It's probably pretty widespread actually.
I am trying to work a way around this issue as well, as far as I can tell it's a bug in Yosemite as 10.9 does not seem to do it.
Interesting, turning Airport off and on again won't make it autojoin the wifi network?
We are using PEAP with AD authentication from the login screen and when it tries to rejoin after waking for some reason it doesn't seem to try and reauthenticate and gets stuck in a kind of halfway none working state, turning the Wi-Fi on and off it just comes back to the same state with no improvement. You can generally get arount it by fast user switching to the login screen (ie: reauthenticating) or clicking connect from the network preferences pane (at which point if there are no saved credentials it will ask for them).
@jlong @Look
We are seeing the same issue on 10.10.x machines in our environment when using Configuration Profiles with a Wi-Fi payload with 'Use as a LoginWindow configuration' ticked.
I strongly suggest you all contact your local Apple Engineer and/or file a bug at https://bugreport.apple.com/ regarding this issue and list the amount of machines affected. The more people reporting this issue, the more attention it should get.
Unfortunately, the latest 10.10.4 beta exhibits the same issue, even with the apparent removal of 'discoveryd'
@plawrence
Yeah tested 10.10.4 the other day still no go, quick google shows it to be pretty widespread really.
Appears to be a failure to provide credentials (or perhaps supplying expired credentials) when reconnecting to a PEAP/AD enabled network after waking from sleep.
have you tried adding your Root certificates to the system keychain as per this Apple Support Document
@nessts, the computer exhibiting this was enrolled in JAMF, which is how we're pushing out the root CA, and I double-checked just to make sure the computer has it.
What's weird is this is the only computer in our environment with this issue, and the only known difference is that it wasn't imaged with Casper Imaging. I'm glad this issue is only affecting one machine based on the above, but it is worrisome to hear this problem is so widespread.
Thanks for the feedback everyone.
@jlong
What OS are the imaged ones running? Yosemite of some flavour?
We to are pushing the certs with Casper.
@Look We're imaging with 10.10.3 currently, but we have JAMF imaged OS' going back to 10.9.5 (and many imaged with 10.10, 10.10.1, and 10.10.2.) We also have machines imaged with our previous system going back to 10.7. So it doesn't appear to be OS-specific. The only one that's experiencing this issue is the MacBook that we had to setup manually.
This might help. You can enable advanced logging for 802.1x auth that might shed some light on the issue. Not sure if it works in Yosemite. Take a look inside that folder location for a similar plist if that one doesn't exist.
Enabling eapolclient Logging (Authentication)
--Open Terminal
--Type:
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.eapolclient LogFlags -int -1
--Exit
--Close Terminal.
--Restart the Computer.
--The eapolclient is the 802.1X supplicant on Mac OS X. This setting will have it dump copious logs to /var/log/eapolclient.<interface>.log. Where the interface is something like en1, or whatever the particular network adaptor, wired or wireless, you're trying to use. You can also find them in Console.log
Note: To disable the logging you just set the integer back to 0
Source: http://prowiki.isc.upenn.edu/wiki/Enabling_Advanced_Logging_for_Wireless_in_Mac_OS_X
We have had this problem since 10.8 and have found no work around at all. As soon as the profile is installed (JSS or OSX Server) on the machine we see saw similar problems to what you are seeing. The problems were intermittent and we were not happy with it at all.
Some of the things we tried:
Tried different hardware, built new Radius servers, tried different versions of Mac OS, tried the 802.1x profile with different Casper versions, tried OSX Servers running different OS's we even changed AP's across the whole school and the problem was still there. - We had to change AP's anyway not because of this issue 
Even after all of the changes anytime we had a 802.1x login profile installed we had problems with the machine authenticating to our Radius server, we received help from Casper, Apple and our AP Vendor also.
At the moment we are not seeing these issues at all anymore, this is what we have done to work around this issues we were seeing:
When we roll out machines to students we setup an Enrol SSID WPA2, this is a restricted SSID which only allows the user to login using their AD Credentials. Once the user has logged in we get them to manually join our network (802.1x) and authenticate and removed the Enrol SSID.
After the rollout I also pull the Enrol SSID profile off the users machines incase any of them did not remove it manually.
We have a case open with Apple. It's been indicated a fix is a priority ... whatever that means these days. No workarounds have been offered and I don't see 10.10.4 being the solution. We do not have the issue with 10.9.5 clients.
We're in the process of moving over to 802.1x and are running into the same problems.
We have tested with the latest build of 10.10.4 and have the same issue. We have also downloaded 10.11 and tested, the issue is not fixed. We have entered a bug for the 10.11 so it may get fixed. I encourage others to do the same, more voices maybe they will fix it.
Our Apple SE responded telling me to try 10.11, claiming it was fixed. Guess not. Thanks for the heads up @cvangorp
There was a new 10.11 beta released (15A204h) and in my initial testing the issue appears to be fixed, my mobile account reconnects to 802.1x wifi after waking from sleep. Can someone else please test and let me know and let me know your findings?
I also updated yesterday and found it not to work, but try it again today and it is working. Interesting. Will test some more.
I just updated my test 10.11 system to the new build that showed up yesterday but did not get a chance to test out anything related to Wi-Fi yet. I'll be sure to test this as its encouraging to hear there are better results people are experiencing.
The whole Wi-Fi experience in Yosemite was and continues to be such a giant mess, I almost can't wait for 10.11 if its going to finally resolve all or most of the issues.
So, reconnect to WiFi after sleep seems solid. That is good news.
I did have some reliability issues with a manually installed (JSS generated) 802.1x/PEAP/LoginWindow config profile we use successfully with 10.9.5 ... basically iterating (logging on/off) through accounts not very consistent with drops into mobile/cached account instead of picking up WiFi/kerb ticket.
If I use a Profile Manager (4.1) config profile the aforementioned process seems reliable.
Same here - 15A204h on a 13" MBP reconnects fine after waking from sleep to my 802.1X via EAP-PEAP (MSCHAPv2), although unfortunately that profile is now being installed locally rather than as a configuration profile etc.
@CGundersen User level auth?
I'm going to double check, but our JSS delivered EAP-PEAP seems to be working fine. But it's a computer level profile.
Hey @bentoms
We are using JSS generated/delivered computer level config profiles with 10.9.x successfully/reliably. Applying that same config profile to 10.10.x does NOT work for us.
The config profile is pretty simple: Computer-Level, Wi-Fi, SSID provided, Auto Join, WPA/WPA2 Enterprise, "Use as Login Window configuration" checked, EAP Type is PEAP only, NOT using Directory/computer auth, necessary certificates are also part of config profile payload and trusted.
-I would like to add Directory/computer auth to the mix, but network group has slowed that plan down a bit.
I need to test the recent Profile Manager (4.1) generated config profile against 10.10.x (and 10.9.x), but it works reliably against 10.11 beta 2 (15A2014h).
As an aside, in testing the latest build of 10.11 (15A2014h), the reconnect to WiFi after sleep is good to go. That's been a separate issue for us with 10.10.x, and I'm hoping Apple doesn't just point to 10.11 for resolution. Even when I can get a manually rolled (or Profile Manager generated) config profile to work with 10.10.x, the inability to reconnect after sleep has been a deal breaker.
Not a Configuration Profile guru, so riddle me this ... the Profile Manager generated config profile was created against a Device Group, so computer level (?). The difference that I can see right away is that the Profile Manager config profile has a single Enterprise Mode entry which is "Login Window" while the JSS profile has 2 entries for Enterprise Mode ... both "Login Window" and "System"
@CGundersen Hmm.. I wonder if it's ticking "Use as Login Window configuration" that's the issue.
We don't have that ticked, & seems to work well.
(We do have use directory credentials with the variable $COMPUTERNAME set).
@CGundersen Actually, I'd speak to your TAM.. there might be a known defect for this..
@bentoms Yeah, I've made our TAM aware of some of the issues we've seen. I guess I'll need to put in a request to get in on 9.73 beta. I've also been working for (or with) Apple Enterprise support (for a significant amount of time) on a few items.
I did test my Profile Manager generated config profile successfully on 10.9.5 and 10.10.3 (in addition to 10.11), so I guess I can upload that signed profile to the JSS and migrate folks to that ... I'll just lose some agility. However, with 10.10 still being in the dumpster due to the WiFi reconnect bug I'm still SOL.
