What problems could arise from global WLAN

Advanced troubleshooting wireless network connectivity

  • 8 minutes to read

Note

Home users: This article is intended for use by support agents and IT professionals. If you're looking for more general information about Wi-Fi issues in Windows 10, go to If you're looking for more general information about Wi-Fi problems in Windows 10, check out this Windows 10 Wi-Fi fix article.

OverviewOverview

This is a general troubleshooting of establishing Wi-Fi connections from Windows clients. When troubleshooting Wi-Fi problems, you need to understand the basic flow of the wireless automatic connection state machine. Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine. Understanding this flow makes it easier to determine the starting point in a repro scenario in which a different behavior is found. This workflow involves knowledge and use of TextAnalysisTool, an extensive text filtering tool that is useful with complex traces with numerous ETW providers such as wireless_dbg trace scenario.

ScenariosScenarios

This article applies to any scenario in which Wi-Fi connections fail to establish. This troubleshooting was designed with Windows 10 clients in focus, but it can also apply to traces The troubleshooter is developed with Windows 10 clients in focus, but also may be useful with traces as far back as Windows 7.

Note

This troubleshooter uses examples that demonstrate a general strategy for navigating and interpreting wireless component Event Tracing for Windows (ETW). It is not meant to be representative of every wireless problem scenario.

Wireless ETW is incredibly verbose and calls out a lot of innocuous errors (rather flagged behaviors that have little or nothing to do with the problem scenario). Simply searching for or filtering on "err", "error." ", and" fail "will seldom lead you to the root cause of a problematic Wi-Fi scenario. Instead, the screen is filled with meaningless logs obscuring the context of the actual problem.Instead it will flood the screen with meaningless logs that will obfuscate the context of the actual problem.

It is important to understand the different Wi-Fi components involved, their expected behaviors, and how the problem scenario deviates from those expected behaviors. The intention of this troubleshooter is to show how to find a starting point in the verbosity of wireless_dbg ETW and home in on the responsible components that are causing the connection problem.

Known Issues and fixes


Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. You can check the update status on the update history website for your system: To verify the update status, refer to the appropriate update-history webpage for your system:

Data Collection

  1. Network Capture with ETW. Enter the following at an elevated command prompt:

  2. Reproduce the issue.

    • If there is a failure to establish connection, try to manually connect.
    • If it is intermittent but easily reproducible, try to manually connect until it fail Record the time of each connection attempt, and whether it was a success or failure.
    • If the problem occurs infrequently but infrequently, the "netsh trace stop" command must be triggered automatically (or at least reported quickly to the administrator) to ensure that the repro data is not overwritten by the trace. If the issue is intermittent but rare, netsh trace stop command needs to be triggered automatically (or at least alerted to admin quickly) to ensure trace doesn't overwrite the repro data.
    • If intermittent connection drops trigger stop command on, if intermittent connection drops trigger stop command on a script (ping or test network constantly until fail, then netsh trace stop).
  3. Stop the trace by entering the following command:

  4. To convert the output file to text format:

See the example ETW capture at the bottom of this article for an example of the command output.After running these commands, you will have three files: wireless .cab, wireless.etl and wireless.txt.After running these commands, you will have three files: wireless.cab, wireless.etl, and wireless.txt.

Troubleshooting

The following is a high-level view of the main wifi components in Windows.

The wifi connection state machine has the following states:

  • Reset Reset
  • Ihv_ConfiguringIhv_Configuring
  • ConfiguringConfiguring
  • Associating Associating
  • AuthenticatingAuthenticating
  • Roaming roaming
  • Wait_For_DisconnectedWait_For_Disconnected
  • DisconnectedDisconnected

Standard wifi connections tend to transition between states such as:

ConnectingConnecting

Reset -> Ihv_Configuring -> Configuring -> Associating -> Authenticating -> ConnectedReset -> Ihv_Configuring -> Configuring -> Associating -> Authenticating -> Connected

DisconnectingDisconnecting

Connected -> Roaming -> Wait_For_Disconnected -> Disconnected -> ResetConnected -> Roaming -> Wait_For_Disconnected -> Disconnected -> Reset

Filtering the ETW trace with the TextAnalysisTool (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful wifi filter file is included at the bottom of this article.

use this FSM transitionTrace filter to see the connection state machine FSM transition trace filter to see the connection state machine. You can see an example of this filter applied in the TAT at the bottom of this page.

The following is an example of a good connection setup:

44676 [2] 0F24.1020 :: 2018 - 09 - 17 10: 22: 14.658 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Disconnected to State: Reset 45473 [1] 0F24.1020 :: 2018 - 09 - 17 10: 22: 14.667 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Reset to State: Ihv_Configuring 45597 [3] 0F24.1020 :: 2018 - 09 - 17 10: 22: 14.708 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Ihv_Configuring to State: Configuring 46085 [2] 0F24.17E0 :: 2018 - 09 - 17 10: 22: 14.710 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Configuring to State: Associating 47393 [1] 0F24.1020 :: 2018-09-17 10: 22: 14.879 [Microsoft-Windows -WLAN-AutoConfig] FSM Transition from State: Associating to State: Authenticating 49465 [2] 0F24.17E0 :: 2018-09-17 10:22: 14.990 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Authenticating to State: Connected

The following is an example of a failed connection setup:

44676 [2] 0F24.1020 :: 2018 - 09 - 17 10: 22: 14.658 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Disconnected to State: Reset 45473 [1] 0F24.1020 :: 2018 - 09 - 17 10: 22: 14.667 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Reset to State: Ihv_Configuring 45597 [3] 0F24.1020 :: 2018 - 09 - 17 10: 22: 14.708 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Ihv_Configuring to State: Configuring 46085 [2] 0F24.17E0 :: 2018 - 09 - 17 10: 22: 14.710 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Configuring to State: Associating 47393 [1] 0F24.1020 :: 2018-09-17 10: 22: 14.879 [Microsoft-Windows -WLAN-AutoConfig] FSM Transition from State: Associating to State: Authenticating 49465 [2] 0F24.17E0 :: 2018-09-17 10: 22: 14.990 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Authenticating to State: Roaming

By identifying the state at which the connection fails, one can focus more specifically in the trace on logs just prior to the last known good state.

The investigation of [Microsoft-Windows-WLAN-AutoConfig]- Logs immediately prior to the transition to the defective state should provide evidence of a failure. Examining [Microsoft-Windows-WLAN-AutoConfig] logs just prior to the bad state change should show evidence of error. Often, however, the error is propagated up through other wireless components. In many cases, the MSM, which is directly below Wlansvc In many cases the next component of interest will be the MSM, which lies just below Wlansvc.

The important components of the MSM include:

  • Security Manager (SecMgr) - handles all pre and post-connection security operations.

  • Authentication Engine (AuthMgr) - Manages 802.1x auth requests

Each of these components has their own individual state machines which follow specific transitions. Activate the filters FSM transition, SecMgr transition and AuthMgr transition in the TextAnalysisTool for more details FSM transition, SecMgr transition, other AuthMgr transition filters in TextAnalysisTool for more detail.

Continuing with the example above, the combined filters look like this:

[2] 0C34.2FF0 :: 08/28 / 17-13: 24: 28.693 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Reset to State: Ihv_Configuring [2] 0C34.2FF0 :: 08/28 / 17-13: 24: 28.693 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Ihv_Configuring to State: Configuring [1] 0C34.2FE8 :: 08/28 / 17-13: 24: 28.711 [Microsoft-Windows- WLAN-AutoConfig] FSM Transition from State: Configuring to State: Associating [0] 0C34.275C :: 08/28 / 17-13: 24: 28.902 [Microsoft-Windows-WLAN-AutoConfig] Port [13] Peer 8A: 15 : 14: B6: 25: 10 SecMgr Transition INACTIVE (1) -> ACTIVE (2) [0] 0C34.275C :: 08/28 / 17-13: 24: 28.902 [Microsoft-Windows-WLAN-AutoConfig] port [13] Peer 8A: 15: 14: B6: 25: 10 SecMgr Transition ACTIVE (2) -> START AUTH (3) [4] 0EF8.0708 :: 08/28 / 17-13: 24: 28.928 [Microsoft -Windows-WLAN-AutoConfig] Port (14) Peer 0x186472F64FD2 AuthMgr Transition ENABLED -> START_AUTH [3] 0C34.2FE8 :: 08/28 / 17-13: 24: 28.902 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Associating to State: Authenticating [1] 0C34.2 75C :: 08/28 / 17-13: 24: 28.960 [Microsoft-Windows-WLAN-AutoConfig] Port [13] Peer 8A: 15: 14: B6: 25: 10 SecMgr Transition START AUTH (3) -> WAIT FOR AUTH SUCCESS (4) [4] 0EF8.0708 :: 08/28 / 17-13: 24: 28.962 [Microsoft-Windows-WLAN-AutoConfig] Port (14) Peer 0x186472F64FD2 AuthMgr Transition START_AUTH -> AUTHENTICATING [2] 0C34.2FF0 :: 08/28 / 17-13: 24: 29.751 [Microsoft-Windows-WLAN-AutoConfig] Port [13] Peer 8A: 15: 14: B6: 25: 10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) -> DEACTIVATE (11) [2] 0C34.2FF0 :: 08/28 / 17-13: 24: 29.7512788 [Microsoft-Windows-WLAN-AutoConfig] Port [13] Peer 8A: 15: 14: B6: 25: 10 SecMgr Transition DEACTIVATE (11) -> INACTIVE (1) [2] 0C34.2FF0 :: 08/28 / 17-13: 24: 29.7513404 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Authenticating to State : Roaming

Note

In the next to last line the SecMgr transition is suddenly deactivating:
[2] 0C34.2FF0 :: 08/28 / 17-13: 24: 29.7512788 [Microsoft-Windows-WLAN-AutoConfig] Port [13] Peer 8A: 15: 14: B6: 25: 10 SecMgr Transition DEACTIVATE (11) -> INACTIVE (1) [2] 0C34.2FF0 :: 08/28 / 17-13: 24: 29.7512788 [Microsoft-Windows-WLAN-AutoConfig] Port [13] Peer 8A: 15: 14: B6: 25: 10 SecMgr Transition DEACTIVATE (11) -> INACTIVE (1)

This transition is what eventually propagates to the main connection state machine and causes the Authenticating phase to devolve to Roaming state. As before, it makes sense to focus on tracing just prior to this SecMgr behavior to determine the reason for the deactivation.

If you have the filter Microsoft-Windows-WLAN-AutoConfig activate, further details are displayed that lead to the DEACTIVATE transition: Enabling the Microsoft-Windows-WLAN-AutoConfig filter will show more detail leading to the DEACTIVATE transition:

[3] 0C34.2FE8 :: 08/28 / 17-13: 24: 28.902 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Associating to State: Authenticating [1] 0C34.275C :: 08/28 / 17-13: 24: 28.960 [Microsoft-Windows-WLAN-AutoConfig] Port [13] Peer 8A: 15: 14: B6: 25: 10 SecMgr Transition START AUTH (3) -> WAIT FOR AUTH SUCCESS (4) [ 4] 0EF8.0708 :: 08/28 / 17-13: 24: 28.962 [Microsoft-Windows-WLAN-AutoConfig] Port (14) Peer 0x186472F64FD2 AuthMgr Transition START_AUTH -> AUTHENTICATING [0] 0EF8.2EF4 :: 08 /28/17-13:24:29.549 [Microsoft-Windows-WLAN-AutoConfig] Received Security Packet: PHY_STATE_CHANGE [0] 0EF8.2EF4 :: 08/28 / 17-13: 24: 29.549 [Microsoft-Windows-WLAN- AutoConfig] Change radio state for interface = Intel (R) Centrino (R) Ultimate-N 6300 AGN: PHY = 3, software state = on, hardware state = off) [0] 0EF8.1174 :: 08/28/17 -13: 24: 29.705 [Microsoft-Windows-WLAN-AutoConfig] Received Security Packet: PORT_DOWN [0] 0EF8.1174 :: 08/28 / 17-13: 24: 29.705 [Microsoft-Windows-WLAN-AutoConfig] FSM Current state Authenticating, e vent Upcall_Port_Down [0] 0EF8.1174 :: 08/28 / 17-13: 24: 29.705 [Microsoft-Windows-WLAN-AutoConfig] Received IHV PORT DOWN, peer 0x186472F64FD2 [2] 0C34.2FF0 :: 08/28/17 -13: 24: 29.751 [Microsoft-Windows-WLAN-AutoConfig] Port [13] Peer 8A: 15: 14: B6: 25: 10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) -> DEACTIVATE (11) [2] 0C34.2FF0 :: 08/28 / 17-13: 24: 29.7512788 [Microsoft-Windows-WLAN-AutoConfig] Port [13] Peer 8A: 15: 14: B6: 25: 10 SecMgr Transition DEACTIVATE (11) -> INACTIVE (1) [2] 0C34.2FF0 :: 08/28 / 17-13: 24: 29.7513404 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Authenticating to State: Roaming

When tracing back you come across one Port Down-Notification: The trail backwards reveals a Port Down notification:

[0] 0EF8.1174 :: 08/28 / 17-13: 24: 29.705 [Microsoft-Windows-WLAN-AutoConfig] Received IHV PORT DOWN, peer 0x186472F64FD2 [0] 0EF8.1174 :: 08/28 / 17-13 : 24: 29.705 [Microsoft-Windows-WLAN-AutoConfig] Received IHV PORT DOWN, peer 0x186472F64FD2

Port events indicate changes closer to the wireless hardware.The trail can be followed by continuing to see the origin of this indication.

Below, the MSM is the native wifi stack. These are Windows native wifi drivers which talk to the wifi miniport It is responsible for converting Wi-Fi (802.11) packets to 802.3 (Ethernet) so that TCPIP and other protocols and can use it.

Enable trace filters for [Microsoft-Windows-NWifi]:Enable trace filter for [Microsoft-Windows-NWifi]:

[3] 0C34.2FE8 :: 08/28 / 17-13: 24: 28.902 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Associating to State: Authenticating [1] 0C34.275C :: 08/28 / 17-13: 24: 28.960 [Microsoft-Windows-WLAN-AutoConfig] Port [13] Peer 8A: 15: 14: B6: 25: 10 SecMgr Transition START AUTH (3) -> WAIT FOR AUTH SUCCESS (4) [ 4] 0EF8.0708 :: 08/28 / 17-13: 24: 28.962 [Microsoft-Windows-WLAN-AutoConfig] Port (14) Peer 0x8A1514B62510 AuthMgr Transition START_AUTH -> AUTHENTICATING [0] 0000.0000 :: 08/28 /17-13:24:29.127 [Microsoft-Windows-NWiFi] DisAssoc: 0x8A1514B62510 Reason: 0x4 [0] 0EF8.2EF4 :: 08/28 / 17-13: 24: 29.549 [Microsoft-Windows-WLAN-AutoConfig] Received Security Packet: PHY_STATE_CHANGE [0] 0EF8.2EF4 :: 08/28 / 17-13: 24: 29.549 [Microsoft-Windows-WLAN-AutoConfig] Change radio state for interface = Intel (R) Centrino (R) Ultimate-N 6300 AGN: PHY = 3, software state = on, hardware state = off) [0] 0EF8.1174 :: 08/28 / 17-13: 24: 29.705 [Microsoft-Windows-WLAN-AutoConfig] Received Security Packet: PORT_DOWN [0] 0EF8. 1174 :: 08/28 / 17-13: 24: 29.705 [Microsoft-Windows-WLAN-AutoConfig] FSM Current state Authenticating, event Upcall_Port_Down [0] 0EF8.1174 :: 08/28 / 17-13: 24: 29.705 [Microsoft-Windows-WLAN-AutoConfig] Received IHV PORT DOWN, peer 0x186472F64FD2 [2] 0C34.2FF0 :: 08/28 / 17-13: 24: 29.751 [Microsoft-Windows-WLAN-AutoConfig] Port [13] Peer 8A : 15: 14: B6: 25: 10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) -> DEACTIVATE (11) [2] 0C34.2FF0 :: 08/28 / 17-13: 24: 29.7512788 [Microsoft-Windows- WLAN-AutoConfig] Port [13] Peer 8A: 15: 14: B6: 25: 10 SecMgr Transition DEACTIVATE (11) -> INACTIVE (1) [2] 0C34.2FF0 :: 08/28 / 17-13: 24 : 29.7513404 [Microsoft-Windows-WLAN-AutoConfig] FSM Transition from State: Authenticating to State: Roaming

In the trace above, we see the line:

[0] 0000.0000 :: 08/28 / 17-13: 24: 29.127 [Microsoft-Windows-NWiFi] DisAssoc: 0x8A1514B62510 Reason: 0x4

Following PHY_STATE_CHANGE- and PORT_DOWN-Access Point (AP) cancellation events indicating that the connection should be refused.This is followed by PHY_STATE_CHANGE other PORT_DOWN events due to a disassociate coming from the Access Point (AP), as an indication to deny the connection. This could be due to invalid credentials, connection parameters, loss of signal / roaming, and various other reasons for the connection being lost be due to invalid credentials, connection parameters, loss of signal / roaming, and various other reasons for aborting a connection. The action here would be to investigate the reason for the override given by the specified AP MAC (8A: 15: 14: B6 The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A: 15: 14: B6: 25: 10). This would be done by examining the internal logging / tracing This would be done by examining internal logging / tracing from the AP.

ResourcesResources

802.11 Wireless Tools and Settings
Understanding 802.1X authentication for wireless networks

Example of ETW capture

C: \ tmp> netsh trace start wireless_dbg capture = yes overwrite = yes maxsize = 4096 tracefile = c: \ tmp \ wireless.etl Trace configuration: ------------------- ------------------------------------------------ Status: Running Trace File: C: \ tmp \ wireless.etl Append: Off Circular: On Max Size: 4096 MB Report: Off C: \ tmp> netsh trace stop Correlating traces ... done Merging traces ... done Generating data collection. .. done The trace file and additional troubleshooting information have been compiled as "c: \ tmp \ wireless.cab". File location = c: \ tmp \ wireless.etl Tracing session was successfully stopped. C: \ tmp> netsh trace convert c: \ tmp \ wireless.etl Input file: c: \ tmp \ wireless.etl Dump file: c: \ tmp \ wireless.txt Dump format: TXT Report file: - Generating dump .. . done C: \ tmp> dir Volume in drive C has no label. Volume Serial Number is 58A8-7DE5 Directory of C: \ tmp 01/09/2019 02:59 PM [DIR]. 09/01/2019 02:59 PM [DIR] .. 09/01/2019 02:59 PM 4,855,952 wireless.cab 09/01/2019 02:56 PM 2,752,512 wireless.etl 09/01/2019 02:59 PM 2,786,540 wireless.txt 3 File (s) 10,395,004 bytes 2 Dir (s) 46,648,332,288 bytes free

WiFi filter file

Copy and paste all the lines below and save them into a text file named "wifi.tat." Load the filter file into the TextAnalysisTool by clicking on File> Load Filter Load the filter file into the TextAnalysisTool by clicking File> Load Filters.

TextAnalysisTool example

In the example below, the View settings configured so that only filtered lines are displayed.In the following example, the View settings are configured to Show Only Filtered Lines.