Security

 View Only
last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Android 11/12 error 215 on clearpass

This thread has been viewed 48 times
  • 1.  Android 11/12 error 215 on clearpass

    Posted Mar 29, 2022 06:59 AM
    Hi 

    Could you please advise on this 
    we are getting errors on Clearpass 6.9, with devices android 11 connecting and given this error



    Thanks for the help 
    Regards


    ------------------------------
    Bruno Costa
    ------------------------------


  • 2.  RE: Android 11/12 error 215 on clearpass

    MVP EXPERT
    Posted Mar 29, 2022 08:23 AM
    Looks like it is an unknown CA. What is the CA the client is presenting to CPPM, does CPPM trust it?

    ------------------------------
    Craig Syme
    ------------------------------



  • 3.  RE: Android 11/12 error 215 on clearpass

    Posted Mar 29, 2022 11:16 AM
    Its an internal CA from the client and its presented on the CPPM trust list

    Regards


    ------------------------------
    Bruno Costa
    ------------------------------



  • 4.  RE: Android 11/12 error 215 on clearpass

    MVP EXPERT
    Posted Mar 29, 2022 12:37 PM
    The RADIUS certificate in Aruba ClearPass is signed by a intermediate or root CA. Is the root CA certificate correctly installed in the trust store on the Android client device?

    ------------------------------
    Marcel Koedijk | MVP Expert 2022 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------



  • 5.  RE: Android 11/12 error 215 on clearpass

    Posted Apr 07, 2022 08:27 AM
    Im having the same issue... and struggling to work out how to solve this. Our RADIUS certificate is signed by our internal intermediate CA

    We have tried the to add both the root CA and the intermediate CA to the wifi connection on the android device and either way the device fails to authenticate the user with the same TLS CA error using EAP-PEAP with MSCHAPv2

    Should it be the Intermediate or Root applied to the Android Wifi config ? and any ideas why it wouldn't be accepting them ?


    ------------------------------
    Daniel Grandja
    ------------------------------



  • 6.  RE: Android 11/12 error 215 on clearpass

    Posted Apr 07, 2022 11:47 AM
    Hi Daniel 

    Your issues are also with android 11/12 devices?

    Still getting this error also

    Regards

    ------------------------------
    Bruno Costa
    ------------------------------



  • 7.  RE: Android 11/12 error 215 on clearpass

    Posted Apr 07, 2022 12:10 PM
    Sure is with Android 11/12 devices only.

    Our other users have been using the dont validate cert but as this is going away, we are providing instructions on how to download our root/intermediate cert so that users can apply this to their wireless profile when they create it, however in testing, this doesnt seem to actually work and we still see a TLS error in ClearPass, not sure why though...

    ------------------------------
    Daniel Grandja
    ------------------------------



  • 8.  RE: Android 11/12 error 215 on clearpass

    Posted Apr 08, 2022 02:55 PM
    Ok after further testing, i've worked out the CA needs to be the actual Root CA not the CA that signed the server certificate (in this case our intermediate CA)

    However now when adding the Root CA to the Wireless profile, still seeing a 215 Error but instead of it being a ca error, its now a a "tlsv1 alert internal error"

    So not sure what that means

    ------------------------------
    Daniel Grandja
    ------------------------------



  • 9.  RE: Android 11/12 error 215 on clearpass

    EMPLOYEE
    Posted May 04, 2022 10:09 AM
    This likely is a settings or certificate issue. Would be best to open a support case to get analyzed what is causing this internal error as even that can mean multiple things.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 10.  RE: Android 11/12 error 215 on clearpass

    Posted 12 days ago
    any resolution here? I am having the same issue and can't seem to resolve.


  • 11.  RE: Android 11/12 error 215 on clearpass

    EMPLOYEE
    Posted 12 days ago

    Android 11 and upper needs to validate server certificate, in the EAP process, previous versions lets you use "do not validate" option, this means that clearpass radius cert needs to be a public cert in order to Android can trust in it, another way is to use Onboard to provisioning a Clearpass Cert into Android and use EAP-TLS auth.

     

    Regards,

     

    Jorge