Security

 View Only
last person joined: 22 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Authentication failed for EAP method type 25. The error was 0x54F.

This thread has been viewed 20 times
  • 1.  Authentication failed for EAP method type 25. The error was 0x54F.

    Posted Mar 02, 2022 05:45 AM
    Hi.

    I am trying to troubleshoot an issue where I can see clients trying to authenticate against WiFi SSID using EAP-PEAP (Machine Auth). In Clearpass (6.9) I can see the client (Windows 10) trying to auth but receives several timeout errors but does eventually authenticates successfully. I ran the netsh report and I see the following:

    Authentication failed for EAP method type 25. The error was 0x54F.

    After doing a bit of research this appears to be related to the TLS type but everything that I've seen seems rather old. People have suggested using the registry to force TLS 1.2.

    https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=18707
    https://support.microsoft.com/en-us/topic/windows-10-devices-can-t-connect-to-an-802-1x-environment-179ef277-e6ef-8ea3-cb0e-11a6b80fa955

    I've done a packet capture on Clearpass and it appears that TLS 1.2 is being used.

    Just wondering if there is any updated wisdom on this error?

    Thanks.


  • 2.  RE: Authentication failed for EAP method type 25. The error was 0x54F.

    Posted Mar 03, 2022 09:47 AM

    Are the Windows 10 Wi-Fi Profiles GPO, configured specifically as "Computer Authentication" or "User or Computer Authentication", and with Certificate Validation enabled?

    A series of consecutive Timeouts I've seen as an issue where the client doesn't trust your Root CA (hence the certificate prompt about connecting in this location) - or the the client moves out of range during the authentication process (walking by buildings).



    ------------------------------
    Chris
    ------------------------------



  • 3.  RE: Authentication failed for EAP method type 25. The error was 0x54F.

    Posted Mar 03, 2022 02:47 PM

    Thanks for replying.

    Yes it is set to machine.

    We have tried setting to not validate the cert and it has made no difference.

    The laptops are generally stationary at the time.




  • 4.  RE: Authentication failed for EAP method type 25. The error was 0x54F.

    Posted May 10, 2022 01:39 PM
    Hi Hammertim - did you ever get any further with this.  Seeing a similar/identical issue in our environment

    ------------------------------
    ADAM RUDD
    ------------------------------



  • 5.  RE: Authentication failed for EAP method type 25. The error was 0x54F.

    Posted May 10, 2022 06:15 PM
    Hi.

    Is it happening to all auth attempts? What I found was that it would fail about 60-70% of attempts, after maybe three tries a Windows laptop would auth successfully. Obviously, this is annoying to the end-users.

    We had our IAP master virtual controller on an edge switch. The uplink between the core and the edge switch had errors on it. Replacing the transceivers resolved this for us.

    One troubleshooting step that helped was to install Microsoft Network Monitor 3.4, as it captures the RADIUS packets on the client-side. You should be able to see where it fails. If you also take a capture on Clearpass, you should be able to see which side stops responding.

    I hope that helps!

    Thanks.