Jul 06 2022 06:07 AM
Not sure if anyone else has come across this issue but we have setup a WiFi profile which is being deployed to our devices.
Users have to manually connect to the wireless connection (specified in the profile settings) and they are able to do this and then login to the Windows 10 device.
What is happening then is when the device syncs with InTune the Wifi connection that was made by the user (and specified in the profile being applied to the device) is being dropped.
The user can re-connect after entering their WiFi credentials again, however if another sync takes place the WiFi will drop again.
Our profile is set to forget the users WiFi credentials when they log out of the device, so we would expect the next user who uses the device to connect to the WiFi with their own credentials.
But it seem as if the sync is removing the WiFi credentials before the current user has logged out?
Jul 06 2022 07:08 PM
Jul 07 2022 01:40 AM
Jul 07 2022 07:49 PM - edited Jul 07 2022 07:50 PM
Looks ok. Can you please check the event viewer to check if you see any errors? It gets added there.
Open the Event Viewer:
On the View menu, select Show Analytic and Debug Logs.
Expand Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider > Admin
https://docs.microsoft.com/en-us/troubleshoot/mem/intune/troubleshoot-wi-fi-profiles
Jul 11 2022 07:53 AM
So I connected the device to the WiFi connection that gets dropped, clicked the sync button and captured the Event Logs for this period of time.
The WiFi did drop, one specific error message referencing the WiFi profile is below:
Here are the event logs for the period during the sync in a .zip folder.
I do have an open ticket for this issue with Microsoft, they have collected a load of diagnostic files from the device and are currently looking at them (awaiting a response from them) if I do get a fix for this I will be sure to post on this chat.
Regards
James
Jul 11 2022 08:08 AM
Not sure why your connections would drop when syncing, so I'll join @Moe_Kinani in looking forward to more info.
I did however want to point out that the "Remember credentials at each logon" configuration doesn't mean users have to re-authenticate after logging into Windows again. It simply means that credentials for this connection are in no way stored or cached so each (re-)connection (even in the same Windows session) has to be authenticated again.
Jul 11 2022 08:15 AM
Jul 11 2022 07:32 PM
Jul 12 2022 03:09 AM
Jul 14 2022 12:20 AM - edited Jul 14 2022 12:22 AM
It might be nothing, but have you tried setting "Single sign-on (SSO)" to "Enable after user signs into device"? It would be more logical for your requirements anyway.
Aug 26 2022 02:21 AM
Did you ever get this resolved? We are more or less in the exact same boat.
Aug 26 2022 09:36 AM
Aug 26 2022 09:38 AM - edited Aug 26 2022 09:45 AM
The Microsoft engineer I spoke to said it was not a known issue, he did ask if we get the same issue on a device running Windows 10 Pro, however we only use Windows 10 Education. Which version are you using if you are having the same problem?
I will post the resolution once Microsoft have one too this forum.
Aug 29 2022 12:36 AM - edited Aug 29 2022 12:40 AM
Hi James, thanks for getting back to me. I see. We only experience this issue for some devices that are still in a "test phase" for Autopilot. So we have replaced our GPO's with intune policies but this is an issue for every test user so far, however, it does not happen too often. We are running WIN10 Pro 20H2.
Edit: Also, we don't use credentials for our wifi but it's a certificate pushed from our NDES.
Aug 10 2023 09:44 AM
@James_Chudley Hi James; did you ever get a resolution from MS on this issue? We are setting this issue on Windows 11 and 10 devices in our new testing environment. We are pushing certificate based authentication using Cloud RADIUS, and everything works fine (WiFi connects after prompt to trust the certificate), but upon the next Intune Sync, it disconnects WiFi, and upon manual reconnect, it asks about the certificate again, requiring user internaction to accept.
If we manually disconnect from wifi and reconnect inbetween Intune Syncs, it connects fine with no prompts.
This tells me that the WiFi profile is getting re-applied every time from Intune upon sync, starting the process over again.
Did you get anywhere with MS on this issue?
Dec 11 2023 10:54 AM
Dec 11 2023 01:41 PM
Hi @ikoojo7
Yes, it turned out we were missing a root certificate that needed to be deployed that wasn't in our cloud provider's documentation (PortNox).
There needs to be a total of 4 different profiles pushed:
CLEAR ROOT CA provided by cloud account
CLEAR SCEP provided by your cloud account
RADIUS CA provided by your cloud account (this was the one we were missing)
WiFi Profile
Once we added that missing profile and pushed it out, the devices stopped disconnecting.
Dec 12 2023 11:40 AM
@TedLarsen without going back into all the detail of my original post Microsoft confirmed two issues (one of which was expected behaviour).
Issue 1 was fixed in the in the March Intune release, this was that when using Wi-Fi profiles in the way we were trying to use them evertime a sync occured the wifi profile was replaced (leading to the user having to re-authenticate every time a sync happened) as the wifi dropped when a sync took place and the profile was replaced. They fixed this so the profile did not get replaced each time.
The other issue which remained after the fix above was applied wsa that the wifi profile would drop once after each initial sync, if you then reconnected it would stay connected after every sync, until the user signed out.
Basically because the user (not yet authenticated in Windows) was authenticating against the wifi prior to being logged in, once logged in the network was dropped as the sync would recognise the user now logged in was different to the user who connected to the wifi prior to logging in.
Which is exactly what we were trying to acheive by wiping the previuos users wifi credentials to ensure the user got the correct web filtering rules each time a new user logged onto the devices.
Hopefully this make sense, we ended up using a pre-shared key wifi SSID, and installing a web agent on the devices to authenticate against the proxy. Rather than relying on Radius authentication.
Much easier.