I'm having an issue with a small number of my users who are unable to complete self-registration and web-login after account creation. My IAP's (214, v6.5) ) are managed with airwave, in a multi-controller deployment, and I use clearpass (6.5) as the Radius server.
After a user has completed the self-registration and the sponsor has approved, they can log-in using the log-in button on the receipt page. Most users are successfully logged in and redirected to the default URL (google).
Occasionally after selecting log-in, a user will recieve a DNS error for securelogin.arubanetworks.com (Address could not be found, which makes them unable to log-in), and some recieve a certificate error (which they can proceed through and successfully log-in). I'm wonding if the cause behind these issues is somewhere in my setup.
The Guest account is properly created and activated. Checking the Access Tracker shows the authentication fails using the MAC Auth service: [Endpoints Repository] - localhost: User not found.
MAC-AUTH: MAC Authentication attempted by unknown client, rejected.
however the device does show in endpoints and updated to known. this happens mostly with outside contractors usign their own laptops.
on CP Guest in my self-registration profile NAS vendor settings, the vendor IP address is set to securelogin.arubanetworks.com (Can't use a VC address as this registration is used on multiple controllers), and on the IAPs the captive portal profile IP is set to clearpass.mydomain.com.
I'm currently using the default certficiate for the CaptivePortal (securelogin). I do plan on changing this to our wildcard cert soon, which leads to an additional question: Where do I need to ensure this cert is imported (just CPPM and Airwave to push to IAPs?), and what would I need to update in NAS vendor settings on CP guest, and captive portal profile on IAP/airwave?
Any assistance is appreciated, Thank you.