ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 36
Registered: ‎04-03-2007

Replay counter error

I am seeing lots of replay counter errors in a all my controllers. I have looked it up in the support site and found what I thought was the solution in Answer ID
450. I have changed the interval from the default of 1000 and have gone as high as 5000 and I still can not get rid of the error. Could there be something else that could be causing this

Apr 12 07:14:41 |authmgr| WPA2 Key message 2 from Station 00:26:bb:47:35:99 00:24:6c:b0:d8:d0 ftaap37-on-the-ceiling-between-rooms-332-334 did not match the replay counter 03 vs 04
Apr 12 07:27:00 |authmgr| WPA2 Key message 2 from Station f4:ce:46:68:69:bb 00:24:6c:10:2f:f0 cvaap111-rm-112-right-side did not match the replay counter 069 vs 070
Apr 12 07:30:31 |authmgr| WPA2 Key message 2 from Station f4:ce:46:68:69:bb 00:24:6c:10:2f:f0 cvaap111-rm-112-right-side did not match the replay counter 073 vs 074
Apr 12 07:32:28 |authmgr| WPA2 Key message 2 from Station f4:ce:46:68:69:bb 00:24:6c:10:2f:f0 cvaap111-rm-112-right-side did not match the replay counter 077 vs 078
Apr 12 07:32:39 |authmgr| WPA2 Key message 2 from Station f4:ce:46:68:69:bb 00:24:6c:10:2f:f0 cvaap111-rm-112-right-side did not match the replay counter 081 vs 082
Apr 12 08:00:03 |authmgr| WPA2 Key message 4 from Station 00:24:d7:36:35:ac 00:24:6c:b0:b5:10 ftaap18-rm-100c-right-side did not match the replay counter 01 vs 02
Apr 12 08:25:29 |authmgr| WPA2 Key message 4 from Station 60:33:4b:3f:a7:48 00:24:6c:b0:f3:b0 ftaap43-rm-400-right-side did not match the replay counter 01 vs 02
Brian
Occasional Contributor I
Posts: 7
Registered: ‎10-20-2010

Same issue

I am seeing the same issue on Intermec handhelds. What was your solution?
Guru Elite
Posts: 20,578
Registered: ‎03-29-2007

Re: Replay counter error

I am going to quote someone from engineering:

"One reason could be that STA sent WPA message 2 pretty late and by the time Authenticator received message 2, it had already retried Message 1 (when Authenticator assumed Message 1 failed to reach STA). This could happen if client is very slow – in that case increasing WPA message timeout on the Authenticator should improve.
Another reason, unlikely, could be that Message 2 received by the AP but processed very late (after message 1 retry) resulting replay counter mismatch.
Over the air wireless capture with wireshark/omnipeek can confirm where the problem is."

You should open a support ticket if you perceive that you are having issues with your clients. They will tell you if you even have to adjust any timers, or if you can ignore it.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: