Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

domain login issue when users leave wifi switched on

Posted on 2013-02-01
18
Medium Priority
?
551 Views
Last Modified: 2013-02-05
Hi all,
Started getting a few issues with two users, they appear to have problems on login when the leave the computer Wi-Fi enabled.  There machine uses ethernet to connect to the domain, but it appears that the machines tries to access the domain via Wi-Fi first.
Is there a change I can make to the order of the networks cards or even tell the machine to never use the WiFi card as a means to login to the domain?
0
Comment
Question by:Emanuel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
  • 3
18 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 38843145
I would bridge them together so it doesn't use the wifi when its plugged into the network but it uses the wifi when its not connected
0
 

Author Comment

by:Emanuel
ID: 38843224
OK.  But the users never use Wifi for network domain activity,
0
 
LVL 80

Expert Comment

by:arnold
ID: 38843260
Check whether the metric setting on the wifi is lower than the one on the wired connection.
netstat -rn
The metric value/weight the lower number has the higher preference.
Usually, the wired connection has a lower metric of 20 while the wireless has 50 or higher.

Is the system in question booted while on the LAN or is the system resuming from a hibernation state?
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 

Author Comment

by:Emanuel
ID: 38843302
I would assume its from booting.

Is there a way to change the weight/metric?
0
 

Author Comment

by:Emanuel
ID: 38843313
Currently my laptop is showing
Ethernet as 10 Metric
WiFi as 25 Metric
IP Range on Ethernet as 266 Metric
IP Range on WiFI as 281 Metric

The laptop which has a problem
Ethernet as 45 Metric
WiFi as 10 Metric
0
 
LVL 80

Expert Comment

by:arnold
ID: 38843330
Look at the adapter setting properties of tcp/IP they likely changed from auto and manually adjusted the metric entry on each.(network sharing center, adapter settings)

http://stackoverflow.com/questions/7785874/setting-network-adapter-metric-priority-in-windows-7
0
 

Author Comment

by:Emanuel
ID: 38843371
Its weird, because on my laptop the preference in Advanced Settings is also that my WiFi should be utilised first however it isn't.

So will tweaking make any difference?
0
 
LVL 80

Expert Comment

by:arnold
ID: 38843380
Yes if wired is first, it will have a higher preference with a lower metric value.
This way when both wired and wireless are connected the wired network will have preference. The issue is reversed if the Domain LAN is on the wifi while the wired is not on the domain line.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 38843405
if you bridge the wifi and nic or restrict them from the wifi network that will work
0
 
LVL 80

Expert Comment

by:arnold
ID: 38843412
There is no need to bridge. The system is used in multiple environments. Oe has wifi I.e. when the reason takes the laptop off-site.
The issue is not to connect two distinct networks.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 38843492
I do it on my laptop when I take in the office I can use the wifi or use the lan for better performance so block the user from the wifi in the office so they must use a network port
0
 
LVL 80

Expert Comment

by:arnold
ID: 38843566
My understanding is that the laptop in question has the wifi enabled but not connected to the AD LAN but is connected (phone hotspot) and the AD network via Ethernet.
0
 

Author Comment

by:Emanuel
ID: 38843597
Hi Arnold, you are correct.  We have a wifi which is used for web only primarly for visitors, but some staff use it for browsing.
The domain is only available via ethernet.
0
 
LVL 80

Expert Comment

by:arnold
ID: 38843647
Bridging would/could compromise the AD LAN by bridging two distinc and purposefully separated networks/functions.
If this allowed by company policy for the configuration of these laptops to use the wifi?
If it is, the only option available to the user are:
Disable the wifi before the login.
To modify their settings for the network interface to match your laptop while adding a login script that will add a more preferred route via the wifi connection
I.e. on login the batch file will run something akin to
Route add 0.0.0.0 mask 0.0.0.0 metric 5 if <wifi>
This will change the preference on the default gateway to prefer the wifi network for networks not otherwise already defined.
0
 

Author Comment

by:Emanuel
ID: 38843831
Hi Arnold,
Understanding what you have written am I correct in if I add a route that gives preference to the Ethernet by using your script method it could fix a bulk of my problems.

Route add 192.0.0.0 mask 255.0.0.0 metric 5 if <LAN>

Another question is my is there a generic term for ethernet to adjust this metric.  On my laptop the card is realtek, on the other it is intel.
I noticed that in your route add command you used the generic term wifi.

Regards,
0
 
LVL 80

Accepted Solution

by:
arnold earned 2000 total points
ID: 38844632
No, my suggestion is the reverse given the preference on the ethernet is required to login without delay.  
I.e. you would alter the preference on on the order of the network adapters from wifi, ethernet to ethernet, wifi.
Then when the user successfully logs into the system, the login/startup (startup in this context means startup of session, the start up folder in the start menu hierarchy) runs and if the wifi adapter is active, it is added with a preferred route.

Not sure I understand what you mean by, "generic term for ethernet to adjust this metric"?

Have to rethink, since you need to determine the IP on the WIFI to be included in the command.
powershell "get-wmiobject -class win32_networka
dapterconfiguration | format-wide -property ipaddress"

Open in new window

http://blogs.technet.com/b/danstolts/archive/2012/01/31/using-powershell-to-get-or-set-networkadapterconfiguration-view-and-change-network-settings-including-dhcp-dns-ip-address-and-more-dynamic-and-static-step-by-step.aspx
http://technet.microsoft.com/en-us/library/dd347677.aspx

you could use a powershell script to determine the current IP/s
And using that information to construct the powershell equivalent to route add to reprioritize.

The nagging feeling I have is I suspect your firm would not be open to such a situation where effectively if the user who uses the "GUEST" WIFI on their company system which has full access to the company network, is a security risk. i.e. while browsing the user's system gets a virus which is then spread through the LAN.
0
 

Author Comment

by:Emanuel
ID: 38854658
Generic term, I meant in your regard to your line of code
Route add 0.0.0.0 mask 0.0.0.0 metric 5 if <wifi>

<wifi> is that a generic term you can use in a script?

However with your great help I believe I have completed what I need to.  Based on our network I know the IP address range of the WiFi and of the Lan, and because they are different my script basically makes the 192. range the priority (lower metric) and the 10. range the  low priority and higher metric.

One thing I have noticed in my testing is that you cannot have a metric lower than ten.

Thanks again for your help.
0
 

Author Closing Comment

by:Emanuel
ID: 38854660
Great help thank you again.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question