Posted on 06-12-2023 01:00 AM
Hi,
This is a bit of a strange issue; so I thought I'd see if it was one anyone else has seen, and had a resolution for.
We have a configuration profile to apply our wi-fi settings. The wi-fi has a hidden SSID and is using WPA2 Enterprise, certificate based security.
The profile works fine. It applies, and computers can join the wi-fi; however, every now and again the mac will stop joining the wi-fi. The profile is still applied. When I check the advanced wi-fi settings I can see that it still has all the settings present. It just will not join the wi-fi.
The only thing I can find that makes it join the wi-fi again is to remove the configuration profile, and then re-add it; however that is awkward as the devices are rarely connected to ethernet in order to re-apply the profile.
Hopefully someone has seen this behaviour before, and knows what the fix is?
Thanks,
Posted on 06-12-2023 05:38 AM
@Jamin79 What kind of equipment are you using for your Wi-Fi infrastructure? I've seen an issue with Cisco 802.1x auth where the Cisco controller will decide that a Mac has used an invalid authentication type even when there has been no change to a previously working Wi-Fi Configuration Profile. When that happens either the Mac has to be offline (shutdown, not just asleep) long enough for the Cisco controller to "forget" about it, or the device record showing the invalid auth request needs to be deleted from the Cisco console to force a re-evaluation.
Posted on 06-12-2023 05:56 AM
We're using Meraki APs with everything managed by their cloud controller. Authentication is done via a Windows RADIUS server.
Posted on 06-12-2023 06:18 AM
If you have access to the Meraki controller try looking up the Mac not getting connectivity and seeing what what the controller thinks the problem is.
Posted on 06-12-2023 06:47 AM
It's not even getting as far as the controller. The computer is not showing the network as available in the wi-fi list, even though all the configuration is present.
Posted on 06-12-2023 06:59 AM
And the SSID is still showing in the list of Known/Other Networks?
As an aside, hiding a SSID is not considered best practice these days (as in it offers no real security, and can introduce lag in connections), so if you've got any pull with the people managing your Wi-Fi infrastructure you might ask they stop hiding it.
Posted on 06-13-2023 12:52 AM
Yeah, the SSID is still visible in known/other networks. Just not anywhere that you can select it, and click connect, and it doesn't connect automatically as it is configured to.
Posted on 06-30-2023 11:37 AM
We're also having this exact issue. Hidden SSID, WPA2 Enterprise, RADIUS, Meraki.
Have you been able to resolve it?
Posted on 07-03-2023 01:31 AM
Hi,
It's hard to say. It's a very intermittent issue, and we have so few Macs in the business that it might be weeks or months before someone experiences it.
Based on the response above, and having done some additional reading around how hidden SSIDs work, I have now unhidden our SSID, and I'm now waiting to see if the issue goes away.
My thinking is that something is malfunctioning with the beaconing process that is used to locate the hidden SSID; and, as it seems that having the SSID hidden arguably reduces, rather than improves, network security; I figure unhiding the SSID wouldn't hurt.
Posted on 10-04-2023 09:28 AM
We are seeing the same issue with our hidden network. We went through steps of setting up fresh configs over the summer - and now suddenly we are seeing this issue again. We think it is somehow corresponding to lease expiration. In the past I was able to exclude and redeploy the profile. However I tried that with a laptop last week and this morning they could not see the network to join again. It no longer appears in the Menu bar as a known network but does still show in System Settings as a known network.
Posted on 06-24-2024 12:22 PM
Having the same issue with Meraki, Jamf wifi profile, and WPA2 Enterprise w/ RADIUS through SecureW2 (who recommend the SSID be hidden in their configuration documentation for some reason).
Did you all come to any more conclusions?