No WiFi Connectivity? Check The Power Settings

So you just got yourself a new laptop computer, and of course a WiFi router so you can use the new computer while lying in bed (no we won't discuss why you want that). And you followed all of the instructions, and you run the WiFi client setup where it lists networks for you to connect to, and you see

No wireless networks are within range.

Dohh! Guess you won't be surfing the web from the bed after all.

But before you give up, and take it all back to the store, check everything again. To start, check power. There are up to 4 power settings, and yes, I will describe the obvious ones too.

• The laptop has a power switch.
• The router should (but probably doesn't) have a switch. But check the power cord. Of course, since you just ran the router setup (connected by Ethernet cable), the router must be on. OK, move on.
• If the laptop has built-in WiFi, it's got a power switch for the radio. The radio is the part of the WiFi device that uses the most power, so every laptop lets you turn the radio off. Most laptops ship with the radio turned off, so you won't use it without knowing that it's on. Read The Manual.
• Check the router setup, and make sure that the radio there is on. Most WiFi routers ship with the radio turned off, so you don't set one up, with the radio on, without knowing that it's on. This keeps you from inadvertently providing free Internet service to your neighbours. Again, Read The Manual.

Always check the power, after you set everything up. Then check all of the physical issues again.

>> Top

Microsoft Windows And Authentication Protocols

How many of you use an ATM (here we're discussing an Automated Teller Machine, not an Asychronous Transfer Mode network) in public, casually? If someone is waiting in line behind you, to use the machine next, do you let him (her) stand immediately behind you, and possibly shoulder surf your PIN, as you enter it?

Not if you're smart.

Long ago, in the beginning of computer use, you'd use a simple password to protect your secrets. Entering the password would use a protocol called Challenge Handshake Authentication Protocol.

• Who are you?
• What's your password?
• Thank you, you may Enter the secret chamber now.

But CHAP was insecure, similar to using your ATM PIN in public, casually. So more secure protocols were developed. Kereberos was an initial attempt at surpassing CHAP. For an allegorical (easy to read) discussion about Kereberos, see Designing an Authentication System.

From the early days of Windows, LAN Manager, the key network component on your Windows computer, eventually developed into a portion of Windows Networking. With LAN Manager, Microsoft developed LAN Manager challenge / response, aka LM Authentication. LM Authentication became part of Windows 95 and 98 ("Windows 9x").

With Windows NT, which was the first Business Class Operating System, Microsoft developed NTLM ("New Technology LAN Manager") Authentication, and added Kereberos. And with NT V4.0 SP4, they developed VTLM V2 Authentication. Computers running Windows 2000, and Windows XP, will negotiate individually with every other computer, and use either LM, NTLM, or NTLM V2 Authentication, the best protocol that's mutually usable, in all conversations with that computer.

Vista, by default, only uses NTLM V2 Authentication. If you have Windows 9x computers, this won't work out of the box, since Windows 9x is limited, in default, to LM authentication. If you're networking Windows 2000 and XP with Vista, they will all use NTLM V2, with no problem. If you add a computer running Windows 9x, or an NAS device with an unknown operating system, into the discussion, you have 2 choices.

• Downgrade Vista. Let it use LM Authentication, when necessary. Microsoft doesn't recommend this. To do this, edit the registry, and set value LmCompatibilityLevel, in [ HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \Lsa ] to "1". If you're having a problem with your NAS device, this may be your only solution, since not all NAS devices can be easily upgraded.
• Upgrade your Windows 95 / 98 computer, to (KB239869): use NTLM V2. Microsoft recommends this solution.

Choice of which workaround to use must center around your personal plans, and details of your network. If you have more computers running Windows 9x than Vista, downgrading Vista (to that of Windows XP and 2000) would be the obvious choice. If your long term picture involves getting more computers running Vista, and retiring the Windows 9x computers (which would make a lot of sense for several reasons), then upgrading Windows 9x makes more sense. Of course, with Windows 9x as it is, I'd not be too anxious to disturb its configuration any more than necessary. Maybe learning repetitively how to tweak Windows Vista isn't a bad idea.

For more details, see Microsoft: File and Printer Sharing in Windows Vista: Cannot Authenticate to a Shared Folder....

>> Top

File Sharing And Printer Sharing Are Not The Same Thing

If you have a computer, you probably use it to access the Internet. You are, quite likely, reading this article from your computer. If you have more than one computer, you probably have connected them together to share the Internet connection, plus you may be sharing files and / or a printer between them.

You share files, and printers, using two important network components in Windows Networking.

• Client For Microsoft Networks goes on any computer accessing another computer.
• File And Printer Sharing For Microsoft Networks goes on any computer being accessed by another computer.
• Most computers using Windows Networking will need both components, as most Windows computers function in both ways.

Both file sharing, and printer sharing, require authentication and authorisation, which is how you prove to the operating system that you have the right to access a given file or printer. Once you get past the authentication and authorisation issues, you should have file sharing working. File sharing works as an integral component of the operating system.

Printer sharing, however, involves another layer of challenges. Every printer that you might connect to your computer requires its own set of drivers. The drivers are specific both to the printer model and to the operating system. You will need the right drivers on both the server (where you connect the printer), and on the clients (where you use the printer).

The drivers are written by the printer vendor, and subject to their limitations.

• Newer printers may only be supported for newer operating systems, and older printers my not be supported at all. If the vendor doesn't have drivers that support the operating system on your computer, you're out of luck.
• Not all printers are designed for network use. If the drivers don't support network use, you're out of luck.
• You do know to always check directly with the vendor for updated drivers and firmware, whenever installing a new printer? This especially applies if one of the computers is running the latest model of Windows (currently Vista).
• And consider how you address the printer, when setting up the client.

If you have a typical $100 desktop printer, note another detail. Less expensive printers will use more resources on the server. Printer serving is a graphic process, and can use significant amounts of CPU and memory (both physical and virtual) in printing a document of any complexity. You may want to host the printer on your newer computer, because that's the computer that you'll be using the most.

If you host the printer on an older computer, you'll probably be using the network more from your newer computer. With Ethernet and a switch (NAT router) connecting the two computers, network use will be a minor issue. With WiFi, which is half duplex, if both the client and server are connected wirelessly, you'll get a possible network conflict.

The client computer will be sending to the WiFi router / Access Point, and the router will be sending to the server computer, and both on the same WiFi channel. Printing thru a WiFi network can take more than twice as long as printing thru an Ethernet network, as the router has to constantly switch between receiving from the client, and sending to the server.

Since you can only test the printer on a properly setup client and server relationship, it's a good idea to get file sharing working first. Get the sharing issues out of the way, then concentrate on the drivers issue. This is a basic layered troubleshooting technique.

>> Top

Electrical Issues In Ethernet Networking

If you wire your house with Ethernet, you'll have a houseful of computers, all connected to the power system, and all connected to each other through the Ethernet network, and through the electrical system ("mains"). This is an obvious, but not trivial, issue.

With all computers connected within the same building, it's not a major issue. All computers are connected to the same main power supply, fed through the same power feed from the electric company, and grounded at the power distribution panel (electric meter et al). All computers, on properly maintained electrical and Ethernet networks, should have the same ground potential.

If you're lucky enough to have a large property, maybe you have a garage or shed out back of your house, with a separate electrical feed. If you decide to install a computer out there, networking that computer won't be a trivial issue. Getting past the issue of running cable between the two buildings (bury it, and risk underground problems), or string it through the air (and risk birds and other wildlife damage), you have a major code and safety issue.

Two separate buildings will have different ground potentials, amplifying the damage from lightning strikes. To fulfill electrical code requirements, you must ground electrical feeds, to separate buildings, separately. If you run Ethernet cable between your buildings, and lightning were to strike one building, the lightning would possibly travel from one computer to the other, through the Ethernet cable, and eventually to ground at the other building.

If you were unlucky enough to be working at either computer when this happened, you'd probably not live to worry about it. If you were lucky enough to not be in front of a computer, you could at least kiss the computers goodbye.

Even ignoring the possible damage from a lightning strike, a computer network with different computers connected at different ground potential won't do much for network stability. A properly functioning network depends upon ground at every network point having the same (identical) voltage level. Any variances, as can happen between any two separately grounded objects, will cause chronic and intermittent packet loss.

The bottom line? If you can't ground both ends of the Ethernet cable very securely, fiber or WiFi is a much better choice for connecting two separate buildings. Fiber-Optic cable doesn't conduct electricity, just light. And WiFi isn't a physical media at all.

If you have 2 buildings, limit the dangers of lightning to each building alone. Don't tie the two together, inadvertently.

For more discussion:

• Cabling Installation & Maintenance: Ground potentials and damage to LAN equipment
• Citel: Overview of Transient Overvoltages
• SelfHelp Forums: Cat 5 between buildings

>> Top

SMB Protection Requires Careful Setup

Server Message Blocks, or SMBs, are the life blood of Windows Networking. On high security networks, you can create secure channels between the server and client, to ensure security of SMBs. You can provide authentication (digital signing) and / or encryption (digital encryption) of SMBs, similar in nature to WPA, as used in WiFi security.

However, just as WiFi connectivity being prevented by improper setup of WPA, necessary use of Windows Networking can be prevented by by improper setup of SMB protection. Both SMB Encryption and Signing must be setup consistently on your network. If any of your clients don't support either protection, it's best that you don't require it on your servers.

When you try to connect a Windows client computer to a server, you may see

The account is not authorized to log in from this station.

If a server requires SMB encryption or signing, all workstations must provide it, if they are going to connect to that server. SMB Signing has been supported since Windows 98 and NT V4.0. Non-Windows operating systems, such as Apple and Linux / Unix, may or may not support SMB Signing. Be consistent in your LAN, however you choose to set it up.

For computers in a workgroup, you configure SMB Encryption and Signing using the Local Security Policy editor. For computers in a domain, the Local Security Policy editor is available, but settings may be overridden by Group Policy.

You will have settings for both the server (incoming SMBs) and the workstation (outgoing SMBs), and settings for encryption (to prevent snooping) and signing (to prevent spoofing). You'll find settings under Local Policies - Security Options. Domain member, Microsoft network client, and Microsoft network server Policy Categories all contain relevant settings.

Note both server and workstation services, and thus these settings, apply to most Windows computers. And note the difference between Enabling SMB Signing (where both computers that enable SMB Signing, and those that don't, will be able to connect to each other) and Requiring SMB Signing (where only computers that enable SMB Signing will be able to connect to each other).

For more detail, see:

• Microsoft: (KB839499): You cannot open file shares or Group Policy snap-ins ...
• Microsoft: (KB887429): Overview of Server Message Block signing

>> Top