I work for an IT company that supports many different clients mainly in the medical field. We have two clients that are using WPA-PSK for their APs right now, and they are on a windows 2000 domain. All networking gear is Cisco. The problem they are experiencing is that when they try to logon from a cold boot, the network is not available. If they log in locally, then log out, they can then log into the domain. If they reboot the machine, but don't actually shut it down, they can login to the domain fine. I have checked the AP's security list, and it shows many authentication failed messages prior to the user logging in locally. It seems like the client is running, but the settings aren't right unless they log in. I have seen many other issues like this online, but no-one has had a good answer for it. I'm hoping someone here will.

Thanks.

I had a very similar problem with novell clients that would not connect to a Novell (remember those) server unless the clients had been warm-booted.

In this case it was nothing todo with client config but a feature of the switch's isolating the ports used from the main network. By the time the ports were allowed onto the network the client had timed-out on it's attempted connection. IIRC the feature was called spanning-tree.

On a warm boot the connection was already there so it would work ok.

Not sure that this has any relevence but thougth i'd share it anyway :)

I actually just recently disabled Spanning Tree on the switches and the WAPs. Thank you though. Also, in looking at the access logs, they show the client as using an incorrect pass key until they are logged on locally (or cached logon.) Once they are logged on, it shows the authentication as successful.

This is really annoying, as the client wants to use a mobile workstation to take to patient rooms, but they want it to be secure. It seems as if the client is not working as a service quite right until the user is logged in.

I saw somewhere that by default the Cisco wifi utility doesn't allow network connections without a user logged into the system. The odd thing is that this option is not available with WPA-PSK connections.

Ah well, the search continues...

Hello cygnuskaltora

I wonder if you have made any progress with this problem?

I have the same problem with W2K clients.
With XP it works fine (we have IBM Laptops T42).

I´ve searched for an application which starts the wireless interface BEFORE the windows logon appears, but without any luck.

Regards /Crille

Crille,
So far the only thing that has worked is really just a work around. If you log in as a local or currently cached user, you can then log off, and back on as a new user. That's all that I've been able to do so far. I am currently looking into some other fixes and will post if anything works.

Thanks

Hello again!

I have worked out a solutions which includes some registry hacking!
And it isnt perfect, but it works (most of the time) :)

This solution is only tested with Zyxel ZyAIR G-110 802.11G LAN PC CARD. I use W2K Pro SP4.

I first located the exe file which starts the wireless card, in this case "C:\Program Files\ZyAIR G-110\start.exe"
I use FireDaemon to start this exe as a service.
Did some tuning of the service in FireDaemon, Settings Tab:
Logon Account: a local admin account, havent tried with LocalSystem yet, it maybe works...
Interact with desktop: yes
Upon Program Exit: Disabled

BTW, wasnt FireDaemon freeware before? now its a 30 day trial.. anybody have a tip of a freeware application which does the same thing as FireDaemon, back to the solution....

After that i removed the autostart shortcut of "C:\Program Files\ZyAIR G-110\start.exe" in C:\Douments and Settings\All Users\Startup directory.

Now to the registry hack, use REGEDT32, NOT REGEDIT!
As always when you edit the registry - Your on your own :)

Start REGEDT32, find:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetLogon
Find the DependOnService, doubleclick it.
It should be one line with the text "LanmanWorkstation"
Add another line with the name of the FireDaemon service, in my case "zyxel"
Then click OK

Before you reboot the Machine, find out what IP adress the machine have, normally it gets the same Ip if you reboot.
Then start a command prompt "ping x.x.x.x -t" on ANOTHER computer to watch when you wireless interface starts.

In most cases, my wireless interface starts just before the logon screen appears, but sometimes not...

Maybe some reader have a tip on another dependencie which would work better than "Netlogon"

For more info on how to create dependencies i found these links:
http://www.sanrad.com/objects/support/iSCSI%20storage%20with%20Windows-ST-HowTo-001-01.pdf
http://support.microsoft.com/default.aspx?scid=kb;en-us;193888

Hope this is understandable, my english isnt perfect :)

It would be great if someone else tried this with another network card.

Regards /Crille