Security

Reply
Contributor I
Posts: 22
Registered: ‎06-09-2014

iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

Hi,

 

First iPhone with iOS9.0 and problems with ClearPass 6.5.1: client never success 4-way handshake. Always ends with "Ptk Challenge Failed"

The same VAP config with Freeradius works fine.

 

Before change to freeradius we have tested with ClearPass several combinations with OKC, PMKID, 802.11k, 802.11r without success.

 

Our solution in aaa_profile "802.1X Authentication Server Group" disable ClearPass 6.5.1 and enable Freeradius.

 

Authentication in ClearPass is accepted with enforcement controller role.

 

May be a problem with PMK distribution?

What parameter can be modified in ClearPass about it?

 

Regards,

Toni

 

Guru Elite
Posts: 19,989
Registered: ‎03-29-2007

Re: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

toni.perez,

 

Again, IOS9 is prerelease software, which means it is not finished.  If you have a developer account you should report this issue with Apple.  If Aruba changed something in its code and Apple phones did not work, Aruba should have to fix it.  Please report this issue to Apple.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Guru Elite
Posts: 19,989
Registered: ‎03-29-2007

Re: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

Toni.Perez,

Please open up a TAC case with us and we will attempt to replicate it using your information.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Contributor I
Posts: 22
Registered: ‎06-09-2014

Re: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

Hi,

 

Also problems with Mac OSX 10.11 "El Capitan" with error "MIC failed in WPA2 Key Message 2".

As sperez told me, it seems TLS 1.2 problem in ClearPass 6.5.1

While we wait ClearPass 6.5.2, any idea how to disable TLS 1.2 in ClearPass?

 

Best regards,

Toni Pérez

Guru Elite
Posts: 19,989
Registered: ‎03-29-2007

Re: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

We are looking into it. We are not sure if that is the problem.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Guru Elite
Posts: 19,989
Registered: ‎03-29-2007

Re: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

Please try to upgrade to ClearPass 6.5. cumulative upgrade patch 2 and see if it fixes your issue:  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Release-announcements-ClearPass-Cumulative-Patch/m-p/241216#M20871

 

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
New Contributor
Posts: 2
Registered: ‎09-26-2014

Re: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

With the apps Aruba via I have a similar problem with iOS 9 public beta release. I guess the final release will bug with Aruba product like it happen on the release of ios8. I can't use anymore Aruba via on my iPad but I agree with Aruba team it's a pre release version
Guru Elite
Posts: 7,852
Registered: ‎09-08-2010

Re: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

I've found that VPN clients are the most sensitive applications to beta software.


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 22
Registered: ‎06-09-2014

Re: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

Hi,

 

We have upgraded ClearPass and we have waited to iOS 9 public beta 1.

Works fine ClearPass 6.5.2.73779 with TLS 1.2 enabled and iOS 9.0 (13A4293g).

 

Thanks for the help!!

Best regards,

Toni

Search Airheads
Showing results for 
Search instead for 
Did you mean: