Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Windows Client "connected, no internet" problem

  • 1.  Windows Client "connected, no internet" problem

    Posted Apr 19, 2019 11:39 AM

    I realize this is "mostly" a windows client issue but figured this was a better target group to ask than random users who can't connect to their home WiFi.

     

    We are using Onboarding to provision certificates and configure wireless for EAP-TLS authentication.  

     

    For many clients the process works perfectly and they are off an running just fine connected to our internal wireless.  

     

    But for some (not sure of commonality), the provisioning process completes just fine but  once they are done and connected to our internal network SSID they show that they are "connected, no internet".   Disconnecting and reconnecting to that SSID doesn't change anything.  Rebooting the machine doesn't change anything.  "Forgetting" that SSID sends them back into the onboard process which completes fine but they end up with "connected, no internet".   

     

    Clearpass shows that they authenticate with EAP-TLS just fine, they get all the appropriate roles and enforcement profiles.  They end up on the correct VLAN with correct IP address, DNS, gateway, etc....

     

    Network firewall logs show that the only thing leaving their local network is ICMP traffic from thier host.  The can resolve IPs and ping hosts by name or IP, but browsing and other network activity fails.

     

    If I open a command prompt to check local settings with "ipconfig /all"  it takes a LONG time to return results, which tells me something isn't healthy.   

     

    We have found one thing that works reliably to get them out of this state but would like to solve the root cause of the problem.   

     

    If a user in this "connected, no internet" state decides to connect to another SSID we are offering for guest or BYOD and then goes back to connect to our internal SSID then the internal SSID works fine and they are "connected, internet access".   Problem solved, but hardly elegant. 

     

    Obviously something in the act of connecting to another SSID and reconnecting to the original shakes something loose that is causing issues but what and why?   Whatever is being remembered by the local client after numerous failed attempts to connect that SSID successfully survives a reboot and even reprovisioning.   But connecting to a different SSID clears out whatever is causing the problem.  

     

    Has anyone else run into this behaviour?  Any ideas how to avoid it?  Is there a command we could have users run after provisioing is done that would mimic what happens when they connect to a different SSID to accomplish the semi-reset that seems to happen?   Something that wouldn't wipe out other important settings and that an unprivileged user can run?  

     

    It seems to be more common on laptops that connect to our network using both wired and wireless, but not all clients that do that show this behaviour.  



  • 2.  RE: Windows Client "connected, no internet" problem

    Posted Apr 19, 2019 12:13 PM

    Do your clients use a proxy?



  • 3.  RE: Windows Client "connected, no internet" problem

    Posted Apr 19, 2019 12:22 PM

    There is a proxy on the network that redirects web traffic transparently to the user.   

     

    The network settings provisioned by onboarding are "none"  

     

     



  • 4.  RE: Windows Client "connected, no internet" problem

    Posted Jan 14, 2021 12:23 PM
    What was the solution for this issue,  I am seeing the same thing.

    ------------------------------
    Chad Sparrow
    ------------------------------



  • 5.  RE: Windows Client "connected, no internet" problem

    Posted 2 days ago
    I have seen other users report this issue but no solution that has been posted,  do you know of one?   I am seeing this exact same issue.

    ------------------------------
    Chad Sparrow
    ------------------------------



  • 6.  RE: Windows Client "connected, no internet" problem

    Posted 2 days ago
    Open a new topic ?

    Do you are also using Onboard ? do you have also a proxy ?

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 7.  RE: Windows Client "connected, no internet" problem

    Posted 2 days ago
    I think this is a Windows problem, not an Aruba problem. I've seen this on many networks where even Windows 10 reports 'no internet access', but you can browse the internet nicely. I feel using proxy servers makes the issue happen more often, and many times it automatically goes away after some time.

    Reach out to Microsoft support if you need a solution, after you have tried with an allow-all rule and can access the internet.

    Otherwise, connect to Aruba support or your Aruba partner.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 8.  RE: Windows Client "connected, no internet" problem

    Posted Jan 14, 2021 12:23 PM
    I am seeing the same issue,  what did you do for a fix for this issue?

    ------------------------------
    Chad Sparrow
    ------------------------------