RE: Update: Group Policy Problems Over Wireless
That is, IMO, best practice; and that is *exactly* how we are setup. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Friday, October 29, 2010 2:42 AM To: NT System Admin Issues Subject: Re: Update: Group Policy Problems Over Wireless I know its late, but sometimes pictures help: [cid:image001.jpg@01CB774F.9C013E40] Rings=signal strength. AP placement as triangular as possible for further expansion. -- ME2 On Tue, Oct 19, 2010 at 7:36 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: If I should only use those 3 channels, what's my best approach? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Update: Group Policy Problems Over Wireless
Gah... Makes me want to go back to copper. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, October 19, 2010 6:07 PM To: NT System Admin Issues Subject: Re: Update: Group Policy Problems Over Wireless Following up on the other responses: http://www.metageek.net The hardware and software on there will help a lot, and some of the software packages (inssider, ekahau, and others) are free, and useful by themselves. Kurt On Tue, Oct 19, 2010 at 05:50, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: No firm resolution on this yet, but possibly a bit of progress. I kept thinking about the problems we were having in this lab. The computers are the same computers we had in the lab last year, and last year we didn’t have these problems. So, what changed? Two things: we replaced the WAPs that serve the lab with newer models, and more WAPs were installed in that area of the building. So I got to thinking that maybe the issue was an incompatibility between Broadcom NICs and the new WAPs, or an issue caused by too many WAPs being in the same vicinity. But we have another lab in a different area of the building that has the exact same WAPs and the exact same computers—but no problems. So that left the latter possibility—lots of WAPs stepping on one another’s toes—as the prime culprit. The WAPs are Cisco/Linksys, and they all default to the same channel. I changed the ones in the area that was having the problem to “auto,” but that didn’t seem to really help. So next I forced the WAPs that serve the lab to “g” rather than “b/g/n.” As moment, everything is working fine. My tech and I will be watching throughout the week, and if things are still working after a few days we’ll consider the issue resolved. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Subject: Group Policy Problems Over Wireless Short version: Is there a trick to improving group policy processing when accessing the network wirelessly? Long version: We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, connecting to Server 2008 R2 DC. I’m trying to deploy a piece of software to these machines via Group Policy. I have things setup so that if the machine is a member of a certain group, the software is deployed. Unfortunately, it only worked correctly on one of the machines—on all the rest, the software isn’t being deployed. So I connect to any of the machines that didn’t get the software, and run gpresult. It doesn’t show me that those machines are members of the group that gets the software. But I know they are; I’ve confirmed in ADUC on the DC. They’re just not picking up group membership. Looking at the event log for events that happen around startup, I see things that make me think group policy processing is trying to happen prior to the wireless network being initialized. Things like: Event ID 5719 (There are currently no logon servers available to service the logon request.) Event ID 129 (NtpClient was unable to set a domain peer to use as a time source because of discovery error.) Event ID 1129 (The processing of Group Policy failed because of lack of network connectivity to a domain controller.) Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. You can log in (including as someone who has never logged into the machine before), ping the DC, browse to \\domain\syvol, and so on. It’s just that at that point, group policy processing seems to have given up. My machines aren’t figuring out that they’ve been added to a new group. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written
RE: Update: Group Policy Problems Over Wireless
Looking through the options on the WAP, I don't see one that looks like it affects the power. Although maybe I'm looking at it but don't recognize it. Not sure if your client reads HTML e-mail. If so, below is a screen shot of my options. [cid:image001.jpg@01CB7034.7DC71340] John -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, October 19, 2010 7:01 PM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless If any two have more distance between them than the rest, set them on the same channel. Say 6, then put the other two on 1 and 11 respectively. You can also turn the power down a bit on the two that are on channel 1. One other thing I learned. You want all your clients to be able to see each others' traffic as this helps prevent collisions. So turning down the power will reduce coverage area for that ap, but may actually help. Sorry for the delayed response, been on the road all day. SW, VA to DC. NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Update: Group Policy Problems Over Wireless
Haven't seen that screen before so I can't offer any advice. Are these Cisco waps? If so, that setting may only be available via the cli. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, October 20, 2010 8:55 AM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless Looking through the options on the WAP, I don't see one that looks like it affects the power. Although maybe I'm looking at it but don't recognize it. Not sure if your client reads HTML e-mail. If so, below is a screen shot of my options. [cid:image002.jpg@01CB7034.DACE6200] John -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, October 19, 2010 7:01 PM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless If any two have more distance between them than the rest, set them on the same channel. Say 6, then put the other two on 1 and 11 respectively. You can also turn the power down a bit on the two that are on channel 1. One other thing I learned. You want all your clients to be able to see each others' traffic as this helps prevent collisions. So turning down the power will reduce coverage area for that ap, but may actually help. Sorry for the delayed response, been on the road all day. SW, VA to DC. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image002.jpg
RE: Update: Group Policy Problems Over Wireless
They're Cisco/Linksys. So, the lower-end stuff-no CLI. From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Wednesday, October 20, 2010 8:58 AM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless Haven't seen that screen before so I can't offer any advice. Are these Cisco waps? If so, that setting may only be available via the cli. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, October 20, 2010 8:55 AM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless Looking through the options on the WAP, I don't see one that looks like it affects the power. Although maybe I'm looking at it but don't recognize it. Not sure if your client reads HTML e-mail. If so, below is a screen shot of my options. [cid:image001.jpg@01CB7035.4CEEB100] John -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, October 19, 2010 7:01 PM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless If any two have more distance between them than the rest, set them on the same channel. Say 6, then put the other two on 1 and 11 respectively. You can also turn the power down a bit on the two that are on channel 1. One other thing I learned. You want all your clients to be able to see each others' traffic as this helps prevent collisions. So turning down the power will reduce coverage area for that ap, but may actually help. Sorry for the delayed response, been on the road all day. SW, VA to DC. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Update: Group Policy Problems Over Wireless
Humm, may not be an option. Id do some googling or manual reading. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, October 20, 2010 9:01 AM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless They're Cisco/Linksys. So, the lower-end stuff-no CLI. From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Wednesday, October 20, 2010 8:58 AM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless Haven't seen that screen before so I can't offer any advice. Are these Cisco waps? If so, that setting may only be available via the cli. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, October 20, 2010 8:55 AM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless Looking through the options on the WAP, I don't see one that looks like it affects the power. Although maybe I'm looking at it but don't recognize it. Not sure if your client reads HTML e-mail. If so, below is a screen shot of my options. [cid:image001.jpg@01CB7035.8A6A9710] John -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, October 19, 2010 7:01 PM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless If any two have more distance between them than the rest, set them on the same channel. Say 6, then put the other two on 1 and 11 respectively. You can also turn the power down a bit on the two that are on channel 1. One other thing I learned. You want all your clients to be able to see each others' traffic as this helps prevent collisions. So turning down the power will reduce coverage area for that ap, but may actually help. Sorry for the delayed response, been on the road all day. SW, VA to DC. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
Re: Update: Group Policy Problems Over Wireless
Yea, not all devices allow you to do it via the GUI, if it all. All newer devices from the past two years have in my experience. -- ME2 On Wed, Oct 20, 2010 at 6:02 AM, Glen Johnson gjohn...@vhcc.edu wrote: Humm, may not be an option. Id do some googling or manual reading. *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, October 20, 2010 9:01 AM *To:* NT System Admin Issues *Subject:* RE: Update: Group Policy Problems Over Wireless They’re Cisco/Linksys. So, the lower-end stuff—no CLI. *From:* Glen Johnson [mailto:gjohn...@vhcc.edu] *Sent:* Wednesday, October 20, 2010 8:58 AM *To:* NT System Admin Issues *Subject:* RE: Update: Group Policy Problems Over Wireless Haven’t seen that screen before so I can’t offer any advice. Are these Cisco waps? If so, that setting may only be available via the cli. *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Wednesday, October 20, 2010 8:55 AM *To:* NT System Admin Issues *Subject:* RE: Update: Group Policy Problems Over Wireless Looking through the options on the WAP, I don't see one that looks like it affects the power. Although maybe I'm looking at it but don't recognize it. Not sure if your client reads HTML e-mail. If so, below is a screen shot of my options. John -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, October 19, 2010 7:01 PM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless If any two have more distance between them than the rest, set them on the same channel. Say 6, then put the other two on 1 and 11 respectively. You can also turn the power down a bit on the two that are on channel 1. One other thing I learned. You want all your clients to be able to see each others' traffic as this helps prevent collisions. So turning down the power will reduce coverage area for that ap, but may actually help. Sorry for the delayed response, been on the road all day. SW, VA to DC. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Update: Group Policy Problems Over Wireless
No firm resolution on this yet, but possibly a bit of progress. I kept thinking about the problems we were having in this lab. The computers are the same computers we had in the lab last year, and last year we didn't have these problems. So, what changed? Two things: we replaced the WAPs that serve the lab with newer models, and more WAPs were installed in that area of the building. So I got to thinking that maybe the issue was an incompatibility between Broadcom NICs and the new WAPs, or an issue caused by too many WAPs being in the same vicinity. But we have another lab in a different area of the building that has the exact same WAPs and the exact same computers-but no problems. So that left the latter possibility-lots of WAPs stepping on one another's toes-as the prime culprit. The WAPs are Cisco/Linksys, and they all default to the same channel. I changed the ones in the area that was having the problem to auto, but that didn't seem to really help. So next I forced the WAPs that serve the lab to g rather than b/g/n. As moment, everything is working fine. My tech and I will be watching throughout the week, and if things are still working after a few days we'll consider the issue resolved. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Subject: Group Policy Problems Over Wireless Short version: Is there a trick to improving group policy processing when accessing the network wirelessly? Long version: We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, connecting to Server 2008 R2 DC. I'm trying to deploy a piece of software to these machines via Group Policy. I have things setup so that if the machine is a member of a certain group, the software is deployed. Unfortunately, it only worked correctly on one of the machines-on all the rest, the software isn't being deployed. So I connect to any of the machines that didn't get the software, and run gpresult. It doesn't show me that those machines are members of the group that gets the software. But I know they are; I've confirmed in ADUC on the DC. They're just not picking up group membership. Looking at the event log for events that happen around startup, I see things that make me think group policy processing is trying to happen prior to the wireless network being initialized. Things like: Event ID 5719 (There are currently no logon servers available to service the logon request.) Event ID 129 (NtpClient was unable to set a domain peer to use as a time source because of discovery error.) Event ID 1129 (The processing of Group Policy failed because of lack of network connectivity to a domain controller.) Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. You can log in (including as someone who has never logged into the machine before), ping the DC, browse to \\domain\syvolfile:///\\domain\syvol, and so on. It's just that at that point, group policy processing seems to have given up. My machines aren't figuring out that they've been added to a new group. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Update: Group Policy Problems Over Wireless
We just had a Cisco site survey done for our wireless and he said never set them to auto for the channel. Plot the waps on a map and manually configure the channels to 1 6 or 11 for minimum overlap. IE, waps on the same channel need to be separated to prevent interference. We had previously had ours set to auto and following his advise helped quite a bit. His explanation is that, when configured for auto, the wap listens when it boots and selects the least busy channel. That may be good at boot time but could change significantly later on. Also, if a wap chooses any channel other than 1, 6 or 11, it can cause interference with on other channels. With these 3 channels selected, you get 3 non-overlapping channels. Any other channel will overlap with 2 of the above. From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.us] Sent: Tuesday, October 19, 2010 8:50 AM To: NT System Admin Issues Subject: Update: Group Policy Problems Over Wireless No firm resolution on this yet, but possibly a bit of progress. I kept thinking about the problems we were having in this lab. The computers are the same computers we had in the lab last year, and last year we didn’t have these problems. So, what changed? Two things: we replaced the WAPs that serve the lab with newer models, and more WAPs were installed in that area of the building. So I got to thinking that maybe the issue was an incompatibility between Broadcom NICs and the new WAPs, or an issue caused by too many WAPs being in the same vicinity. But we have another lab in a different area of the building that has the exact same WAPs and the exact same computers—but no problems. So that left the latter possibility—lots of WAPs stepping on one another’s toes—as the prime culprit. The WAPs are Cisco/Linksys, and they all default to the same channel. I changed the ones in the area that was having the problem to “auto,” but that didn’t seem to really help. So next I forced the WAPs that serve the lab to “g” rather than “b/g/n.” As moment, everything is working fine. My tech and I will be watching throughout the week, and if things are still working after a few days we’ll consider the issue resolved. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Subject: Group Policy Problems Over Wireless Short version: Is there a trick to improving group policy processing when accessing the network wirelessly? Long version: We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, connecting to Server 2008 R2 DC. I’m trying to deploy a piece of software to these machines via Group Policy. I have things setup so that if the machine is a member of a certain group, the software is deployed. Unfortunately, it only worked correctly on one of the machines—on all the rest, the software isn’t being deployed. So I connect to any of the machines that didn’t get the software, and run gpresult. It doesn’t show me that those machines are members of the group that gets the software. But I know they are; I’ve confirmed in ADUC on the DC. They’re just not picking up group membership. Looking at the event log for events that happen around startup, I see things that make me think group policy processing is trying to happen prior to the wireless network being initialized. Things like: Event ID 5719 (There are currently no logon servers available to service the logon request.) Event ID 129 (NtpClient was unable to set a domain peer to use as a time source because of discovery error.) Event ID 1129 (The processing of Group Policy failed because of lack of network connectivity to a domain controller.) Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. You can log in (including as someone who has never logged into the machine before), ping the DC, browse to \\domain\syvolfile:///\\domain\syvol, and so on. It’s just that at that point, group policy processing seems to have given up. My machines aren’t figuring out that they’ve been added to a new group. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request
RE: Update: Group Policy Problems Over Wireless
*headdesk* IMO...never set your APs to Auto. Spend the time, or the money, or both, for a decent site survey. Use only channels 1, 6, 11, and lay your APs out so that the APs on the same channels are not close to each other, because too much signal overlap on the same channel will cause RF collision. Once setup, review periodically (quarterly, semi-annually, annually, etc) to make sure no one has added any wireless in the area that would interfere (or use the utilities built in if you have something like Cisco Wireless Control System with centralized controllers). Keep in mind that RF noise is additive. Any NON 802.11 RF signal will be considered noise, and the more there is, the more it will work against your 802.11 equipment - decreasing the signal-to-noise ratio (SNR) and increasing the chances of wireless data traffic corruption. Side note: There are enough channels in the 802.11a spectrum (5GHz) that channel plans are not usually necessary. Furthermore.Anyone dealing with wireless networks need to understand SNR (Signal to Noise Ratio) and how it impacts wireless performance. It's like trying to talk with another adult in the same room when you have a couple of chatty children in the same room. You can carry on a conversation with another adult across the room, but if you double the number of children, you have to raise your voice. Add enough children, and no matter how loudly you shout, the other adult will never hear you, and vice versa... Here's a link that does a good job of explaining it and provides some guidelines: wi-fiplanet.com - How to: Define Minimum SNR Values for Signal Coveragehttp://www.wi-fiplanet.com/tutorials/article.php/3743986/How-to-Define-Minimum-SNR-Values-for-Signal-Coverage.htm Hope this helps. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Tuesday, October 19, 2010 8:50 AM To: NT System Admin Issues Subject: Update: Group Policy Problems Over Wireless No firm resolution on this yet, but possibly a bit of progress. I kept thinking about the problems we were having in this lab. The computers are the same computers we had in the lab last year, and last year we didn't have these problems. So, what changed? Two things: we replaced the WAPs that serve the lab with newer models, and more WAPs were installed in that area of the building. So I got to thinking that maybe the issue was an incompatibility between Broadcom NICs and the new WAPs, or an issue caused by too many WAPs being in the same vicinity. But we have another lab in a different area of the building that has the exact same WAPs and the exact same computers-but no problems. So that left the latter possibility-lots of WAPs stepping on one another's toes-as the prime culprit. The WAPs are Cisco/Linksys, and they all default to the same channel. I changed the ones in the area that was having the problem to auto, but that didn't seem to really help. So next I forced the WAPs that serve the lab to g rather than b/g/n. As moment, everything is working fine. My tech and I will be watching throughout the week, and if things are still working after a few days we'll consider the issue resolved. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Subject: Group Policy Problems Over Wireless Short version: Is there a trick to improving group policy processing when accessing the network wirelessly? Long version: We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, connecting to Server 2008 R2 DC. I'm trying to deploy a piece of software to these machines via Group Policy. I have things setup so that if the machine is a member of a certain group, the software is deployed. Unfortunately, it only worked correctly on one of the machines-on all the rest, the software isn't being deployed. So I connect to any of the machines that didn't get the software, and run gpresult. It doesn't show me that those machines are members of the group that gets the software. But I know they are; I've confirmed in ADUC on the DC. They're just not picking up group membership. Looking at the event log for events that happen around startup, I see things that make me think group policy processing is trying to happen prior to the wireless network being initialized. Things like: Event ID 5719 (There are currently no logon servers available to service the logon request.) Event ID 129 (NtpClient was unable to set a domain peer to use as a time source because of discovery error.) Event ID 1129 (The processing of Group Policy failed because of lack of network connectivity to a domain controller.) Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. You can log
RE: Update: Group Policy Problems Over Wireless
The theory behind auto seems good... Listen for a channel that's not noisy, then use it. But I get what you're saying--there may not be interference on a particular channel when the WAP boots, but that doesn't mean there won't be later. The trouble is that we have 4 WAPs in close proximity. If I should only use those 3 channels, what's my best approach? -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, October 19, 2010 9:23 AM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless We just had a Cisco site survey done for our wireless and he said never set them to auto for the channel. Plot the waps on a map and manually configure the channels to 1 6 or 11 for minimum overlap. IE, waps on the same channel need to be separated to prevent interference. We had previously had ours set to auto and following his advise helped quite a bit. His explanation is that, when configured for auto, the wap listens when it boots and selects the least busy channel. That may be good at boot time but could change significantly later on. Also, if a wap chooses any channel other than 1, 6 or 11, it can cause interference with on other channels. With these 3 channels selected, you get 3 non-overlapping channels. Any other channel will overlap with 2 of the above. From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.us] Sent: Tuesday, October 19, 2010 8:50 AM To: NT System Admin Issues Subject: Update: Group Policy Problems Over Wireless No firm resolution on this yet, but possibly a bit of progress. I kept thinking about the problems we were having in this lab. The computers are the same computers we had in the lab last year, and last year we didn't have these problems. So, what changed? Two things: we replaced the WAPs that serve the lab with newer models, and more WAPs were installed in that area of the building. So I got to thinking that maybe the issue was an incompatibility between Broadcom NICs and the new WAPs, or an issue caused by too many WAPs being in the same vicinity. But we have another lab in a different area of the building that has the exact same WAPs and the exact same computers-but no problems. So that left the latter possibility-lots of WAPs stepping on one another's toes-as the prime culprit. The WAPs are Cisco/Linksys, and they all default to the same channel. I changed the ones in the area that was having the problem to auto, but that didn't seem to really help. So next I forced the WAPs that serve the lab to g rather than b/g/n. As moment, everything is working fine. My tech and I will be watching throughout the week, and if things are still working after a few days we'll consider the issue resolved. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Subject: Group Policy Problems Over Wireless Short version: Is there a trick to improving group policy processing when accessing the network wirelessly? Long version: We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, connecting to Server 2008 R2 DC. I'm trying to deploy a piece of software to these machines via Group Policy. I have things setup so that if the machine is a member of a certain group, the software is deployed. Unfortunately, it only worked correctly on one of the machines-on all the rest, the software isn't being deployed. So I connect to any of the machines that didn't get the software, and run gpresult. It doesn't show me that those machines are members of the group that gets the software. But I know they are; I've confirmed in ADUC on the DC. They're just not picking up group membership. Looking at the event log for events that happen around startup, I see things that make me think group policy processing is trying to happen prior to the wireless network being initialized. Things like: Event ID 5719 (There are currently no logon servers available to service the logon request.) Event ID 129 (NtpClient was unable to set a domain peer to use as a time source because of discovery error.) Event ID 1129 (The processing of Group Policy failed because of lack of network connectivity to a domain controller.) Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. You can log in (including as someone who has never logged into the machine before), ping the DC, browse to \\domain\syvolfile:///\\domain\syvol, and so on. It's just that at that point, group policy processing seems to have given up. My machines aren't figuring out that they've been added to a new group. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe
Re: Update: Group Policy Problems Over Wireless
http://www.sans.org/reading_room/whitepapers/auditing/wifi-backtrack_2038 http://www.sans.org/reading_room/whitepapers/auditing/wifi-backtrack_2038Here is a whitepaper on using the free backtrack bootable CD to audit and map your wireless network or hire someone to do it. I took the SANS 'Assessing and Securing Wireless Networks' course a few years back and it was well worth the money. Of course, your head may explode by the end of the course :-) The short answer is to use 3 channels and double up on the pair of APs that are furthest apart. YMMV. -Jeff Steward On Tue, Oct 19, 2010 at 10:36 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: The theory behind auto seems good... Listen for a channel that's not noisy, then use it. But I get what you're saying--there may not be interference on a particular channel when the WAP boots, but that doesn't mean there won't be later. The trouble is that we have 4 WAPs in close proximity. If I should only use those 3 channels, what's my best approach? -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, October 19, 2010 9:23 AM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless We just had a Cisco site survey done for our wireless and he said never set them to auto for the channel. Plot the waps on a map and manually configure the channels to 1 6 or 11 for minimum overlap. IE, waps on the same channel need to be separated to prevent interference. We had previously had ours set to auto and following his advise helped quite a bit. His explanation is that, when configured for auto, the wap listens when it boots and selects the least busy channel. That may be good at boot time but could change significantly later on. Also, if a wap chooses any channel other than 1, 6 or 11, it can cause interference with on other channels. With these 3 channels selected, you get 3 non-overlapping channels. Any other channel will overlap with 2 of the above. From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.us] Sent: Tuesday, October 19, 2010 8:50 AM To: NT System Admin Issues Subject: Update: Group Policy Problems Over Wireless No firm resolution on this yet, but possibly a bit of progress. I kept thinking about the problems we were having in this lab. The computers are the same computers we had in the lab last year, and last year we didn't have these problems. So, what changed? Two things: we replaced the WAPs that serve the lab with newer models, and more WAPs were installed in that area of the building. So I got to thinking that maybe the issue was an incompatibility between Broadcom NICs and the new WAPs, or an issue caused by too many WAPs being in the same vicinity. But we have another lab in a different area of the building that has the exact same WAPs and the exact same computers-but no problems. So that left the latter possibility-lots of WAPs stepping on one another's toes-as the prime culprit. The WAPs are Cisco/Linksys, and they all default to the same channel. I changed the ones in the area that was having the problem to auto, but that didn't seem to really help. So next I forced the WAPs that serve the lab to g rather than b/g/n. As moment, everything is working fine. My tech and I will be watching throughout the week, and if things are still working after a few days we'll consider the issue resolved. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Subject: Group Policy Problems Over Wireless Short version: Is there a trick to improving group policy processing when accessing the network wirelessly? Long version: We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, connecting to Server 2008 R2 DC. I'm trying to deploy a piece of software to these machines via Group Policy. I have things setup so that if the machine is a member of a certain group, the software is deployed. Unfortunately, it only worked correctly on one of the machines-on all the rest, the software isn't being deployed. So I connect to any of the machines that didn't get the software, and run gpresult. It doesn't show me that those machines are members of the group that gets the software. But I know they are; I've confirmed in ADUC on the DC. They're just not picking up group membership. Looking at the event log for events that happen around startup, I see things that make me think group policy processing is trying to happen prior to the wireless network being initialized. Things like: Event ID 5719 (There are currently no logon servers available to service the logon request.) Event ID 129 (NtpClient was unable to set a domain peer to use as a time source because of discovery error.) Event ID 1129 (The processing of Group Policy failed because of lack of network connectivity to a domain controller.) Connectivity to the DC is fine once you get
RE: Update: Group Policy Problems Over Wireless
I'm just now looking at this: www.flukenetworks.com/TryAirCheckhttp://www.flukenetworks.com/TryAirCheck Thinking it might be useful... From: Jeff Steward [mailto:jstew...@gmail.com] Sent: Tuesday, October 19, 2010 11:09 AM To: NT System Admin Issues Subject: Re: Update: Group Policy Problems Over Wireless http://www.sans.org/reading_room/whitepapers/auditing/wifi-backtrack_2038 Here is a whitepaper on using the free backtrack bootable CD to audit and map your wireless network or hire someone to do it. I took the SANS 'Assessing and Securing Wireless Networks' course a few years back and it was well worth the money. Of course, your head may explode by the end of the course :-) The short answer is to use 3 channels and double up on the pair of APs that are furthest apart. YMMV. -Jeff Steward On Tue, Oct 19, 2010 at 10:36 AM, John Hornbuckle john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us wrote: The theory behind auto seems good... Listen for a channel that's not noisy, then use it. But I get what you're saying--there may not be interference on a particular channel when the WAP boots, but that doesn't mean there won't be later. The trouble is that we have 4 WAPs in close proximity. If I should only use those 3 channels, what's my best approach? -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edumailto:gjohn...@vhcc.edu] Sent: Tuesday, October 19, 2010 9:23 AM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless We just had a Cisco site survey done for our wireless and he said never set them to auto for the channel. Plot the waps on a map and manually configure the channels to 1 6 or 11 for minimum overlap. IE, waps on the same channel need to be separated to prevent interference. We had previously had ours set to auto and following his advise helped quite a bit. His explanation is that, when configured for auto, the wap listens when it boots and selects the least busy channel. That may be good at boot time but could change significantly later on. Also, if a wap chooses any channel other than 1, 6 or 11, it can cause interference with on other channels. With these 3 channels selected, you get 3 non-overlapping channels. Any other channel will overlap with 2 of the above. From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us] Sent: Tuesday, October 19, 2010 8:50 AM To: NT System Admin Issues Subject: Update: Group Policy Problems Over Wireless No firm resolution on this yet, but possibly a bit of progress. I kept thinking about the problems we were having in this lab. The computers are the same computers we had in the lab last year, and last year we didn't have these problems. So, what changed? Two things: we replaced the WAPs that serve the lab with newer models, and more WAPs were installed in that area of the building. So I got to thinking that maybe the issue was an incompatibility between Broadcom NICs and the new WAPs, or an issue caused by too many WAPs being in the same vicinity. But we have another lab in a different area of the building that has the exact same WAPs and the exact same computers-but no problems. So that left the latter possibility-lots of WAPs stepping on one another's toes-as the prime culprit. The WAPs are Cisco/Linksys, and they all default to the same channel. I changed the ones in the area that was having the problem to auto, but that didn't seem to really help. So next I forced the WAPs that serve the lab to g rather than b/g/n. As moment, everything is working fine. My tech and I will be watching throughout the week, and if things are still working after a few days we'll consider the issue resolved. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.usmailto:john.hornbuc...@taylor.k12.fl.us] Subject: Group Policy Problems Over Wireless Short version: Is there a trick to improving group policy processing when accessing the network wirelessly? Long version: We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, connecting to Server 2008 R2 DC. I'm trying to deploy a piece of software to these machines via Group Policy. I have things setup so that if the machine is a member of a certain group, the software is deployed. Unfortunately, it only worked correctly on one of the machines-on all the rest, the software isn't being deployed. So I connect to any of the machines that didn't get the software, and run gpresult. It doesn't show me that those machines are members of the group that gets the software. But I know they are; I've confirmed in ADUC on the DC. They're just not picking up group membership. Looking at the event log for events that happen around startup, I see things that make me think group policy processing is trying to happen prior to the wireless network being initialized. Things like: Event ID 5719
RE: Update: Group Policy Problems Over Wireless
Define close proximity. You may have too many APs for the area you're trying to cover, depending on how many clients you're trying to serve. How close (or far) they should be is determined by many factors, including SNR, RSSI, power level of each AP, number of clients attempting to connect per AP, etc. Building design and layout will impact your signal levels (and thus, your AP density) quite a bit. As a frame of reference, I have included my AP breakdown per facility for a handful of facilities, along with the square footage per facility. We're using Cisco 1142 Light-Weight APs, almost pure 802.11n for all of our clients (a few are using 802.11g), and our WLAN is designed to voice specification. Our coverage is phenomenal, and we have almost zero wireless issues. Facility #1, 7 APs, 10,600 sf Facility #2, 5 APs, 6,901 sf Facility #3, 6 APs, 15,300 sf Facility # 4, 8 APs, 14,610 sf (three different sites in one space, makes for a funky design) Facility # 5, 11 APs, 19,877 sf (misleading, because this covers two floors, with a lot of unused space on second floor) Facility # 6, 6 APs, 8,037 sf My experience is roughly 1 AP per 1500 to 2500 sq feet of coverage needed, depending on building design and other considerations. When rough budgeting, I budget for one AP to every 1,000 to 1,200 square feet, because you never know what you're going to run into. In two of our facilities, the building was added on to at some point in the past, so there is a two foot thick mortar, block, brick, and steel wall running through various parts of the office. This one factor significantly increased our costs and altered our design. I don't budget based on users, because my user density is not very high, and I know my users per AP will almost always be 5 or less. A formal site survey will give you much more accurate AP counts for budgeting purposes. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.com www.eaglemds.com -Original Message- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Tuesday, October 19, 2010 10:37 AM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless The theory behind auto seems good... Listen for a channel that's not noisy, then use it. But I get what you're saying--there may not be interference on a particular channel when the WAP boots, but that doesn't mean there won't be later. The trouble is that we have 4 WAPs in close proximity. If I should only use those 3 channels, what's my best approach? -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, October 19, 2010 9:23 AM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless We just had a Cisco site survey done for our wireless and he said never set them to auto for the channel. Plot the waps on a map and manually configure the channels to 1 6 or 11 for minimum overlap. IE, waps on the same channel need to be separated to prevent interference. We had previously had ours set to auto and following his advise helped quite a bit. His explanation is that, when configured for auto, the wap listens when it boots and selects the least busy channel. That may be good at boot time but could change significantly later on. Also, if a wap chooses any channel other than 1, 6 or 11, it can cause interference with on other channels. With these 3 channels selected, you get 3 non-overlapping channels. Any other channel will overlap with 2 of the above. From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.us] Sent: Tuesday, October 19, 2010 8:50 AM To: NT System Admin Issues Subject: Update: Group Policy Problems Over Wireless No firm resolution on this yet, but possibly a bit of progress. I kept thinking about the problems we were having in this lab. The computers are the same computers we had in the lab last year, and last year we didn't have these problems. So, what changed? Two things: we replaced the WAPs that serve the lab with newer models, and more WAPs were installed in that area of the building. So I got to thinking that maybe the issue was an incompatibility between Broadcom NICs and the new WAPs, or an issue caused by too many WAPs being in the same vicinity. But we have another lab in a different area of the building that has the exact same WAPs and the exact same computers-but no problems. So that left the latter possibility-lots of WAPs stepping on one another's toes-as the prime culprit. The WAPs are Cisco/Linksys, and they all default to the same channel. I changed the ones in the area that was having the problem to auto, but that didn't seem to really help. So next I forced the WAPs that serve the lab to g rather than b/g/n. As moment, everything is working fine. My tech and I will be watching throughout the week, and if things are still working after a few days we'll
Re: Update: Group Policy Problems Over Wireless
+ a billion. There are many oddities to be had because of channel auto-selection, especially depending on the frequency it performs the congestion check. Like servers, hard code it and deal with connectivity issues as they come. -- ME2 On Tue, Oct 19, 2010 at 7:13 AM, Raper, Jonathan - Eagle jra...@eaglemds.com wrote: **headdesk** IMO…never set your APs to Auto. Spend the time, or the money, or both, for a decent site survey. Use only channels 1, 6, 11, and lay your APs out so that the APs on the same channels are not close to each other, because too much signal overlap on the same channel will cause RF collision. Once setup, review periodically (quarterly, semi-annually, annually, etc) to make sure no one has added any wireless in the area that would interfere (or use the utilities built in if you have something like Cisco Wireless Control System with centralized controllers). Keep in mind that RF noise is additive. Any NON 802.11 RF signal will be considered noise, and the more there is, the more it will work against your 802.11 equipment - decreasing the signal-to-noise ratio (SNR) and increasing the chances of wireless data traffic corruption. Side note: There are enough channels in the 802.11a spectrum (5GHz) that channel plans are not usually necessary. Furthermore…..Anyone dealing with wireless networks need to understand SNR (Signal to Noise Ratio) and how it impacts wireless performance. It’s like trying to talk with another adult in the same room when you have a couple of chatty children in the same room. You can carry on a conversation with another adult across the room, but if you double the number of children, you have to raise your voice. Add enough children, and no matter how loudly you shout, the other adult will never hear you, and vice versa… Here’s a link that does a good job of explaining it and provides some guidelines: wi-fiplanet.com - How to: Define Minimum SNR Values for Signal Coveragehttp://www.wi-fiplanet.com/tutorials/article.php/3743986/How-to-Define-Minimum-SNR-Values-for-Signal-Coverage.htm Hope this helps. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA* *jra...@eaglemds.com* *www.eaglemds.com -- *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Sent:* Tuesday, October 19, 2010 8:50 AM *To:* NT System Admin Issues *Subject:* Update: Group Policy Problems Over Wireless No firm resolution on this yet, but possibly a bit of progress. I kept thinking about the problems we were having in this lab. The computers are the same computers we had in the lab last year, and last year we didn’t have these problems. So, what changed? Two things: we replaced the WAPs that serve the lab with newer models, and more WAPs were installed in that area of the building. So I got to thinking that maybe the issue was an incompatibility between Broadcom NICs and the new WAPs, or an issue caused by too many WAPs being in the same vicinity. But we have another lab in a different area of the building that has the exact same WAPs and the exact same computers—but no problems. So that left the latter possibility—lots of WAPs stepping on one another’s toes—as the prime culprit. The WAPs are Cisco/Linksys, and they all default to the same channel. I changed the ones in the area that was having the problem to “auto,” but that didn’t seem to really help. So next I forced the WAPs that serve the lab to “g” rather than “b/g/n.” As moment, everything is working fine. My tech and I will be watching throughout the week, and if things are still working after a few days we’ll consider the issue resolved. John *From:* John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] *Subject:* Group Policy Problems Over Wireless Short version: *Is there a trick to improving group policy processing when accessing the network wirelessly?* Long version: We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, connecting to Server 2008 R2 DC. I’m trying to deploy a piece of software to these machines via Group Policy. I have things setup so that if the machine is a member of a certain group, the software is deployed. Unfortunately, it only worked correctly on one of the machines—on all the rest, the software isn’t being deployed. So I connect to any of the machines that didn’t get the software, and run gpresult. It doesn’t show me that those machines are members of the group that gets the software. But I know they are; I’ve confirmed in ADUC on the DC. They’re just not picking up group membership. Looking at the event log for events that happen around startup, I see things that make me think group policy processing is trying to happen prior to the wireless network being initialized. Things like: Event ID 5719 (There are currently no logon servers available to service
Re: Update: Group Policy Problems Over Wireless
Following up on the other responses: http://www.metageek.net The hardware and software on there will help a lot, and some of the software packages (inssider, ekahau, and others) are free, and useful by themselves. Kurt On Tue, Oct 19, 2010 at 05:50, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: No firm resolution on this yet, but possibly a bit of progress. I kept thinking about the problems we were having in this lab. The computers are the same computers we had in the lab last year, and last year we didn’t have these problems. So, what changed? Two things: we replaced the WAPs that serve the lab with newer models, and more WAPs were installed in that area of the building. So I got to thinking that maybe the issue was an incompatibility between Broadcom NICs and the new WAPs, or an issue caused by too many WAPs being in the same vicinity. But we have another lab in a different area of the building that has the exact same WAPs and the exact same computers—but no problems. So that left the latter possibility—lots of WAPs stepping on one another’s toes—as the prime culprit. The WAPs are Cisco/Linksys, and they all default to the same channel. I changed the ones in the area that was having the problem to “auto,” but that didn’t seem to really help. So next I forced the WAPs that serve the lab to “g” rather than “b/g/n.” As moment, everything is working fine. My tech and I will be watching throughout the week, and if things are still working after a few days we’ll consider the issue resolved. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Subject: Group Policy Problems Over Wireless Short version: Is there a trick to improving group policy processing when accessing the network wirelessly? Long version: We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, connecting to Server 2008 R2 DC. I’m trying to deploy a piece of software to these machines via Group Policy. I have things setup so that if the machine is a member of a certain group, the software is deployed. Unfortunately, it only worked correctly on one of the machines—on all the rest, the software isn’t being deployed. So I connect to any of the machines that didn’t get the software, and run gpresult. It doesn’t show me that those machines are members of the group that gets the software. But I know they are; I’ve confirmed in ADUC on the DC. They’re just not picking up group membership. Looking at the event log for events that happen around startup, I see things that make me think group policy processing is trying to happen prior to the wireless network being initialized. Things like: Event ID 5719 (There are currently no logon servers available to service the logon request.) Event ID 129 (NtpClient was unable to set a domain peer to use as a time source because of discovery error.) Event ID 1129 (The processing of Group Policy failed because of lack of network connectivity to a domain controller.) Connectivity to the DC is fine once you get the [Ctrl] + [Alt] + [Del] window. You can log in (including as someone who has never logged into the machine before), ping the DC, browse to \\domain\syvol, and so on. It’s just that at that point, group policy processing seems to have given up. My machines aren’t figuring out that they’ve been added to a new group. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Update: Group Policy Problems Over Wireless
If any two have more distance between them than the rest, set them on the same channel. Say 6, then put the other two on 1 and 11 respectively. You can also turn the power down a bit on the two that are on channel 1. One other thing I learned. You want all your clients to be able to see each others' traffic as this helps prevent collisions. So turning down the power will reduce coverage area for that ap, but may actually help. Sorry for the delayed response, been on the road all day. SW, VA to DC. -Original Message- From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Tuesday, October 19, 2010 10:37 AM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless The theory behind auto seems good... Listen for a channel that's not noisy, then use it. But I get what you're saying--there may not be interference on a particular channel when the WAP boots, but that doesn't mean there won't be later. The trouble is that we have 4 WAPs in close proximity. If I should only use those 3 channels, what's my best approach? -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, October 19, 2010 9:23 AM To: NT System Admin Issues Subject: RE: Update: Group Policy Problems Over Wireless We just had a Cisco site survey done for our wireless and he said never set them to auto for the channel. Plot the waps on a map and manually configure the channels to 1 6 or 11 for minimum overlap. IE, waps on the same channel need to be separated to prevent interference. We had previously had ours set to auto and following his advise helped quite a bit. His explanation is that, when configured for auto, the wap listens when it boots and selects the least busy channel. That may be good at boot time but could change significantly later on. Also, if a wap chooses any channel other than 1, 6 or 11, it can cause interference with on other channels. With these 3 channels selected, you get 3 non-overlapping channels. Any other channel will overlap with 2 of the above. From: John Hornbuckle [john.hornbuc...@taylor.k12.fl.us] Sent: Tuesday, October 19, 2010 8:50 AM To: NT System Admin Issues Subject: Update: Group Policy Problems Over Wireless No firm resolution on this yet, but possibly a bit of progress. I kept thinking about the problems we were having in this lab. The computers are the same computers we had in the lab last year, and last year we didn't have these problems. So, what changed? Two things: we replaced the WAPs that serve the lab with newer models, and more WAPs were installed in that area of the building. So I got to thinking that maybe the issue was an incompatibility between Broadcom NICs and the new WAPs, or an issue caused by too many WAPs being in the same vicinity. But we have another lab in a different area of the building that has the exact same WAPs and the exact same computers-but no problems. So that left the latter possibility-lots of WAPs stepping on one another's toes-as the prime culprit. The WAPs are Cisco/Linksys, and they all default to the same channel. I changed the ones in the area that was having the problem to auto, but that didn't seem to really help. So next I forced the WAPs that serve the lab to g rather than b/g/n. As moment, everything is working fine. My tech and I will be watching throughout the week, and if things are still working after a few days we'll consider the issue resolved. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Subject: Group Policy Problems Over Wireless Short version: Is there a trick to improving group policy processing when accessing the network wirelessly? Long version: We have a lab with machines that have Broadcom wireless NICs in them. Vista OS, connecting to Server 2008 R2 DC. I'm trying to deploy a piece of software to these machines via Group Policy. I have things setup so that if the machine is a member of a certain group, the software is deployed. Unfortunately, it only worked correctly on one of the machines-on all the rest, the software isn't being deployed. So I connect to any of the machines that didn't get the software, and run gpresult. It doesn't show me that those machines are members of the group that gets the software. But I know they are; I've confirmed in ADUC on the DC. They're just not picking up group membership. Looking at the event log for events that happen around startup, I see things that make me think group policy processing is trying to happen prior to the wireless network being initialized. Things like: Event ID 5719 (There are currently no logon servers available to service the logon request.) Event ID 129 (NtpClient was unable to set a domain peer to use as a time source because of discovery error.) Event ID 1129 (The processing of Group Policy failed because of lack of network connectivity to a domain controller.) Connectivity
