Network Management

last person joined: yesterday 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

Error during Aruba Central login

This thread has been viewed 10 times

  • 1.  Error during Aruba Central login

    Posted Jun 22, 2018 03:54 PM

    Hi gurus,

     

    I have had my cluster of IAPs in Aruba Central for some time, today when I checked in Aruba Central I have seen all of them offline. I don't know when they got offline because I changed some policies in the firewall. After doing some troubleshooting I realized NTP protocol wasn't allowed in the firewall, so IAPs didn't get the correct clock and there was a certificate error with activate. After allowing the NTP protocol, the IAPs got the correct time and the certificate issue with activate was solved. Now I can see the IAPs with correct time, they have connected to activate, but they are still offline in Aruba Central, and they give this error:

     

    Jun 22 14:44:47 cli[3528]: <341004> <WARN> |AP P2-W05@172.16.100.43 cli| app1.central.arubanetworks.com
    Jun 22 14:44:47 cli[3528]: <341004> <WARN> |AP P2-W05@172.16.100.43 cli| Aruba Central Mgmt
    Jun 22 14:45:45 cli[3528]: <341004> <WARN> |AP P2-W05@172.16.100.43 cli| Error during Aruba Central login
    Jun 22 14:46:46 cli[3528]: <341004> <WARN> |AP P2-W05@172.16.100.43 cli| Error during Aruba Central login
    Jun 22 14:48:46 cli[3528]: <341004> <WARN> |AP P2-W05@172.16.100.43 cli| Aruba Central failure times is 3
    Jun 22 14:48:46 cli[3528]: <341004> <WARN> |AP P2-W05@172.16.100.43 cli| IAP mgmt mode is changed from athena-mgmt to local-mgmt

     

    These are other logs:

     

    P2-W05# show ap debug cloud-server

    IAP mgmt mode :athena-mgmt
    cloud config recved :TRUE
    autojoin mode :disable
    Device Cert status :SUCCESS
    Aruba Central server :app1.central.arubanetworks.com
    Aruba Central redirect from:app1.central.arubanetworks.com
    Aruba Central Protocol :HTTPS
    Aruba Central status :connecting

     

    P2-W05# show log ap-debug

    Jun 22 14:46:49 syslog: check_sid_type: sid check type, result-'0 admin'
    Jun 22 14:46:50 syslog: main, 2530: opcode is show
    Jun 22 14:46:50 syslog: check_sid_type: sid check type, result-'0 admin'
    Jun 22 14:47:20 syslog: main, 2530: opcode is show
    Jun 22 14:47:20 syslog: check_sid_type: sid check type, result-'0 admin'
    Jun 22 14:47:21 syslog: main, 2530: opcode is show
    Jun 22 14:47:21 syslog: check_sid_type: sid check type, result-'0 admin'
    Jun 22 14:47:46 awc[3527]: awc_init_connection: 2129: connecting to app1.central.arubanetworks.com:443
    Jun 22 14:47:46 awc[3527]: tcp_connect: 167: recv timeout set to 5
    Jun 22 14:47:46 awc[3527]: tcp_connect: 174: send timeout set to 5
    Jun 22 14:47:46 awc[3527]: awc_init_connection: 2170: connected to app1.central.arubanetworks.com:443
    Jun 22 14:47:46 awc[3527]: awc_init_connection: 2212: Loading local CA certificates
    Jun 22 14:47:46 awc[3527]: Failed to establish SSL connection: Error code is -1:unknown error number
    Jun 22 14:47:46 awc[3527]: athena_init failed

     

    P2-W05# show activate status

    Activate Server :device.arubanetworks.com
    Activate Status :success
    Aruba Central Server :app1.central.arubanetworks.com
    IAP MAC Address :20:a6:cd:cb:5e:6e
    IAP Serial Number :CNDQHN72DB
    Cloud Activation Key :PNMFQGSC

     

    Any clues?

     

    Regards,

    Julián



  • 2.  RE: Error during Aruba Central login

    Posted Jun 22, 2018 05:40 PM

    Hi,

     

    After waiting some time the IAPs got online in Aruba Central again. I am going to check if I know the reason...

     

    Regards,

    Julián

     



  • 3.  RE: Error during Aruba Central login

    Posted Jun 25, 2018 11:06 AM

    Hi,

     

    It seems the IAPs only needed some time to get online in Aruba Central after allowing the NTP protocol on the firewall. The logs I see now is the following:

     

    Jun 25 09:57:42 sapd[3532]: sapd_proc_apcli_msg: apcli msg recv-ed: len=13 type=3 .....
    Jun 25 09:57:46 cli[3528]: <541004> <WARN> |AP P2-W05@172.16.100.43 cli| recv_sta_update: receive station msg, mac-20:2d:07:6f:bf:3c bssid-20:a6:cd:35:4d:00 essid-arubatest.
    Jun 25 09:58:09 stm[3551]: <199802> <ERRS> |AP P2-W05@172.16.100.43 stm| rc_rad_tls.c, RadsecTLSNegotiationHandler:513: Failed to open TLS socket error ASN no signer error to confirm failure
    Jun 25 09:58:09 stm[3551]: <199802> <ERRS> |AP P2-W05@172.16.100.43 stm| rc_rad_tls.c, RadsecTLSNegotiationHandler:515: calling cleanup for 60e9a623
    Jun 25 09:58:09 stm[3551]: <199802> <ERRS> |AP P2-W05@172.16.100.43 stm| rc_rad_tls.c, radsec_start_connection_retry_timer:110: Failed to establish TLS connection to server AS2_#guest#_. Retry in 160 seconds
    Jun 25 09:58:27 cli[3528]: <541004> <WARN> |AP P2-W05@172.16.100.43 cli| recv_sta_update: receive station msg, mac-48:86:e8:67:04:58 bssid-20:a6:cd:35:e7:40 essid-arubatest.
    Jun 25 09:58:34 cli[3528]: wsc: prepare_and_send_IapState_data(959) state bytes size=10234

     

    If I check the radius servers status I get the following:

    radius_stat.JPG

     

    I am not using guest network, what are AS1_#guest#_ and AS2_#guest#_ servers? Do I need to allow the connection to them if I am not using guest network?

     

    Regards,

    Julián



  • 4.  RE: Error during Aruba Central login

    Posted Jul 04, 2018 01:04 PM

    Hi,

     

    If someone if interested on this, after enabling guest network and protocols 443 and 2083 in the firewall, the status of those servers changed to CONNECTED, so I think everything is OK now:

    radius_status2.JPG

    Regards,

    Julián

     



  • 5.  RE: Error during Aruba Central login

    Posted Jan 11, 2020 07:24 AM

    Hi what do u mean by enable the guest network? u set up a wlan with cloud captive portal ?  Im also not understad how you enable protocols 443 and 2083 in the firewall ?do u mean you have firewall in network have block your wlan network traffic protocols 443 and 2083 ?