Wireless Access

After install the Windows 10 1511 update, the aruba EAP-GTC fails to authenticate.  Aruba OS is 6.4.4.2.  Has any else experienced this?

Did it work before the update?  I assume you are using termination and connecting from the controller to an LDAP server?

It was tracked down to this update.  A clean Windows 10 machine without the update was able to login.  Same machine was upgraded with 1511 and now fails to login.  Sometimes nothing happens, sometimes the GTC plugin login screen appears.  Nothing appears in the GTC plugin logs that is abnormal.

Thank you.

What is your setup?  Are you using termination on the controller pointing to an LDAP server?  How many clients do you have?

3600 Controller tied to LDAP feeding a FW.  About 75 users.  Primarily OSX.  All OSX clients can connect without a problem.  Windows clients cannot connect using Aruba GTC-plugin if they installed the 1511 update.   They can connect without GTC however (i.e. bypassing/not using the plugin).

Please see if anything is in the log here:  \Windows\Tracing\eap-gtc.log.

To get more detail on the client here by typing this:

Netsh ras set tracing eap-gtc enable

Also, please try the workaround on a single Windows client here:  http://answers.microsoft.com/en-us/windows/forum/windows_10-networking/after-update-to-1511-i-cant-connect-via-wlan-to-my/696f12ed-6e08-4e14-ae30-c7a878ebbd17?auth=1 to see if the problem is fixed.

That does work, but unfortunately this forces TLS 1.0 which has known issues.

Well it didn't have any issues until Microsoft Released their patch.

There is an open case and it is targeted to be fixed in the next 6.4.4.x  You need to use the workaround until then.

Between you and me, as a more long-term solution, you shold possibly look into a radius server that handles TLS 1.2 properly, otherwise these client patches will continue to break your network.

Can you confirm if Aruba OS 6.4.4.4 fixes this issue?

I cannot confirm it, because it has not been released.  I know the issue has been reported and they are working on it.  Hopefully another patch is not released on the OS side that breaks it.

Again, the only long-term fix is to get a radius server.  Controller Termination and EAP-GTC is only meant as a workaround for customers who temporarily do not have a radius server.

Has a patch/update been released to fix this?

We're having the same issue on an a few systems running Windows 10 build 1511 with eap-gtc tracing enabled.  Each time one attempts to authenticate the agent (appears) to crash

The eap-gtc tracing output and a crash log follow.

[5828] 04-27 18:24:44:979: DllMain :: enabled log(eap-gtc) with version: 2.00.0.0011 [RELEASE]
[5828] 04-27 18:24:44:979: RasEapCreateConnectionProperties(6, 128, A6EC4710, 0, 0, 36F7B5E8, 36F7B660) :: Enter
[5828] 04-27 18:24:44:979: RasEapCreateConnectionProperties() :: *ppConnectionDataOut 0xA4F7B440, *pdwSizeOfConnectionDataOut: 776, returning with NO_ERROR
[5828] 04-27 18:24:45:526: DllMain :: enabled log(eap-gtc) with version: 2.00.0.0011 [RELEASE]
[5828] 04-27 18:24:45:526: RasEapCreateConnectionProperties(6, 128, A6DA2EC0, 0, 0, 36F7BD28, 36F7BDA0) :: Enter
[5828] 04-27 18:24:45:526: RasEapCreateConnectionProperties() :: *ppConnectionDataOut 0xA4F711E0, *pdwSizeOfConnectionDataOut: 776, returning with NO_ERROR
[3052] 04-27 18:24:48:534: DllMain :: enabled log(eap-gtc) with version: 2.00.0.0011 [RELEASE]
[3052] 04-27 18:24:48:534: RasEapCreateConnectionProperties(6, 128, A6DA2AD0, 0, 0, 36BFBE18, 36BFBE90) :: Enter
[3052] 04-27 18:24:48:534: RasEapCreateConnectionProperties() :: *ppConnectionDataOut 0xA4EE2830, *pdwSizeOfConnectionDataOut: 776, returning with NO_ERROR
[6040] 04-27 18:24:48:696: DllMain :: enabled log(eap-gtc) with version: 2.00.0.0011 [RELEASE]
[6040] 04-27 18:24:48:696: RasEapCreateConnectionProperties(6, 128, A6DA2F30, 0, 0, 36FFB838, 36FFB8B0) :: Enter
[6040] 04-27 18:24:48:696: RasEapCreateConnectionProperties() :: *ppConnectionDataOut 0xA4F5A130, *pdwSizeOfConnectionDataOut: 776, returning with NO_ERROR
[5828] 04-27 18:24:48:868: DllMain :: enabled log(eap-gtc) with version: 2.00.0.0011 [RELEASE]
[5828] 04-27 18:24:48:868: RasEapCreateConnectionProperties(6, 128, A6DA3010, 0, 0, 36F7BE88, 36F7BF00) :: Enter
[5828] 04-27 18:24:48:868: RasEapCreateConnectionProperties() :: *ppConnectionDataOut 0xA4EE26E0, *pdwSizeOfConnectionDataOut: 776, returning with NO_ERROR
[5828] 04-27 18:27:00:556: DllMain :: enabled log(eap-gtc) with version: 2.00.0.0011 [RELEASE]
[5828] 04-27 18:27:00:556: RasEapCreateConnectionProperties(6, 128, A6E870E0, 0, 0, 36F7BD28, 36F7BDA0) :: Enter
[5828] 04-27 18:27:00:556: RasEapCreateConnectionProperties() :: *ppConnectionDataOut 0xA4F5AA90, *pdwSizeOfConnectionDataOut: 776, returning with NO_ERROR
[6040] 04-27 18:27:04:930: DllMain :: enabled log(eap-gtc) with version: 2.00.0.0011 [RELEASE]
[6040] 04-27 18:27:04:930: RasEapCreateConnectionProperties(6, 128, A6DA2D70, 0, 0, 36FFB838, 36FFB8B0) :: Enter
[6040] 04-27 18:27:04:930: RasEapCreateConnectionProperties() :: *ppConnectionDataOut 0xA4F5AA90, *pdwSizeOfConnectionDataOut: 776, returning with NO_ERROR
[6040] 04-27 18:28:00:013: DllMain :: enabled log(eap-gtc) with version: 2.00.0.0011 [RELEASE]
[6040] 04-27 18:28:00:013: RasEapCreateConnectionProperties(6, 128, A6DA2EC0, 0, 0, 36FFB838, 36FFB8B0) :: Enter
[6040] 04-27 18:28:00:013: RasEapCreateConnectionProperties() :: *ppConnectionDataOut 0xA4F5AA90, *pdwSizeOfConnectionDataOut: 776, returning with NO_ERROR
[6040] 04-27 18:29:00:043: DllMain :: enabled log(eap-gtc) with version: 2.00.0.0011 [RELEASE]
[6040] 04-27 18:29:00:043: RasEapCreateConnectionProperties(6, 128, A6DA2DE0, 0, 0, 36FFB838, 36FFB8B0) :: Enter
[6040] 04-27 18:29:00:043: RasEapCreateConnectionProperties() :: *ppConnectionDataOut 0xA4F5AA90, *pdwSizeOfConnectionDataOut: 776, returning with NO_ERROR

Log Name:      Application
Source:        Application Error
Date:          4/27/2016 6:25:12 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DESKTOP-Q335HOK
Description:
Faulting application name: LegacyNetUXHost.exe, version: 10.0.10586.0, time stamp: 0x5632d75d
Faulting module name: eap-gtc.dll, version: 2.0.0.11, time stamp: 0x545712fa
Exception code: 0xc0000005
Fault offset: 0x000000000000384e
Faulting process id: 0x14ec
Faulting application start time: 0x01d1a0dbfdec6608
Faulting application path: C:\windows\system32\LegacyNetUXHost.exe
Faulting module path: C:\Windows\System32\eap-gtc.dll
Report Id: 40712efd-0c31-4a4c-9993-abd0c1ef6047
Faulting package full name:
Faulting package-relative application ID:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-04-27T23:25:12.832948000Z" />
    <EventRecordID>760</EventRecordID>
    <Channel>Application</Channel>
    <Computer>DESKTOP-Q335HOK</Computer>
    <Security />
  </System>
  <EventData>
    <Data>LegacyNetUXHost.exe</Data>
    <Data>10.0.10586.0</Data>
    <Data>5632d75d</Data>
    <Data>eap-gtc.dll</Data>
    <Data>2.0.0.11</Data>
    <Data>545712fa</Data>
    <Data>c0000005</Data>
    <Data>000000000000384e</Data>
    <Data>14ec</Data>
    <Data>01d1a0dbfdec6608</Data>
    <Data>C:\windows\system32\LegacyNetUXHost.exe</Data>
    <Data>C:\Windows\System32\eap-gtc.dll</Data>
    <Data>40712efd-0c31-4a4c-9993-abd0c1ef6047</Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>

hello,

Any one can advise how to setup in client device (window 7,8,10) to join WIFI with LDAP authenticaiton?

I have enable the termination in the controller with eap-peap and eap type as eap-gtc.

I tested on all devices cannot connect including Iphone.

May i know where is wrong in confiruation?  from controller, aaa authenticaiton test is successful with LDAP server. 

thanks.

MayThu,

What version of ArubaOS code are you using?  Do you have AD?

hi Colin,

AOS version 6.4.3.7. I have attached the tech support file.

AD is already running.

Attachment(s)

tech-support.txt   1.84 MB 1 version

MayThu,

Your configuration looks fine.

If you are running AD, you should use Windows NPS that comes free with each Windows server, instead of using termination and LDAP.  The reason is, because the only inner EAP protocol you can use when terminating LDAP is EAP-GTC, and only mac and some mobile devices support EAP-GTC.  For Windows, you would have to install custom software for it to run EAP-GTC.

Honestly, I advise that you use the instructions here:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/m-p/14392/highlight/true#M6113   All devices support connecting to a radius server using MsChapV2 and would work using this method.