Wireless Access

Reply
Occasional Contributor I
Posts: 9
Registered: ‎08-24-2016

Windows 10 peap authentication failure secure of on

Windows 10 is failing to authenticate too wireless only when secureboot is enabled.
With secureboot off I'm able to connect so I believe it's related to certificate validation.
WLAN logs in Windows 10 say peap authentication failure.
Controller error is client did complete eap transaction.

There is no cert on the controller but I have termination disabled. Clear pass cert is self signed.
Guru Elite
Posts: 8,794
Registered: ‎09-08-2010

Re: Windows 10 peap authentication failure secure of on

Do you have the ClearPass self-signed cert installed on the client?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 9
Registered: ‎08-24-2016

Re: Windows 10 peap authentication failure secure of on

Which certificate store does it get stored into ?
I have added it too enterprise and root certificate authority's.
Still doesn't connect

Thanks in advance
Guru Elite
Posts: 8,794
Registered: ‎09-08-2010

Re: Windows 10 peap authentication failure secure of on

What is the error on the alerts tab in ClearPass?



The certificate should go in the personal store for Local Machine.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 9
Registered: ‎08-24-2016

Re: Windows 10 peap authentication failure secure of on

Also to add it works fine when secureboot is off on the Windows 10 hosts. Turn secureboot on and connecting to wireless stops working.
Occasional Contributor I
Posts: 9
Registered: ‎08-24-2016

Re: Windows 10 peap authentication failure secure of on

Clearpass error is ,
Time out
Client did not complete eap transaction
Occasional Contributor I
Posts: 9
Registered: ‎08-24-2016

Re: Windows 10 peap authentication failure secure of on

Added certificate too personal store, still wouldn't connect errors remain the same.
Guru Elite
Posts: 8,794
Registered: ‎09-08-2010

Re: Windows 10 peap authentication failure secure of on

Please open a TAC case.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 1
Registered: ‎09-10-2014

Re: Windows 10 peap authentication failure secure of on

Hi,

were you able to run pcap on the controller for the client?  Is the Client and Clearpass using the sameTLS version during the Cert exchange?

Occasional Contributor I
Posts: 9
Registered: ‎08-24-2016

Re: Windows 10 peap authentication failure secure of on

I was able too install the wireshark provided by aruba. But I was unable too see any information for the MAC address of the host having issues. 

I'm currently working with TAC support. 

 

the debug logs show Request logs for session: R000096e9-01-57bf1ceb

TLS_accept: before/accept initialization
2016-08-25 12:29:31,504[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - rlm_eap_tls: <<< TLS 1.0 Handshake length 0087], ClientHello
2016-08-25 12:29:31,504[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - TLS_accept: SSLv3 read client hello A
2016-08-25 12:29:31,504[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - rlm_eap_tls: >>> TLS 1.0 Handshake length 0054], ServerHello
2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - TLS_accept: SSLv3 write server hello A
2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec length 0001]
2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - TLS_accept: SSLv3 write change cipher spec A
2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - rlm_eap_tls: >>> TLS 1.0 Handshake length 0010], Finished
2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - TLS_accept: SSLv3 write finished A
2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - TLS_accept: SSLv3 flush data
2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] INFO RadiusServer.Radius - TLS_accept:error in SSLv3 read finished A
2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - In SSL Handshake Phase
2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - In SSL Accept mode
2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - eaptls_process returned 13
2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - rlm_eap_peap: EAPTLS_HANDLED
Search Airheads
Showing results for 
Search instead for 
Did you mean: