Security

Reply
Frequent Contributor I
Posts: 95
Registered: ‎03-18-2013

CPPM onboard 6.2.3 handshake_failure

Hi,

 

i have a CPPM server with onboard running. CPPM onboards client from EAP-PEAP to EAP-TLS. everything runs fine except sometime some of the clients have some trouble authenticating with error code 215 "fatal alert by server - handshake_failure". does anyone ever have same kind of problem?

 

Error Code:
215
Error Category:
Authentication failure
Error Message:
TLS session error
 Alerts for this Request  
RADIUS

EAP-TLS: fatal alert by server - handshake_failure

 

i also exported and attached the error authentication from access tracker. i hope you can help me analyze this error. thanks

 

R.L.

Ricky E. Lee
CWNA | ACMP | ACCP
Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: CPPM onboard 6.2.3 handshake_failure

Is this a VM or hardware?
Is it happening on the same type of devices? Apple iOS, android...etc
Do any of those devices have any other client certs on them that they may try to present?
What is the Size of CPPM. How many devices are there trying to auth to the network?

The error you're seeing typically means the client didn't respond correctly. It's usually on the client or network side where the issue happens.

Check the wireless equipment is there any large amount of packet loss.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor I
Posts: 95
Registered: ‎03-18-2013

Re: CPPM onboard 6.2.3 handshake_failure

Hi Troy,

 

as always thanks for the super fast respone :D

 

it's a hardware CP-HW-5K..

 

5k capacity with 500 enterprise license installed.

 

so far i only see Android devices experience the problem. though, the users are mostly android users, only few uses iOS. windows users are excluded from onboarding at the moment.

 

the client only has onboard tls cert. nothing else.

 

the uses 3400 series controller with OS version 6.3.0.2.

 

i will try check the tech-support of the controller later. thanks

 

R.L.

Ricky E. Lee
CWNA | ACMP | ACCP
Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: CPPM onboard 6.2.3 handshake_failure

I've seen some android device don't store the server cert correctly and you might have to manually select it. The issue usually is on older devices. I would check to see if its a certain model or firmware that they are using.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor I
Posts: 95
Registered: ‎03-18-2013

Re: CPPM onboard 6.2.3 handshake_failure

but this problem occur after the onboarding was successful and there were a few of successful authentication. i assume the cert storing you meant was happened at the first time profile creation?

 

unrelated to the topic, is there a way to debug the server to find some info when a users are being deleted and created?

 

R.L.

Ricky E. Lee
CWNA | ACMP | ACCP
Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: CPPM onboard 6.2.3 handshake_failure

Then most likely the issue is in the network.

The audit log will tell you when a cert or user is created. If you look in the endpoints under configuration--identity---endpoints it will show when the device is created and last seen.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: CPPM onboard 6.2.3 handshake_failure

endpointseen.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: