Aruba Instant & Cloud Wi-Fi

Reply
Contributor I
Posts: 20
Registered: ‎11-16-2012

iPhones not connecting to WPA2 Enteprise Network in Office

Hi,

Recently a problem has surfaced where our company iPhones mostly IOS 7.04 have difficulty or cannot connect to the WLAN.

We have 2 IAP105 Access Points and both have been working for quite some time.

I even had one replaced under warranty because I thought it was the AP causing the problem.

All Wireless laptops connect to the AP using the same WPA2 Enterprise SSID and have no problems.

The configuration is delivered to laptop devices via Group Policy.

The configurations are delivered to the phones via AirWatch MDM server and have been working for quite some time.

The AP105's are software version 6.2.1.0-3.4.0.1_39461.

 

I cant find any logs showing a clue as to any error message.

The client list on the AP actually shows the devices in the list as being connected, however as you look at the device itself it appears the device iPhone4s is continually searching for the Network, i.e there is no tick mark against the SSID.

The Network Policy and Access service on our Windows 2008 server even reports that access is granted

"Network Policy Server granted full access to a user because the host met the defined health policy".

Yet the phones appear to be still trying to connect to the WLAN.

 

Anyone experience anything like this before?

Any help greatly appreciated.

 

 

 

Aruba Employee
Posts: 201
Registered: ‎07-14-2013

Re: iPhones not connecting to WPA2 Enteprise Network in Office

Can you send us the output of ?show tech-support? from the AP?
Contributor I
Posts: 20
Registered: ‎11-16-2012

Re: iPhones not connecting to WPA2 Enteprise Network in Office

Hi,

Yes I have attached the Show Tech Support file.

Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: iPhones not connecting to WPA2 Enteprise Network in Office

I assume the ssid you are referring to is ShimSYDEnt ?

 

Try and unhide the ssid to see if this makes a difference.

 

It sounds like the devices are not getting an ip address for whatever reason.  Try some of the support commands specific to dhcp and see if anything jumps out.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
MVP
Posts: 1,418
Registered: ‎10-25-2011

Re: iPhones not connecting to WPA2 Enteprise Network in Office

Is OKC disabled? Apple devices do not support OKC. Make sure that is unchecked.

Capture.PNG

 

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Contributor I
Posts: 20
Registered: ‎11-16-2012

Re: iPhones not connecting to WPA2 Enteprise Network in Office

Yes the ssid is ShimSYDEnt.

The virtuall controller inidicates the iphone devices are given IP addresses. See attachment.

Unhiding the SSID made no difference.

Yesterday after around half an hour iPhone devices were connecting.

This morning they are not.

At no time are any other devices having a problem, eg our laptops.

Contributor I
Posts: 20
Registered: ‎11-16-2012

Re: iPhones not connecting to WPA2 Enteprise Network in Office

Sorry I cant find OKC. OKC is not on my security screen. However Iphones were working before. Ios upgrades maybe wrecking havoc on wireless on the iphones?

 

 

Capture2.JPG

 

Contributor I
Posts: 20
Registered: ‎11-16-2012

Re: iPhones not connecting to WPA2 Enteprise Network in Office

Hi,

I am still struggling with this.

I found below, expired certificate.

Could this be the problem, but Laptops still connect to the ShimSYDEnt SSID.

 

 

Capture4.JPG

 

Anyway I tried to load a new certificate and get the error below.

 

Capture3.JPG

I generated a certificate request on a windows 2008 server via Certificates MMC.

Then I opened the certificate authority Administrative tool on the 2008 server (same machine) and submitted new request and recived the certificate file which I saved in X.509 Certificate (*.cer;*.crt,*.der) format.

The certificate seems ok see image below.

Capture5.JPG

 

But trying to load it to the IAP I have no Idea what to do.

I didnt get asked for a Passphrase so tried something random and just blank but get the same message above about pass_phase error.

Any ideas?

Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: iPhones not connecting to WPA2 Enteprise Network in Office

OKC support was introduced in version 6.3.1-4.0 so is not applicable to your version.

 

What do the logs on the radius server show you?  The config looks fine there, so it may be best to get TAC involved who can better pinpoint what the issue is.

 

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Contributor I
Posts: 20
Registered: ‎11-16-2012

Re: iPhones not connecting to WPA2 Enteprise Network in Office

I have been tailing the logs on the Radius server.

The tracing log is enabled in the Windows 2008 Server.

The log file IASSAM.log indicates that the sopm\sopmwirless eap authentication succeeded.

However then the log recieves another request from the same device

[4436] 02-12 15:50:20:303: NT-SAM Names handler received request with user identity sopm\sopmwireless.
[4436] 02-12 15:50:20:303: Username is already an NT4 account name.
[4436] 02-12 15:50:20:303: SAM-Account-Name is "SOPM\sopmwireless".
[4436] 02-12 15:50:20:303: Successfully created new RAP Based EAP session for user SOPM\sopmwireless.
[4436] 02-12 15:50:20:303: No AUTHENTICATION extensions, continuing
[4436] 02-12 15:50:20:303: NT-SAM Authentication handler received request for SOPM\sopmwireless.
[4436] 02-12 15:50:20:303: Validating windows user account SOPM\sopmwireless
[4436] 02-12 15:50:20:303: Sending LDAP search to SOPM-DC1.sopm.shimadzu.com.au.
[4436] 02-12 15:50:20:303: Successfully validated windows account SOPM\sopmwireless.
[4436] 02-12 15:50:20:303: Allowed EAP type: 25
[4436] 02-12 15:50:20:303: Succesfully created EAP Host session with session id 2641
[4436] 02-12 15:50:20:303: Processing output from EAP: action:1
[4436] 02-12 15:50:20:303: Inserting outbound EAP-Message of length 6.
[4436] 02-12 15:50:20:303: Issuing Access-Challenge.
[4436] 02-12 15:50:20:303: No AUTHORIZATION extensions, continuing
[2536] 02-12 15:50:20:350: Successfully retrieved session (2641) for user SOPM\sopmwireless.
[2536] 02-12 15:50:20:350: No AUTHENTICATION extensions, continuing
[2536] 02-12 15:50:20:350: Processing output from EAP: action:1
[2536] 02-12 15:50:20:350: Inserting outbound EAP-Message of length 1096.
[2536] 02-12 15:50:20:350: Issuing Access-Challenge.
[2536] 02-12 15:50:20:350: No AUTHORIZATION extensions, continuing
[4436] 02-12 15:50:20:413: Successfully retrieved session (2641) for user SOPM\sopmwireless.
[4436] 02-12 15:50:20:413: No AUTHENTICATION extensions, continuing
[4436] 02-12 15:50:20:413: Processing output from EAP: action:1
[4436] 02-12 15:50:20:413: Inserting outbound EAP-Message of length 1096.
[4436] 02-12 15:50:20:413: Issuing Access-Challenge.
[4436] 02-12 15:50:20:413: No AUTHORIZATION extensions, continuing
[2536] 02-12 15:50:20:460: Successfully retrieved session (2641) for user SOPM\sopmwireless.
[2536] 02-12 15:50:20:460: No AUTHENTICATION extensions, continuing
[2536] 02-12 15:50:20:460: Processing output from EAP: action:1
[2536] 02-12 15:50:20:460: Inserting outbound EAP-Message of length 1096.
[2536] 02-12 15:50:20:460: Issuing Access-Challenge.
[2536] 02-12 15:50:20:460: No AUTHORIZATION extensions, continuing
[4436] 02-12 15:50:20:522: Successfully retrieved session (2641) for user SOPM\sopmwireless.
[4436] 02-12 15:50:20:522: No AUTHENTICATION extensions, continuing
[4436] 02-12 15:50:20:522: Processing output from EAP: action:1
[4436] 02-12 15:50:20:522: Inserting outbound EAP-Message of length 1096.
[4436] 02-12 15:50:20:522: Issuing Access-Challenge.
[4436] 02-12 15:50:20:522: No AUTHORIZATION extensions, continuing
[2536] 02-12 15:50:20:569: Successfully retrieved session (2641) for user SOPM\sopmwireless.
[2536] 02-12 15:50:20:569: No AUTHENTICATION extensions, continuing
[2536] 02-12 15:50:20:569: Processing output from EAP: action:1
[2536] 02-12 15:50:20:569: Inserting outbound EAP-Message of length 84.
[2536] 02-12 15:50:20:569: Issuing Access-Challenge.
[2536] 02-12 15:50:20:569: No AUTHORIZATION extensions, continuing
[2536] 02-12 15:50:20:616: Successfully retrieved session (2641) for user SOPM\sopmwireless.
[2536] 02-12 15:50:20:616: No AUTHENTICATION extensions, continuing
[2536] 02-12 15:50:20:632: Processing output from EAP: action:1
[2536] 02-12 15:50:20:632: Inserting outbound EAP-Message of length 69.
[2536] 02-12 15:50:20:632: Issuing Access-Challenge.
[2536] 02-12 15:50:20:632: No AUTHORIZATION extensions, continuing
[4436] 02-12 15:50:20:679: Successfully retrieved session (2641) for user SOPM\sopmwireless.
[4436] 02-12 15:50:20:679: No AUTHENTICATION extensions, continuing
[4436] 02-12 15:50:20:679: Processing output from EAP: action:1
[4436] 02-12 15:50:20:679: Inserting outbound EAP-Message of length 43.
[4436] 02-12 15:50:20:679: Issuing Access-Challenge.
[4436] 02-12 15:50:20:679: No AUTHORIZATION extensions, continuing
[4436] 02-12 15:50:20:710: Successfully retrieved session (2641) for user SOPM\sopmwireless.
[4436] 02-12 15:50:20:710: No AUTHENTICATION extensions, continuing
[4436] 02-12 15:50:20:710: Processing output from EAP: action:1
[4436] 02-12 15:50:20:710: Inserting outbound EAP-Message of length 59.
[4436] 02-12 15:50:20:710: Issuing Access-Challenge.
[4436] 02-12 15:50:20:710: No AUTHORIZATION extensions, continuing
[4436] 02-12 15:50:20:757: Successfully retrieved session (2641) for user SOPM\sopmwireless.
[4436] 02-12 15:50:20:757: No AUTHENTICATION extensions, continuing
[4436] 02-12 15:50:20:757: Processing output from EAP: action:1
[4436] 02-12 15:50:20:757: Inserting outbound EAP-Message of length 75.
[4436] 02-12 15:50:20:757: Issuing Access-Challenge.
[4436] 02-12 15:50:20:757: No AUTHORIZATION extensions, continuing
[2536] 02-12 15:50:20:804: Successfully retrieved session (2641) for user SOPM\sopmwireless.
[2536] 02-12 15:50:20:804: No AUTHENTICATION extensions, continuing
[2536] 02-12 15:50:20:804: Processing output from EAP: action:1
[2536] 02-12 15:50:20:804: Inserting outbound EAP-Message of length 91.
[2536] 02-12 15:50:20:804: Issuing Access-Challenge.
[2536] 02-12 15:50:20:804: No AUTHORIZATION extensions, continuing
[4436] 02-12 15:50:20:913: Successfully retrieved session (2641) for user SOPM\sopmwireless.
[4436] 02-12 15:50:20:913: No AUTHENTICATION extensions, continuing
[4436] 02-12 15:50:20:913: Processing output from EAP: action:3
[4436] 02-12 15:50:20:913: onIndicateTLV: Injecting All Attributes Returned by EAP
[4436] 02-12 15:50:20:913: Translating attributes returned by EAPHost.
[4436] 02-12 15:50:20:913: Inserting attribute 4120
[4436] 02-12 15:50:20:913: Inserting attribute 4145
[4436] 02-12 15:50:20:913: Inserting attribute 8102
[4436] 02-12 15:50:20:913: Inserting attribute 8102
[4436] 02-12 15:50:20:913: Processing PEAP TLVs
[4436] 02-12 15:50:20:913: Forward Result-TLV and Inner Method TLV
[4436] 02-12 15:50:20:913: No AUTHORIZATION extensions, continuing
[4436] 02-12 15:50:20:913: pEapHost->EapHostAuthenticatorSetAttributes called succesfullywith 1 EAP attributes
[4436] 02-12 15:50:20:913: Processing output from EAP: action:1
[4436] 02-12 15:50:20:913: Inserting outbound EAP-Message of length 107.
[4436] 02-12 15:50:20:913: Issuing Access-Challenge.
[4436] 02-12 15:50:20:991: Successfully retrieved session (2641) for user SOPM\sopmwireless.
[4436] 02-12 15:50:20:991: No AUTHENTICATION extensions, continuing
[4436] 02-12 15:50:20:991: Processing output from EAP: action:2
[4436] 02-12 15:50:20:991: Translating attributes returned by EAPHost.
[4436] 02-12 15:50:20:991: Inserting attribute 4120
[4436] 02-12 15:50:20:991: Inserting attribute 4145
[4436] 02-12 15:50:20:991: Inserting attribute 8100
[4436] 02-12 15:50:20:991: Inserting attribute 8099
[4436] 02-12 15:50:20:991: Inserting attribute 4140
[4436] 02-12 15:50:20:991: Inserting attribute 4141
[4436] 02-12 15:50:20:991: EAP authentication succeeded.
[4436] 02-12 15:50:20:991: No AUTHORIZATION extensions, continuing
[4436] 02-12 15:50:20:991: Inserting outbound EAP-Message of length 4.

 

 

And it just continues over and over again.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: