AAA, NAC, Guest Access & BYOD

Apple TV failing authentication fails on CPPM

by on ‎07-14-2014 07:16 AM

Question : I am unable to connect my Apple TV through Clearpass and get an error message "client did not complete eap transaction"

 

Environment Information : This applies to CPPM version 6.2 and greater

 

Symptoms : The following error is seen on the access tracker log.

Alerts -
 Error Code: 9002
 Error Category: RADIUS protocol
 Error Message: Request timed out
 Alerts for this Request -
   Policy server: Failed to get value for attributes=[Device Name]
   RADIUS: Client did not complete EAP transaction

We would see the below errors in the dashboard logs.


2014-01-15 11:36:59,769 [AuthReqThreadPool-27-0x7f3dfa1f0700 r=R0002e5ca-01-52d6b8fd h=68] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(sAMAccountName=%{Host:Name}$)(objectClass=computer)), error=No values for param=Host:Name
2014-01-15 11:36:59,769 [AuthReqThreadPool-27-0x7f3dfa1f0700 r=R0002e5ca-01-52d6b8fd h=68] WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(sAMAccountName=%{Host:Name}$)(objectClass=computer))
2014-01-15 11:36:59,769 [AuthReqThreadPool-27-0x7f3dfa1f0700 r=R0002e5ca-01-52d6b8fd h=68] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(sAMAccountName=%{OnboardSmiley Surprisedwner})(objectClass=user)), error=No values for param=OnboardSmiley Surprisedwner
2014-01-15 11:36:59,769 [AuthReqThreadPool-27-0x7f3dfa1f0700 r=R0002e5ca-01-52d6b8fd h=68] WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(sAMAccountName=%{OnboardSmiley Surprisedwner})(objectClass=user))
2014-01-15 11:36:59,769 [AuthReqThreadPool-13-0x7f3dfbdfe700 r=R0002e5ca-01-52d6b8fd h=74] ERROR ExtDB.DBQuery - ResultSet is empty
2014-01-15 11:36:59,770 [AuthReqThreadPool-27-0x7f3dfa1f0700 r=R0002e5ca-01-52d6b8fd h=68] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(distinguishedName=%{Onboard memberOf}), error=No values for param=Onboard memberOf
2014-01-15 11:36:59,770 [AuthReqThreadPool-27-0x7f3dfa1f0700 r=R0002e5ca-01-52d6b8fd h=68] WARN Ldap.LdapQuery - execute: Failed to construct filter=(distinguishedName=%{Onboard memberOf})
2014-01-15 11:36:59,770 [AuthReqThreadPool-27-0x7f3dfa1f0700 r=R0002e5ca-01-52d6b8fd h=68] WARN Ldap.LdapQuery - Failed to get value for attributes=HostName, OSServicePack, Onboard Groups, OperatingSystem, Phone, Title]
2014-01-15 11:36:59,770 [AuthReqThreadPool-29-0x7f3df9dee700 r=R0002e5ca-01-52d6b8fd h=70] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(sAMAccountName=%{Host:Name}$)(objectClass=computer)), error=No values for param=Host:Name
2014-01-15 11:36:59,770 [AuthReqThreadPool-29-0x7f3df9dee700 r=R0002e5ca-01-52d6b8fd h=70] WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(sAMAccountName=%{Host:Name}$)(objectClass=computer))
2014-01-15 11:36:59,770 [AuthReqThreadPool-21-0x7f3dfadf6700 r=R0002e5ca-01-52d6b8fd h=62] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(sAMAccountName=%{Host:Name}$)(objectClass=computer)), error=No values for param=Host:Name
2014-01-15 11:36:59,770 [AuthReqThreadPool-13-0x7f3dfbdfe700 r=R0002e5ca-01-52d6b8fd h=74] ERROR ExtDB.DBQuery - Failed to get value for attributes=Device Name]
2014-01-15 11:36:59,770 [AuthReqThreadPool-29-0x7f3df9dee700 r=R0002e5ca-01-52d6b8fd h=70] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(sAMAccountName=%{OnboardSmiley Surprisedwner})(objectClass=user)), error=No values for param=OnboardSmiley Surprisedwner
2014-01-15 11:36:59,770 [AuthReqThreadPool-21-0x7f3dfadf6700 r=R0002e5ca-01-52d6b8fd h=62] WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(sAMAccountName=%{Host:Name}$)(objectClass=computer))
2014-01-15 11:36:59,771 [AuthReqThreadPool-29-0x7f3df9dee700 r=R0002e5ca-01-52d6b8fd h=70] WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(sAMAccountName=%{OnboardSmiley Surprisedwner})(objectClass=user))
2014-01-15 11:36:59,771 [AuthReqThreadPool-21-0x7f3dfadf6700 r=R0002e5ca-01-52d6b8fd h=62] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(sAMAccountName=%{OnboardSmiley Surprisedwner})(objectClass=user)), error=No values for param=OnboardSmiley Surprisedwner
2014-01-15 11:36:59,771 [AuthReqThreadPool-29-0x7f3df9dee700 r=R0002e5ca-01-52d6b8fd h=70] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(distinguishedName=%{Onboard memberOf}), error=No values for param=Onboard memberOf
2014-01-15 11:36:59,771 [AuthReqThreadPool-21-0x7f3dfadf6700 r=R0002e5ca-01-52d6b8fd h=62] WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(sAMAccountName=%{OnboardSmiley Surprisedwner})(objectClass=user))
2014-01-15 11:36:59,771 [AuthReqThreadPool-29-0x7f3df9dee700 r=R0002e5ca-01-52d6b8fd h=70] WARN Ldap.LdapQuery - execute: Failed to construct filter=(distinguishedName=%{Onboard memberOf})
2014-01-15 11:36:59,771 [AuthReqThreadPool-29-0x7f3df9dee700 r=R0002e5ca-01-52d6b8fd h=70] WARN Ldap.LdapQuery - Failed to get value for attributes=HostName, OSServicePack, Onboard Groups, OperatingSystem, Phone, Title]
2014-01-15 11:36:59,771 [AuthReqThreadPool-21-0x7f3dfadf6700 r=R0002e5ca-01-52d6b8fd h=62] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(distinguishedName=%{Onboard memberOf}), error=No values for param=Onboard memberOf
2014-01-15 11:36:59,771 [AuthReqThreadPool-21-0x7f3dfadf6700 r=R0002e5ca-01-52d6b8fd h=62] WARN Ldap.LdapQuery - execute: Failed to construct filter=(distinguishedName=%{Onboard memberOf})
2014-01-15 11:36:59,771 [AuthReqThreadPool-21-0x7f3dfadf6700 r=R0002e5ca-01-52d6b8fd h=62] WARN Ldap.LdapQuery - Failed to get value for attributes=HostName, OSServicePack, Onboard Groups, OperatingSystem, Phone, Title]

 

Cause : The above error is caused because the Server certificate  of CPPM along with the trust chain(Intermediate and Root)is not installed on the  Apple TV

 

Resolution : This can be addressed by adding the CPPM server certificate to the Apple TV.

Under the "certificates" section of the profile to be installed on Apple TV, make sure that all certificates are uploaded (Root, any intermediate certs and CPPM cert).

In the "Wi-Fi" payload section under the "Enterprise Settings" click on the "Trust" tab and then check all certificates under "trusted certificates". Then make sure that the CN of the CPPM server certificate is listed under the "Trusted Server Certificate Names" section.

 

Please refer to Apple knowledge base article "http://support.apple.com/kb/ht5210" which provides more insight.

Comments
Hephzibah11

I am getting the same error message on a Kindle Fire.  Most of the time it completes the authentication request but then when obtaining an IP address it fails and gets the 9002 error in the timeout message.  There isn't a certificate store that I can find on the Kindle.  Any ideas?

 

Thanks Much

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.