WiFi Network dropping when device syncs (Windows 10) with InTune

Copper Contributor

Not sure if anyone else has come across this issue but we have setup a WiFi profile which is being deployed to our devices.

 

Users have to manually connect to the wireless connection (specified in the profile settings) and they are able to do this and then login to the Windows 10 device.

 

What is happening then is when the device syncs with InTune the Wifi connection that was made by the user (and specified in the profile being applied to the device) is being dropped.

 

The user can re-connect after entering their WiFi credentials again, however if another sync takes place the WiFi will drop again.

 

Our profile is set to forget the users WiFi credentials when they log out of the device, so we would expect the next user who uses the device to connect to the WiFi with their own credentials.

 

But it seem as if the sync is removing the WiFi credentials before the current user has logged out?

17 Replies
I have seen similar issues with Enterprise Profile during AutoPilot before, would you mind sharing your Wifi config setting? Very curious to see what you put in Authentication period field and other settings.

Moe

@Moe_Kinani 

 

No Problem, here you go.

 

jameschudley_0-1657183176846.png

jameschudley_1-1657183203226.png

jameschudley_2-1657183237936.png

Regards

 

James

Looks ok. Can you please check the event viewer to check if you see any errors? It gets added there.

Open the Event Viewer:
On the View menu, select Show Analytic and Debug Logs.
Expand Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider > Admin

 

https://docs.microsoft.com/en-us/troubleshoot/mem/intune/troubleshoot-wi-fi-profiles

@Moe_Kinani 

 

So I connected the device to the WiFi connection that gets dropped, clicked the sync button and captured the Event Logs for this period of time.

 

The WiFi did drop, one specific error message referencing the WiFi profile is below:

 

2022-07-11 15_44_54-Event Viewer.jpg

 

Here are the event logs for the period during the sync in a .zip folder.

 

I do have an open ticket for this issue with Microsoft, they have collected a load of diagnostic files from the device and are currently looking at them (awaiting a response from them) if I do get a fix for this I will be sure to post on this chat.

Regards

 

James

 

 

Not sure why your connections would drop when syncing, so I'll join @Moe_Kinani in looking forward to more info. 

 

I did however want to point out that the "Remember credentials at each logon" configuration doesn't mean users have to re-authenticate after logging into Windows again. It simply means that credentials for this connection are in no way stored or cached so each (re-)connection (even in the same Windows session) has to be authenticated again. 

Hi Niels,

Thank You, and yes we realise this setting makes sure the WiFi credentials are not cached on the device,.

As we want each user of the device (will get used by different users) to re-authenticate with the WiFi network to ensure they get the correct filtering profile.

Regards

James

Silly question, do you apply this policy to users or devices?
I feel there is a bug when the xml applied to the pc. Can you try to cache the creds - sync- check event viewer if you see the same error?

I think the CSP should be showing like below ./Users/Vendor/MSFT/WiFi/…..
Hi Moe,

We apply this policy to the device as we want it too apply no matter which user logs into the device.

as per the guidance from Microsoft: https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-assign

Regards

James

It might be nothing, but have you tried setting "Single sign-on (SSO)" to "Enable after user signs into device"? It would be more logical for your requirements anyway.

 

Did you ever get this resolved? We are more or less in the exact same boat.

Not yet, but we have an open support ticket with Microsoft for this issue. They have acknowledged there is an issue which was identified via log files we supplied to them from a device which has the issue. Had an engineer carry out a remote session this Monday to look into the problem further. Awaiting an update. It affects nearly all of our shared corporate Windows Intune devices. And has done for some time now.

The Microsoft engineer I spoke to said it was not a known issue, he did ask if we get the same issue on a device running Windows 10 Pro, however we only use Windows 10 Education. Which version are you using if you are having the same problem?

 

I will post the resolution once Microsoft have one too this forum.

Hi James, thanks for getting back to me. I see. We only experience this issue for some devices that are still in a "test phase" for Autopilot. So we have replaced our GPO's with intune policies but this is an issue for every test user so far, however, it does not happen too often. We are running WIN10 Pro 20H2.

 

Edit: Also, we don't use credentials for our wifi but it's a certificate pushed from our NDES.

@James_Chudley  Hi James; did you ever get a resolution from MS on this issue?   We are setting this issue on Windows 11 and 10 devices in our new testing environment.  We are pushing certificate based authentication using Cloud RADIUS, and everything works fine (WiFi connects after prompt to trust the certificate), but upon the next Intune Sync, it disconnects WiFi, and upon manual reconnect, it asks about the certificate again, requiring user internaction to accept.  

If we manually disconnect from wifi and reconnect inbetween Intune Syncs, it connects fine with no prompts.  

This tells me that the WiFi profile is getting re-applied every time from Intune upon sync, starting the process over again.        

Did you get anywhere with MS on this issue?

Any resolution on this, I am having same issue.

Hi @ikoojo7 

Yes, it turned out we were missing a root certificate that needed to be deployed that wasn't in our cloud provider's documentation (PortNox).  

There needs to be a total of 4 different profiles pushed:   

CLEAR ROOT CA provided by cloud account

CLEAR SCEP provided by your cloud account

RADIUS CA provided by your cloud account (this was the one we were missing)
WiFi Profile  

Once we added that missing profile and pushed it out, the devices stopped disconnecting. 

@TedLarsen without going back into all the detail of my original post Microsoft confirmed two issues (one of which was expected behaviour).

 

Issue 1 was fixed in the in the March Intune release, this was that when using Wi-Fi profiles in the way we were trying to use them evertime a sync occured the wifi profile was replaced (leading to the user having to re-authenticate every time a sync happened) as the wifi dropped when a sync took place and the profile was replaced. They fixed this so the profile did not get replaced each time. 

 

The other issue which remained after the fix above was applied wsa that the wifi profile would drop once after each initial sync, if you then reconnected it would stay connected after every sync, until the user signed out.

 

Basically because the user (not yet authenticated in Windows) was authenticating against the wifi prior to being logged in,  once logged in the network was dropped as the sync would recognise the user now logged in was different to the user who connected to the wifi prior to logging in.

 

Which is exactly what we were trying to acheive by wiping the previuos users wifi credentials to ensure the user got the correct web filtering rules each time a new user logged onto the devices.

 

Hopefully this make sense, we ended up using a pre-shared key wifi SSID, and installing a web agent on the devices to authenticate against the proxy. Rather than relying on Radius authentication.

 

Much easier.