Posted on 06-02-2015 01:53 PM
We recently acquired one of the new MacBook's in our environment, and due to the USB-C port opted to manually configure it rather than image, as our imaging method only works via ethernet at the moment. For some reason the laptop would not reconnect via WiFi after waking the computer from sleep. Specially the 802.1x component failed to reconnect (we use PEAP in our environment).
The user of the computer is technical and was trying to use AppleScript to automatically reconnect, but could not find a way to specify the "Connect" button in Network Preferences. Modifying a script I found here, this worked for him. He suggested I pass it along as we came across others in the wild with a similar problem, and the link listed above was a little tricky to find. Hope someone finds it helpful.
do shell script "/usr/sbin/networksetup -setairportpower en0 on"
tell application "System Preferences" activate reveal pane id "com.apple.preference.network" reveal anchor "Wi-Fi" of pane id "com.apple.preference.network"
tell application "System Events" tell window 1 of process "System Preferences" click button 2 of group 1
if title of button 2 of group 1 begins with "Connect" then
click button 2 of group 1
Posted on 06-02-2015 02:33 PM
It's probably pretty widespread actually.
I am trying to work a way around this issue as well, as far as I can tell it's a bug in Yosemite as 10.9 does not seem to do it.
Posted on 06-02-2015 05:32 PM
Interesting, turning Airport off and on again won't make it autojoin the wifi network?
Posted on 06-02-2015 07:30 PM
We are using PEAP with AD authentication from the login screen and when it tries to rejoin after waking for some reason it doesn't seem to try and reauthenticate and gets stuck in a kind of halfway none working state, turning the Wi-Fi on and off it just comes back to the same state with no improvement. You can generally get arount it by fast user switching to the login screen (ie: reauthenticating) or clicking connect from the network preferences pane (at which point if there are no saved credentials it will ask for them).
Posted on 06-02-2015 09:47 PM
We are seeing the same issue on 10.10.x machines in our environment when using Configuration Profiles with a Wi-Fi payload with 'Use as a LoginWindow configuration' ticked.
I strongly suggest you all contact your local Apple Engineer and/or file a bug at https://bugreport.apple.com/ regarding this issue and list the amount of machines affected. The more people reporting this issue, the more attention it should get.
Unfortunately, the latest 10.10.4 beta exhibits the same issue, even with the apparent removal of 'discoveryd'
Posted on 06-02-2015 09:51 PM
Yeah tested 10.10.4 the other day still no go, quick google shows it to be pretty widespread really.
Appears to be a failure to provide credentials (or perhaps supplying expired credentials) when reconnecting to a PEAP/AD enabled network after waking from sleep.
Posted on 06-02-2015 10:11 PM
have you tried adding your Root certificates to the system keychain as per this Apple Support Document
Posted on 06-03-2015 12:55 PM
@nessts, the computer exhibiting this was enrolled in JAMF, which is how we're pushing out the root CA, and I double-checked just to make sure the computer has it.
What's weird is this is the only computer in our environment with this issue, and the only known difference is that it wasn't imaged with Casper Imaging. I'm glad this issue is only affecting one machine based on the above, but it is worrisome to hear this problem is so widespread.
Thanks for the feedback everyone.
Posted on 06-03-2015 02:22 PM
What OS are the imaged ones running? Yosemite of some flavour?
We to are pushing the certs with Casper.
Posted on 06-03-2015 02:32 PM
@Look We're imaging with 10.10.3 currently, but we have JAMF imaged OS' going back to 10.9.5 (and many imaged with 10.10, 10.10.1, and 10.10.2.) We also have machines imaged with our previous system going back to 10.7. So it doesn't appear to be OS-specific. The only one that's experiencing this issue is the MacBook that we had to setup manually.
Posted on 06-03-2015 02:51 PM
This might help. You can enable advanced logging for 802.1x auth that might shed some light on the issue. Not sure if it works in Yosemite. Take a look inside that folder location for a similar plist if that one doesn't exist.
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.eapolclient LogFlags -int -1
--Restart the Computer.
--The eapolclient is the 802.1X supplicant on Mac OS X. This setting will have it dump copious logs to /var/log/eapolclient.<interface>.log. Where the interface is something like en1, or whatever the particular network adaptor, wired or wireless, you're trying to use. You can also find them in Console.log
Note: To disable the logging you just set the integer back to 0
Posted on 06-03-2015 03:26 PM
We have had this problem since 10.8 and have found no work around at all. As soon as the profile is installed (JSS or OSX Server) on the machine we see saw similar problems to what you are seeing. The problems were intermittent and we were not happy with it at all.
Some of the things we tried:
Tried different hardware, built new Radius servers, tried different versions of Mac OS, tried the 802.1x profile with different Casper versions, tried OSX Servers running different OS's we even changed AP's across the whole school and the problem was still there. - We had to change AP's anyway not because of this issue :)
Even after all of the changes anytime we had a 802.1x login profile installed we had problems with the machine authenticating to our Radius server, we received help from Casper, Apple and our AP Vendor also.
At the moment we are not seeing these issues at all anymore, this is what we have done to work around this issues we were seeing:
When we roll out machines to students we setup an Enrol SSID WPA2, this is a restricted SSID which only allows the user to login using their AD Credentials. Once the user has logged in we get them to manually join our network (802.1x) and authenticate and removed the Enrol SSID.
After the rollout I also pull the Enrol SSID profile off the users machines incase any of them did not remove it manually.
Posted on 06-04-2015 09:32 AM
We have a case open with Apple. It's been indicated a fix is a priority ... whatever that means these days. No workarounds have been offered and I don't see 10.10.4 being the solution. We do not have the issue with 10.9.5 clients.
Posted on 06-22-2015 01:14 PM
We're in the process of moving over to 802.1x and are running into the same problems.
Posted on 06-22-2015 02:11 PM
We have tested with the latest build of 10.10.4 and have the same issue. We have also downloaded 10.11 and tested, the issue is not fixed. We have entered a bug for the 10.11 so it may get fixed. I encourage others to do the same, more voices maybe they will fix it.
Posted on 06-23-2015 05:42 AM
Our Apple SE responded telling me to try 10.11, claiming it was fixed. Guess not. Thanks for the heads up @cvangorp
Posted on 06-24-2015 02:14 AM
There was a new 10.11 beta released (15A204h) and in my initial testing the issue appears to be fixed, my mobile account reconnects to 802.1x wifi after waking from sleep. Can someone else please test and let me know and let me know your findings?
Posted on 06-24-2015 05:56 AM
I also updated yesterday and found it not to work, but try it again today and it is working. Interesting. Will test some more.
Posted on 06-24-2015 06:38 AM
I just updated my test 10.11 system to the new build that showed up yesterday but did not get a chance to test out anything related to Wi-Fi yet. I'll be sure to test this as its encouraging to hear there are better results people are experiencing.
The whole Wi-Fi experience in Yosemite was and continues to be such a giant mess, I almost can't wait for 10.11 if its going to finally resolve all or most of the issues.
Posted on 06-24-2015 07:15 AM
So, reconnect to WiFi after sleep seems solid. That is good news.
I did have some reliability issues with a manually installed (JSS generated) 802.1x/PEAP/LoginWindow config profile we use successfully with 10.9.5 ... basically iterating (logging on/off) through accounts not very consistent with drops into mobile/cached account instead of picking up WiFi/kerb ticket.
If I use a Profile Manager (4.1) config profile the aforementioned process seems reliable.
Posted on 06-24-2015 09:01 AM
Same here - 15A204h on a 13" MBP reconnects fine after waking from sleep to my 802.1X via EAP-PEAP (MSCHAPv2), although unfortunately that profile is now being installed locally rather than as a configuration profile etc.
Posted on 06-25-2015 11:41 PM
@CGundersen User level auth?
I'm going to double check, but our JSS delivered EAP-PEAP seems to be working fine. But it's a computer level profile.
Posted on 06-26-2015 09:35 AM
We are using JSS generated/delivered computer level config profiles with 10.9.x successfully/reliably. Applying that same config profile to 10.10.x does NOT work for us.
The config profile is pretty simple: Computer-Level, Wi-Fi, SSID provided, Auto Join, WPA/WPA2 Enterprise, "Use as Login Window configuration" checked, EAP Type is PEAP only, NOT using Directory/computer auth, necessary certificates are also part of config profile payload and trusted.
-I would like to add Directory/computer auth to the mix, but network group has slowed that plan down a bit.
I need to test the recent Profile Manager (4.1) generated config profile against 10.10.x (and 10.9.x), but it works reliably against 10.11 beta 2 (15A2014h).
As an aside, in testing the latest build of 10.11 (15A2014h), the reconnect to WiFi after sleep is good to go. That's been a separate issue for us with 10.10.x, and I'm hoping Apple doesn't just point to 10.11 for resolution. Even when I can get a manually rolled (or Profile Manager generated) config profile to work with 10.10.x, the inability to reconnect after sleep has been a deal breaker.
Not a Configuration Profile guru, so riddle me this ... the Profile Manager generated config profile was created against a Device Group, so computer level (?). The difference that I can see right away is that the Profile Manager config profile has a single Enterprise Mode entry which is "Login Window" while the JSS profile has 2 entries for Enterprise Mode ... both "Login Window" and "System"
Posted on 06-26-2015 12:33 PM
@CGundersen Hmm.. I wonder if it's ticking "Use as Login Window configuration" that's the issue.
We don't have that ticked, & seems to work well.
(We do have use directory credentials with the variable $COMPUTERNAME set).
Posted on 06-26-2015 01:33 PM
Posted on 06-26-2015 01:50 PM
@bentoms Yeah, I've made our TAM aware of some of the issues we've seen. I guess I'll need to put in a request to get in on 9.73 beta. I've also been working for (or with) Apple Enterprise support (for a significant amount of time) on a few items.
I did test my Profile Manager generated config profile successfully on 10.9.5 and 10.10.3 (in addition to 10.11), so I guess I can upload that signed profile to the JSS and migrate folks to that ... I'll just lose some agility. However, with 10.10 still being in the dumpster due to the WiFi reconnect bug I'm still SOL.
Posted on 06-30-2015 09:23 PM
10.10.4 has been released, but the 802.1x wifi behaviour is still faulty. If a profile is installed with a wifi payload with "Use as Login Window configuration" ticked, the wifi will connect on login, but it does not reconnect after waking from sleep.
Looks like we will have to wait for 10.11 to be released if we want reliable 802.1x connectivity.
Posted on 07-01-2015 08:08 AM
Yep, 10.11 it is. Sorry folks the park's closed ... impact data not sufficient to warrant a fix in Yosemite OS.
Use computer auth as workaround ...
Posted on 07-10-2015 09:12 AM
I'm still having the reconnect after sleep issue on the latest 10.11 beta. Initial connection works perfectly but after a wake the client machine just shows continuous attempts to authenticate but the AP and ACS logs show no attempts are actually getting through.
Cisco network running 802.1x PEAP and using a Login Window profile.
Posted on 07-10-2015 09:31 AM
I'm just getting around to testing what I believe to be the latest (15A216G). I'm using a JSS generated config profile (what we have working reliably with 10.9.5) and successfully reconnecting to WiFi after sleep. Are you sure you are using the latest 10.11 beta build? I was having some poor luck yesterday, but wasn't on the latest (and I think Apple regressed for a bit). We are also Cisco/PEAP and the aforementioned config profile is using Login Window (alone, no Computer/Dir Auth added).
I do experience some "misses" when iterating through accounts where it drops user in to cached account. However, when successfully grabbing wireless on login, reconnecting to WiFi after sleep has been reliable with build 15A216G. I still seem to have better login reliability with Profile Manager profile than JSS generated using 10.11 (reconnect to WiFi after sleep aside).
Posted on 07-10-2015 09:49 AM
@CGundersen I'm running 15A178W that I built two days ago. I'll see if there is a newer one available for my test system (13" Retina MBP). If so I'll try that and post the results.
Posted on 07-10-2015 09:52 AM
I believe that build (15A178W) was troublesome for me as well. Look forward to hearing your results.
Posted on 07-10-2015 01:35 PM
Updated to 15A216G and it immediately connected with the PEAP network. Put it to sleep for 10 minutes and it reconnected on wake. Put it to sleep again for roughly half an hour (or a bit longer) and it reconnected happily.
Now we just need someone to reverse engineer the fix so I can get Yosemite to actually work. :-)
Posted on 07-12-2015 06:32 PM
I've updated to 15A216G too and tested our wifi profile (configured with use as a loginwindow configuration). Wifi connects on login and also after waking from sleep, so its still looking good! Pretty sure there is no hope for Yosemite though.
Posted on 07-15-2015 11:26 PM
It was quite a surprise to see a beta for 10.10.5 drop today. Unfortunately there is no change in the "wifi reconnecting after waking from sleep" behaviour.
Posted on 07-17-2015 05:34 AM
I see in the 9.73 release notes this defect that is fixed. D-008688 - Did Jamf fix Apple's problem? Interested in testing soon. http://resources.jamfsoftware.com/documents/products/documentation/Casper-Suite-9.73-Release-Notes.pdf
Posted on 07-21-2015 11:45 AM
I just installed 9.73 and we had the problem here at the school I work at. I repushed the Configuration Profile. I'll report back if we seem to continue running into the problem.
Posted on 07-22-2015 11:50 PM
I upgraded the JSS to 9.73, edited and saved our wireless profile, removed and re-added the profile on a laptop running 10.10.5 but it still doesn't connect to the wireless after waking from sleep.
Posted on 07-23-2015 05:57 AM
After a full day and some change I almost feel like the problem is worse now post 9.73 :(
Why's Apple gotta break wifi every other major revision of the system 10.7 was great, 10.8 not so great, 10.9 great, 10.10 been not so great.
Posted on 07-24-2015 02:59 AM
Anyone found a solution for this yet? :(