metric.

One thing I have noticed in my testing is that you cannot have a metric lower than ten.

Thanks again for your help.
0
 

Author Closing Comment

by:Emanuel
ID: 38854660
Great help thank you again.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question