Security

Reply
Occasional Contributor I

Received failure TLV from client

So, "suddenly" we started getting this as an error.  The people responsible for making computer images (Windows 10 1703 specifically) have started encountering this error when attempting to perform a user based 802.1X authentication on wireless after a fresh image deployment.  Apparently, the device is joined to the AD domain already, the user logs in, then when they attempt to connect to our SSID with username/password 802.1X authentication, it fails.  The error message on ClearPass (6.6.8) is "Received failure TLV from client".  If the device is changed to perform computer authentication, it succeeds.  Once the single successfull authentication happens, any attempt after that to do user based 802.1X also succeeds.  It is just the first time "out of the box" that fails.  I suspect it is a certificate issue.  Something missing, or an attempt to access some offsite address that fails is causing it.

 

Anyone have any thoughts?

 

Edmund C. Greene

Senior Applications Systems Administrator
Collaboration Services
Boston College
Guru Elite

Re: Received failure TLV from client

Ed, in your EAP method in ClearPass, is the cryptobinding setting configured?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Received failure TLV from client

Tim,

 

No, it is set to "None".  Should I set it to "Optional" or "Required"?

 

Ed

Occasional Contributor I

Re: Received failure TLV from client

So, I tried it with both (optional, required) and there was no difference in the result.  I am still getting the "Received failure TLV from client" error.

Guru Elite

Re: Received failure TLV from client

Is TLS 1.2 enabled or disabled in your cluster?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Received failure TLV from client

The setting "Disable TLS 1.2" is set to FALSE.  This setting is per server.

 

Clusterwide, disable TLS 1.0 and 1.1 is set to NONE

Frequent Contributor I

Re: Received failure TLV from client

Did you ever get a solution to this problem?  I updated the certificate over the weekend on clearpass and now i am seeing the same thing happening on windows 10. Windows 7 works fine.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: