Security

Reply
MVP
Posts: 117
Registered: ‎07-13-2015

Aruba Instant + NPS server authentication issues (Event ID 18)

Hello everyone !

 

I'm currently stuck on some weird issues. NPS server's event viewer sends a lot of those error messages (Event ID 18). 

 

I tried multiple times to re-enter the shared secret on both the NPS Client and Instant AP RADIUS Server info. When I re-enter the secret, the authentications work for some time and then they stop working and results in this error again.

 

18.jpg

 

When I look into Wireshark, I see Acces-Request from IAP to NPS and Access-Challenge from NPS to IAP. I don't see any Access-Accept or Access-Reject. I guess the IAP doesn't receive it.

 

I also tried re-creating radius server and upgrading firmware to latest General Avaibality (6.4.2.6 4.1.1.12)

 

Thanks !

ACMP, ACCP, BCNE
Guru Elite
Posts: 20,561
Registered: ‎03-29-2007

Re: Aruba Instant + NPS server authentication issues (Event ID 18)

Double check the radius secret.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 4,170
Registered: ‎07-20-2011

Re: Aruba Instant + NPS server authentication issues (Event ID 18)

Can you try using a very simple shared key?
Something like "aruba123"

Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 117
Registered: ‎07-13-2015

Re: Aruba Instant + NPS server authentication issues (Event ID 18)

Thanks for the quick answer guys.

 

I must have re-entered it 4-5 times, my key is Test123! and I even verified keyboard language on NPS server. Still, if I enter it again, it works for some time.

 

I'm also using Radius Proxy on VC ip adress.

 

Thanks !

ACMP, ACCP, BCNE
MVP
Posts: 4,170
Registered: ‎07-20-2011

Re: Aruba Instant + NPS server authentication issues (Event ID 18)

For testing purposes can you try just test123 and see if it works
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 117
Registered: ‎07-13-2015

Re: Aruba Instant + NPS server authentication issues (Event ID 18)

Alright, i'll try this tomorrow morning and update you !

ACMP, ACCP, BCNE
Guru Elite
Posts: 20,561
Registered: ‎03-29-2007

Re: Aruba Instant + NPS server authentication issues (Event ID 18)

[ Edited ]
Actually on NPS there is an option to verify the message authenticator attribute. Uncheck that.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 117
Registered: ‎07-13-2015

Re: Aruba Instant + NPS server authentication issues (Event ID 18)

Ok thx ill get back to you guys tomorrow morning !!

ACMP, ACCP, BCNE
MVP
Posts: 117
Registered: ‎07-13-2015

Re: Aruba Instant + NPS server authentication issues (Event ID 18)

[ Edited ]

ok so : 

 

  1. secret is now aruba123
  2. dynamic radius proxy is off and i manually added the IAPs in NPS server
  3. Message authenticator attribute was deactivated

Same problem persist. There is 3 sites, 1 of them is with IAP-225 and Cisco switch, everything works well and all authentications to the same NPS server are ok.

 

2 other sites are with IAP-215 and Juniper EX4200, no FW and have both the same issues.

 

I'm starting to think this is a Juniper feature/firmware issue or IAP-215 interoporability problem.

 

Thoughts ?

ACMP, ACCP, BCNE
MVP
Posts: 4,170
Registered: ‎07-20-2011

Re: Aruba Instant + NPS server authentication issues (Event ID 18)

Can you run the following command and share the output:
IAP-2# show ap debug auth-trace-buf

-----------------
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: