Security

Reply
Occasional Contributor II
Posts: 32
Registered: ‎01-27-2014

what the error code 215 on clearpass means..

One of the client got rejected on the clearpass with the error code 215. On the access tracker > alerts we were able to see the below information:

 

error code: 215

error category: Authentication failure

Error Message: TLS session error

Alerts for this Request

Radius: EAP-PEAP: fatal alert by server - decryption_failed

 

 

 

MVP
Posts: 4,006
Registered: ‎07-20-2011

Re: what the error code 215 on clearpass means..

 

It looks like the device is having issues bringing the MSCHAPv2 authentication process ? Is this happening with every device or just a particular one ?

 

Can you please share your service config ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 7,829
Registered: ‎09-08-2010

Re: what the error code 215 on clearpass means..

[ Edited ]

Sounds like an issue with the PEAP TLS negotiation. Usually this is because of some type packet corruption in the process. We see this occasionaly.

 

Is there another request immediately after it that succeeds?


Are you using a RADIUS proxy or load balancer?

 

If you only see these messages occasionally, it may be nothing to worry about.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Aruba
Posts: 1,520
Registered: ‎06-12-2012

Re: what the error code 215 on clearpass means..

This is in the help section of CPPM  Error Codes

The following table shows the CPPM error codes.

 

Table 1: CPPM Error Codes

Code

Description

Type

0

Success

Success

101

Failed to perform service classification

Internal Error

102

Failed to perform policy evaluation

Internal Error

103

Failed to perform posture notification

Internal Error

104

Failed to query authstatus

Internal Error

105

Internal error in performing authentication

Internal Error

106

Internal error in RADIUS server

Internal Error

201

User not found

Authentication failure

202

Password mismatch

Authentication failure

203

Failed to contact AuthSource

Authentication failure

204

Failed to classify request to service

Authentication failure

205

AuthSource not configured for service

Authentication failure

206

Access denied by policy

Authentication failure

207

Failed to get client macAddress to perform webauth

Authentication failure

208

No response from home server

Authentication failure

209

No password in request

Authentication failure

210

Unknown CA in client certificate

Authentication failure

211

Client certificate not valid

Authentication failure

212

Client certificate has expired

Authentication failure

213

Certificate comparison failed

Authentication failure

214

No certificate in authentication source

Authentication failure

215

TLS session error

Authentication failure

216

User authentication failed

Authentication failure

217

Search failed due to insufficient permissions

Authentication failure

218

Authentication source timed out

Authentication failure

219

Bad search filter

Authentication failure

220

Search failed

Authentication failure

221

Authentication source error

Authentication failure

222

Password change error

Authentication failure

223

Username not available in request

Authentication failure

224

CallingStationID not available in request

Authentication failure

225

User account disabled

Authentication failure

226

User account expired or not active yet

Authentication failure

227

User account needs approval

Authentication failure

5001

Internal Error

Command and Control

5002

Invalid MAC Address

Command and Control

5003

Invalid request received

Command and Control

5004

Insufficient parameters received

Command and Control

5005

Query - No MAC address record found

Command and Control

5006

Query - No supported actions

Command and Control

5007

Query - Cannot fetch MAC address details

Command and Control

5008

Request - MAC address not online

Command and Control

5009

Request - No MAC address record found

Command and Control

6001

Unsupported TACACS parameter in request

TACACS Protocol

6002

Invalid sequence number

TACACS Protocol

6003

Sequence number overflow

TACACS Protocol

   

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Aruba
Posts: 1,520
Registered: ‎06-12-2012

Re: what the error code 215 on clearpass means..

Table 1: CPPM Error Codes

Code

Description

Type

 

  

6101

Not enough inputs to perform authentication

TACACS Authentication

6102

Authentication privilege level mismatch

TACACS Authentication

6103

No enforcement profiles matched to perform authentication

TACACS Authentication

6201

Authorization failed as session is not authenticated

TACACS Authorization

6202

Authorization privilege level mismatch

TACACS Authorization

6203

Command not allowed

TACACS Authorization

6204

No enforcement profiles matched to perform command authorization

TACACS Authorization

6301

New password entered does not match

TACACS Change Password

6302

Empty password

TACACS Change Password

6303

Change password allowed only for local users

TACACS Change Password

6304

Internal error in performing change password

TACACS Change Password

9001

Wrong shared secret

RADIUS Protocol

9002

Request timed out

RADIUS Protocol

9003

Phase2 PAC failure

RADIUS Protocol

9004

Client rejected after PAC provisioning

RADIUS Protocol

9005

Client does not support posture request

RADIUS Protocol

9006

Received error TLV from client

RADIUS Protocol

9007

Received failure TLV from client

RADIUS Protocol

9008

Phase2 PAC not found

RADIUS Protocol

9009

Unknown Phase2 PAC

RADIUS Protocol

9010

Invalid Phase2 PAC

RADIUS Protocol

9011

PAC verification failed

RADIUS Protocol

9012

PAC binding failed

RADIUS Protocol

9013

Session resumption failed

RADIUS Protocol

9014

Cached session data error

RADIUS Protocol

9015

Client does not support configured EAP methods

RADIUS Protocol

9016

Client did not send Cryptobinding TLV

RADIUS Protocol

9017

Failed to contact OCSP Server

RADIUS Protocol

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 13
Registered: ‎02-25-2015

Re: what the error code 215 on clearpass means..

Hi All,

 

what does the Message says:

 

Error: TLS session error

RADIUS: EAP-PEAP: fatal alert by client - access_denied 

TLS session reuse error

 

It appears during onboarding process for private Windows Clients of employee with AD Account. Windows stops onboarding process into SSID.

Moderator
Posts: 455
Registered: ‎11-09-2012

Re: what the error code 215 on clearpass means..

Ca you please provide more info related to the client, Client OS, CPPM version?


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor II
Posts: 13
Registered: ‎02-25-2015

Re: what the error code 215 on clearpass means..

Hi,

it is a problem with the server certificate.

If the device is a Windows device, the problem is that the ClearPass certificate is not trusted by the client. The client rejects the server and disconnects. 

Tried to solve the problem by adding the Clearpass Server Certificate in the laptop but wont work.

The Question is first: Which Clearpass Server Certificate should I use (for RADIUS or HTTPS)?

Second: Where to implement on Windows? Tried to install the cert automatically - wont work. Imported it manually to trusted Root - wont work. Tried to import the cert everywhere - wont work.

If I use other OSs like Ubuntu or Mac OS, it works.

Guru Elite
Posts: 7,829
Registered: ‎09-08-2010

Re: what the error code 215 on clearpass means..

Which CA signed your RADIUS server certificate?

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 13
Registered: ‎02-25-2015

Re: what the error code 215 on clearpass means..

It is Thawte as Root CA

Search Airheads
Showing results for 
Search instead for 
Did you mean: