Wireless Access

 View Only

  • 1.  Android Smartphone -> TLS Alert read:fatal:internal error / rlm_eap_tls: TLS failed during operation

    Posted 13 days ago

    Hello, we are having issue's connecting Android Mobile Phones to our corporate Wi-Fi Network.

    Our Sophos MDM config

    Trusted certificate: internal Root CA

    Domain suffix match: Our Domainname

     

    The Errors in clearpass

    TLS Alert read:fatal:internal error 

    rlm_eap_tls: TLS failed during operation

    only Android Mobile Phones can´t connect. iOS Devices are fine



  • 2.  RE: Android Smartphone -> TLS Alert read:fatal:internal error / rlm_eap_tls: TLS failed during operation

    Posted 13 days ago

    The root CA used on the client is the same root CA that signed the RADIUS certificate on ClearPass?



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 3.  RE: Android Smartphone -> TLS Alert read:fatal:internal error / rlm_eap_tls: TLS failed during operation

    Posted 11 days ago

    Yes, it´s the same


    Original Message


  • 4.  RE: Android Smartphone -> TLS Alert read:fatal:internal error / rlm_eap_tls: TLS failed during operation

    Posted 11 days ago

    Is that trusted certificate field specifying the RADIUS certificate on ClearPass?  Have your Android devices been configured to use the root CA of the RADIUS certificate as a trusted root?



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 5.  RE: Android Smartphone -> TLS Alert read:fatal:internal error / rlm_eap_tls: TLS failed during operation

    Posted 10 days ago

    Yes it´s the same as = Administration > Certificates > Trust List

    In the Wifi Settings is the ca-certificate shown and selected.


    Original Message


  • 6.  RE: Android Smartphone -> TLS Alert read:fatal:internal error / rlm_eap_tls: TLS failed during operation

    Posted 11 days ago

    The messages in ClearPass refer to EAP-TLS failing, your MDM configures PEAP/MSCHAPv2. Could that be part of the issue? What is is what you try to configure and can you share the ClearPass service authentication methods and sources?

    Note that PEAP/MSCHAPv2 is deprecated. As you entered probably dummy credentials that are not used for anything else, that may be acceptable. But you should consider EAL-TLS with a client certificate otherwise.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 7.  RE: Android Smartphone -> TLS Alert read:fatal:internal error / rlm_eap_tls: TLS failed during operation

    Posted 10 days ago

    I think not. The same configuration works with ios devices and mschapv2 authentication. 

    there are credentials from an service account only for wlan authentication 


    Original Message


  • 8.  RE: Android Smartphone -> TLS Alert read:fatal:internal error / rlm_eap_tls: TLS failed during operation

    Posted 10 days ago

    Android will not complete the authentication if the device hasn't been configured with a proper trusted root CA for the RADIUS certificate.  Since that is the only certificate that should be involved when using PEAP/MS-CHAPv2, I'd make sure that everything is properly configured on the client side with that certificate.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


Related Content