Hi
I'm at a loss for where to investigate this one so I'm hoping for some suggestions.
We have a single GPO to send out settings for wireless access to our network. On the wireless we have two SSIDs as below.
1. Staff SSID
My manager wanted to reduce the security issues with this as much as possible, so I've generated a GUID for the SSID name, set it not to broadcast the SSID and set the group policy to show the network as "<company name> Staff". It uses WPA2-Enterprise with RADUIS authentication to silently pass the authentication credentials of the currently logged on user providing SSO.
2. Guests SSID
This uses a preshared WPA2 key and provides guests with internet access and is blocked from the local LAN.
The GPO is applied in such a way that company laptops are have the Staff SSID displayed in the available connection list, they're allowed to connect to it (as long as they're in the appropriate AD group for RADIUS authentication) but they are blocked from connecting their laptops to the Guests SSID. The important thing is that this single GPO controls both settings.
On a few laptops we have been noticing that the blocking of the Guests SSID is working fine, but the Staff SSID is failing to show. Its as if only half the policy is applying. This is happening to only a small number of laptops which reside in the same AD OUs and it doesn't matter who logs on, the same problem occurs. The laptop is able to view all other wireless networks in the vicinity.
I have logged in to one as myself (with Domain Admin permissions) and I get this problem, but on other laptops, the policy applies completely allowing me to connect to the Staff SSID while blocking the Guests SSID, as it should.
I've run a RSOP against the laptop which shows that the policy is applying (confirmed by the fact that the Guests SSID is blocked) and the only problem I can find in the event logs are for the EapHost service with event ID of 2002. I've followed the advice in a few forum posts below but have been unsucccessful (not even sure if it's related to the GPO issue).
http://www.eventid.net/display-eventid-2002-source-Microsoft-Windows-EapHost-eventno-10874-phase-1.htm
Any suggestion would be greatly appreciated.