Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Timeout Errors 9002

This thread has been viewed 81 times

  • 1.  Clearpass Timeout Errors 9002

    Posted Aug 20, 2018 11:44 PM

    I am running Clearpass 6.7.4.107401. I am attempting to use computer

    authentication with Windows 10 computers. I have disabled certificate validation on the clients. However I keep getting timeout errors for the clients though they eventually connect. The Clearpass Alert Message is: Error Code 9002 Error Message: Request timed out 

    RADIUS Client did not complete EAP transaction. I also have the following errors in the log file:

     

    2018-08-20 21:47:36,051[main SessId R0003fda7-03-5b7b7d14] ERROR RadiusServer.Radius - reqst_clean_list: Deleting request sessid - R0003fda7-03-5b7b7d14, state - ABcAqgCQAK/GCSQA30wixKqlJBxMBFZ5HU8bEQ=
    2018-08-20 21:47:36,051[main SessId R0003fda7-03-5b7b7d14] ERROR RadiusServer.Radius - reqst_clean_list: Packet 215:228:88:E4A47117479C recv 1534819604.599297 - resp 1534819604.613530
    2018-08-20 21:47:36,051[main SessId R0003fda7-03-5b7b7d14] ERROR RadiusServer.Radius - reqst_clean_list: Packet 125:408:1124:E4A47117479C recv 1534819604.617075 - resp 1534819604.621863
    2018-08-20 21:47:36,051[main SessId R0003fda7-03-5b7b7d14] ERROR RadiusServer.Radius - reqst_clean_list: Packet 62:244:1120:E4A47117479C recv 1534819604.739302 - resp 1534819604.740486
    2018-08-20 21:47:36,051[main SessId R0003fda7-03-5b7b7d14] ERROR RadiusServer.Radius - reqst_clean_list: Packet 186:244:1120:E4A47117479C recv 1534819604.743439 - resp 1534819604.744340
    2018-08-20 21:47:36,051[main SessId R0003fda7-03-5b7b7d14] ERROR RadiusServer.Radius - reqst_clean_list: Packet 148:244:1120:E4A47117479C recv 1534819604.747679 - resp 1534819604.748825
    2018-08-20 21:47:36,051[main SessId R0003fda7-03-5b7b7d14] ERROR RadiusServer.Radius - reqst_clean_list: Packet 70:244:316:E4A47117479C recv 1534819604.752327 - resp 1534819604.753051
    2018-08-20 21:47:36,051[main SessId R0003fda7-03-5b7b7d14] ERROR RadiusServer.Radius - reqst_clean_list: Packet 212:374:139:E4A47117479C recv 1534819604.757981 - resp 1534819604.759589
    2018-08-20 21:47:36,051[main SessId R0003fda7-03-5b7b7d14] ERROR RadiusServer.Radius - reqst_clean_list: Packet 16:244:122:E4A47117479C recv 1534819604.872631 - resp 1534819604.873551
    2018-08-20 21:47:36,051[main SessId R0003fda7-03-5b7b7d14] ERROR RadiusServer.Radius - reqst_clean_list: Packet 72:301:166:E4A47117479C recv 1534819604.876787 - resp 1534819604.877831
    2018-08-20 21:47:36,051[main SessId R0003fda7-03-5b7b7d14] ERROR RadiusServer.Radius - reqst_clean_list: Packet 20:355:164:E4A47117479C recv 1534819605.265 - resp 1534819605.5700

     

     



  • 2.  RE: Clearpass Timeout Errors 9002

    MVP
    Posted Aug 21, 2018 12:20 PM

    Is this wired or wireless?

     

    The error "Client did not complete EAP transaction" indicates exactly that. Meaning the authenticator (controller or switch) is not completing the transaction with the client - like you mentioned, this can be caused by the certificate warning prompt, but since you've disabled that, it should not be related.

     

    Is this connection from AP or switch port going over a WAN connection of some sort to reach the ClearPass server?



  • 3.  RE: Clearpass Timeout Errors 9002

    Posted Mar 07, 2022 07:48 PM
    Hi, did you ever get it solved? 

    I'm facing the issue only with computer authentication in wired and wireless, same clearpass version.  Everything works fine with user authentication.

    ------------------------------
    Ulises Cazares
    ------------------------------

    Original Message


  • 4.  RE: Clearpass Timeout Errors 9002

    EMPLOYEE
    Posted Mar 08, 2022 11:10 AM
    Check  show auth-tracebuf | inc <mac address>  command  in NAD device to see exactly where the request is getting timeout and also show aaa authentication-server radius statistics to verify average response times should be below 100ms and the timeouts should not be incrementing.

    Note: set logging level debugging user-debug <mac address>

    after debug disable it config t no logging level debugging user-debug <mac-address>

    ------------------------------
    Pavan Arshewar
    Principal Network Engineer

    If my post addresses your query, give kudos!
    ------------------------------

    Original Message


  • 5.  RE: Clearpass Timeout Errors 9002

    Posted Mar 09, 2022 09:40 AM
    Thanks for the info, it's not an Aruba MC or Aruba switch but il look into similar comands for the ones we have (cisco).

    ------------------------------
    Ulises Cazares
    ------------------------------

    Original Message


  • 6.  RE: Clearpass Timeout Errors 9002

    Posted Mar 10, 2022 02:34 AM
    maybe you can try show authentication sessions interface <interface> details for Cisco.

    ------------------------------
    rj
    ------------------------------

    Original Message