Return to home page
Decrease font size by 1 pointChange font to 8 pointChange font to 9 point (default)Change font to 10 pointIncrease font size by 1 point

Log in or log out
Tech Notes

WWAN Authentication — Reaching the Domain Controller Over a WWAN Connection

Technical Note 2174

Last Reviewed 28-Jun-2005
 Printer-friendly version

Summary

This tech note discusses options for connecting WWAN modems before a user logs into Windows, so that uncached domain credentials can be used.

Background

Most WWAN cards (CDMA, GPRS, EDGE, etc.) do not connect until after a user logs into the Windows desktop (Ethernet and 802.11 connections, in contrast, are available as soon as the machine boots). This prevents Mobility from connecting (so that the user can authenticate against the domain controller) when logging into Windows. Without a connection to the domain, login scripts won't run and network drives aren't properly mapped.

The Mobility client cannot automatically start your modem connections, but there are several options for solving this problem.

Options

  • Use a card that supports "always on" connections
    Some cards available today have an "always on" feature that allows them to connect even if you are not logged into Windows, just like an 802.11 or Ethernet connection. The newer card managers from Sierra support this, and some others may as well.

  • Use dial-up networking
    If your card has a dial-up adapter (PPP) interface, you should have a "use dial-up networking" option for entering your credentials. Selecting this option causes the modem to dial and the network to be established before the Windows desktop login, which allows Windows to reach the domain controller.

    One drawback to this solution is that the "use dial-up networking" option must be selected every time, unless the user's credentials are cached. While it is possible to make this setting stick, this can cause problems when the network isn't available. See this note on the Microsoft support web site for more details.

  • Use a third-party utility to dial the modem
    Some third-party utilities such as XYNTService have been used successfully with WWAN connection managers to allow them to be run as a service and start up when the machine boots. Microsoft RASDial has also been used with some success. NetMotion Wireless suggests contacting your card vendor before attempting to use this option.

  • Authenticate to the domain only over certain connection types
    Some customers choose to simply make a policy decision to authenticate to the domain only over WLAN and LAN connections, and rely on cached credentials when logging in over the WWAN. This doesn't require any changes to the client.

  • Increase the number of logons cached in the registry
    Windows caches user names and passwords, so the authentication problem described above doesn't occur for a user who has recently logged into the PC. But by default Windows caches only ten users, so you could still run into this problem if a number of users are changing PCs. You can change the number of cached users by altering "Value" in the following registry entry (to disable caching altogether, set it to zero):

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\WinlogonValueName: CachedLogonsCount
Data Type: REG_SZ
Value: 10

Related Information

2172

WWAN Authentication Options

2173

WWAN Authentication—Speeding Up the Desktop Login

9979

NetMotion Mobility Technical Notes

Please comment on this technical note.