Security

Reply
Super Contributor I
Posts: 318
Registered: ‎05-09-2013

OnBoard Failing for Macbook Laptops

Customer wanted to OnBoard company owned devices to do TLS authentication. I have ClearPass and the IAP cluster configured. OnBoard works successfully on Windows laptops, we have it working on 1 Macbook (took 4 hours of trying and didn't really change anything). 

 

Device connects to SSID-Secure (WPA2-Enterprise against AD) enters credentials, then put in pre-provisioning role (OnBoard captive portal), user logs in (against AD) and follows OnBoarding steps. 

 

When it tries to install the certificate we receive "Cannot decrypt encrypted profile" and it does not connect. 

 

I have debugging turned on in the OnBoard plugin, and the application logs do not show anything too strange, except a few re-sends of the phases. 

 

Any ideas why this may be happening? I'm close to calling TAC, but thought I would try this first.

Michael Haring | Network Engineer - ACMP, ACCP
Comm Solutions Company | www.commsolutions.com
MVP
Posts: 4,010
Registered: ‎07-20-2011

Re: OnBoard Failing for Macbook Laptops

This is while you trying to install the profile ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Super Contributor I
Posts: 318
Registered: ‎05-09-2013

Re: OnBoard Failing for Macbook Laptops

Correct, we receive that error while installing the profile.

Michael Haring | Network Engineer - ACMP, ACCP
Comm Solutions Company | www.commsolutions.com
MVP
Posts: 4,010
Registered: ‎07-20-2011

Re: OnBoard Failing for Macbook Laptops

Have you tried disabling https and instead using HTTP ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 4,010
Registered: ‎07-20-2011

Re: OnBoard Failing for Macbook Laptops

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/CPPM-and-Onboard-Apple-device-issues/td-p/65828
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Super Contributor I
Posts: 318
Registered: ‎05-09-2013

Re: OnBoard Failing for Macbook Laptops

Testing now, will update shortly.

 

Thanks!

Michael Haring | Network Engineer - ACMP, ACCP
Comm Solutions Company | www.commsolutions.com
Guru Elite
Posts: 7,837
Registered: ‎09-08-2010

Re: OnBoard Failing for Macbook Laptops

Do you have a publicly signed web server certificate?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Super Contributor I
Posts: 318
Registered: ‎05-09-2013

Re: OnBoard Failing for Macbook Laptops

Customer purchased a SSL cert from DigiCert that we installed for RADIUS authentication and I am using that for the OnBoard certificate as well.

Michael Haring | Network Engineer - ACMP, ACCP
Comm Solutions Company | www.commsolutions.com
Super Contributor I
Posts: 318
Registered: ‎05-09-2013

Re: OnBoard Failing for Macbook Laptops

So it looks like with HTTP, we were able to install the profiles successfully. We had to manually disconnect and reconnect for the TLS authentication to succeed. We are going to test a few more devices just to verify.

Michael Haring | Network Engineer - ACMP, ACCP
Comm Solutions Company | www.commsolutions.com
MVP
Posts: 4,010
Registered: ‎07-20-2011

Re: OnBoard Failing for Macbook Laptops

Not sure how you can fix that with the an IAP but in the controller side of things , if you include the IP address of the controller (captive portal) it allows you do that.

 

2014-12-17 16_36_15-L3 Authentication.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: