We have a number of laptops that are mobile labs (Tanks) and in the library for students to check out.
We push the 802.1x settings via AD and it works very well. The problem we have run into is that when we have login set to 'user or computer' and check single sign-on it comes up and logs into the network using the computer name just fine. But then when the user logs in it immediately authenticates 802.1x as the user and then proceeds to churn until ultimately failing with "No logon servers found".
The strangest thing about this is that packet captures reveal that while the machine is churning it is sending out ARPs for its gateway. The gateway replies but the client ignores it. It does this 30-40 times before giving up.
If the user has logged onto the machine before they will get on with cached credentials and they will be fine, other than being grumpy over how long it takes to get on. If they have never logged on before they will get the dreaded "No logon servers found"
Doing a 'ARP -a' at the command line reveals the gateway address is listed and the machine is able to browse just fine.
I don't think this is a wireless\policy issue as I set up the client to get our IT_Admins profile no matter what and also after the client finally stops asking for the gateway's mac address everything is fine.
Our work around is to just set it to Computer authentication only. This is a bummer because we lose visibility as well as the ability to apply user based profiles.