Controllerless Networks

Reply
New Contributor

Instant IAP MIC error integrity check

Good day all

I have three IAP units - 103, 104, 105.  All run v. 6.4.2.6-4.1.1.6_50009.  I manage them as a group.

 

Recently some clients that used to connect without error now fail to connect because "...the integrity check of the recieved message (MIC) has failed.".  I see where reasons for this error are given as a) system congestion, b) hacking, or c) incorrect or outdated client settings/drivers.

 

I have two wifi SSIDs - Guest and Main. Guest runs through VLAN 4 and Main through VLAN 1.

 

I waited for the weekend when there were just three or four devices connected to wifi. I then used a Win7 and a Win10 endpoint both of which had started failing to connect.  On the Win7 machine I manually created a new wifi connection and specified WPA2 with AES. That failed to connect.  On the Win10 machine I rechecked the settings and tried again. That also failed.  Interestingly the Win10 machine WILL connect to the Guest network.

 

I used putty and CLI to check that no DHCP errors were in the mix.  I used debug pkt match mac, debug pkt mac XX:XX:XX:XX:XX, debug pkt type dhcp, and debug pkt dump.  No traffic during the failed connect attempts as was expected.

 

I ran AP LOG ALL under support and see the MIC errors for the mac addresses, but not much else.

 

I am stumped here - any help would be appreciated. I trust this is just a "Doh!" moment for me.

 

Thanks for any thoughts or comments.

 

 

2016-02-25 Update.  

* I updated both Main and Guest networks change from strict WPA2 to WPA2 & WPA.  I rebooted all IAPs.

----- no changes observed. Certain machines still get integrity check errors. Failing machines are mostly fully patched Dell or Microsoft Win10 devices.

 

* I used an iPhone6 that was attached to the Guest network and working correctly. I removed the connect on the phone using the Forget Network option.  I then tried to reconnect to the Guest network.

-----  the Aruba devices now complain that this device has an encryption problem and I see an entry in the Client table with 0.0.0.0 and the phone's MAC address, but no connection is registered on the phone

 

 

 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: