Misaka 12450

PSA: Active Directory and 802.1x Wi-Fi

Today I had the itch (you know, sometimes you just have to do something completely inconsequential right then and now) to add my laptop to my home Active Directory (AD). I joined it as I usually did, it had no problems until I rebooted and tried to sign in:

…Huh? What are you talking about? The DHCP DNS for this network is pointed to the domain controller, and I certainly did not change my laptop’s DNS!

I logged in with a local account, and yeah, there was absolutely no problem connecting to the AD DC:

>ping ad.misaka-12450.com

Pinging ad.misaka-12450.com [xxx.xxx.xxx.xxx] with 32 bytes of data:
Reply from xxx.xxx.xxx.xxx: bytes=32 time=4ms TTL=127
>nltest /dsgetdc:ad.misaka-12450.com
           DC: \\DC.ad.misaka-12450.com
      Address: \\xxx.xxx.xxx.xxx
     Dom Guid: d20004f4-7504-4524-a846-a48311c2f8b1
     Dom Name: ad.misaka-12450.com
  Forest Name: ad.misaka-12450.com
 Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
        Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9 DS_10 KEYLIST DS_13
The command completed successfully

But the laptop was showing that it did not use the AD DC when logging in. How strange!

echo %logonserver%
\\SURFACE

I tried spinning up a VM and adding it there. I had this Windows 10 LTSB image that I haven’t touched in years. No problems at all. Hello, 2016 nostalgia!

In addition, Internet Explorer 11 was also the OS’ only portal to the wide world of web. But I digress.

So what went wrong? I didn’t know, and after some contemplation and attempts at troubleshooting, I reinstalled Windows 11 from scratch to see if it was something I installed over the years that prevented it from communicating with the AD DC.

Turns out in the year 2025, the Windows 11 ISO still doesn’t have drivers for its own Surfaces’ keyboard, touchpad, or Wi-Fi. But that’s also another story.

After reinstalling Windows, imagine my dismay when I discovered that I still could not sign into my AD account. I thought it was a Surface thing, but how could it be? Enterprises are the biggest customers of Surface computers! Or maybe something went wrong during the upgrade from Home to Pro. Until I saw that my 802.1x WPA3-Enterprise Wi-Fi kept disconnecting (probably due to the old drivers I had installed) and I switched to a SSID that used PSK.

That was it. Literally. The PC couldn’t contact the AD DC during login because it was not connected to the 802.1x Wi-Fi 🙄

So yeah, next time you’re having log in issues with a newly-joined PC, maybe try connecting it to another network before resetting it like I did…

Posted

in

by

misaka-12450

Tags:

, , ,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *