Controllerless Networks

Reply
New Contributor

Instant IAP MIC error integrity check

Good day all

I have three IAP units - 103, 104, 105.  All run v. 6.4.2.6-4.1.1.6_50009.  I manage them as a group.

 

Recently some clients that used to connect without error now fail to connect because "...the integrity check of the recieved message (MIC) has failed.".  I see where reasons for this error are given as a) system congestion, b) hacking, or c) incorrect or outdated client settings/drivers.

 

I have two wifi SSIDs - Guest and Main. Guest runs through VLAN 4 and Main through VLAN 1.

 

I waited for the weekend when there were just three or four devices connected to wifi. I then used a Win7 and a Win10 endpoint both of which had started failing to connect.  On the Win7 machine I manually created a new wifi connection and specified WPA2 with AES. That failed to connect.  On the Win10 machine I rechecked the settings and tried again. That also failed.  Interestingly the Win10 machine WILL connect to the Guest network.

 

I used putty and CLI to check that no DHCP errors were in the mix.  I used debug pkt match mac, debug pkt mac XX:XX:XX:XX:XX, debug pkt type dhcp, and debug pkt dump.  No traffic during the failed connect attempts as was expected.

 

I ran AP LOG ALL under support and see the MIC errors for the mac addresses, but not much else.

 

I am stumped here - any help would be appreciated. I trust this is just a "Doh!" moment for me.

 

Thanks for any thoughts or comments.

 

 

2016-02-25 Update.  

* I updated both Main and Guest networks change from strict WPA2 to WPA2 & WPA.  I rebooted all IAPs.

----- no changes observed. Certain machines still get integrity check errors. Failing machines are mostly fully patched Dell or Microsoft Win10 devices.

 

* I used an iPhone6 that was attached to the Guest network and working correctly. I removed the connect on the phone using the Forget Network option.  I then tried to reconnect to the Guest network.

-----  the Aruba devices now complain that this device has an encryption problem and I see an entry in the Client table with 0.0.0.0 and the phone's MAC address, but no connection is registered on the phone

 

 

 

 

 

Occasional Contributor II

Re: Instant IAP MIC error integrity check

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: