Thanks Herman,
I had a case with TAC a while back, and opened a new one this morning to revisit it.
It will be a certificate issue on our clients - but what confuses me is that the onboarding app should ensure that gets sorted.
I have found a few older references to similar issues.
The funniest observation is that the issue only occurs at first login; then it is happy for the day. Even a reboot does not cause the same symptom.
********************
This email and any files transmitted with it are confidential and intended solely
for the use of the individual or entity to whom they are addressed.
If you have received this email in error, please notify us immediately by return e-mai l
and delete all copies. That error does not constitute waiver of any confidentiality,
confidentiality, privilege or copyright in respect of information in the e-mail or attachments.
********************
Scanned by Office 365 Email Gateway at Food Standards ANZ.
Original Message:
Sent: 10/16/2024 5:29:00 AM
From: Herman Robers
Subject: RE: Aruba Cloud Auth SSID asking users to connect even after authentication process is completed
If you onboarded the client through Central, indeed for BYOD, you should not see any authentication prompts.
In case you do see warnings, please open a TAC case as there is nothing you can configure or change to my knowledge.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Oct 14, 2024 07:36 AM
From: BatmanDL44
Subject: Aruba Cloud Auth SSID asking users to connect even after authentication process is completed
No we have not configured Intune and Mosyle to provision the devices with client certificate and SSID configuration. Please send documentation if you know if any on how to do this as Microsoft and Mosyle do not know how.
As stated in previous posts the devices are using Aruba Onboard not Clearpass to authenticate to the Aruba Cloud Auth network. Around 50% of the devices are BYOD so we do not managed them from Intune or Mosyle so pushing any configuration would be impossible. We can create a profile in Intune (provide documentation if you know of any). My understanding is Aruba Onboard is used for BYOD environments, correct me if I'm wrong.
How do we resolve this message, "The message displayed means that the client does not trust the (RADIUS/RadSec) server certificate, or that there is no configuration at all on the client." Using the Aruba Onboard product? This authentication error is happening on All device types. Android, MAC, Windows, etc. the only exception to the rule is iOS.
Original Message:
Sent: Oct 14, 2024 05:43 AM
From: Herman Robers
Subject: Aruba Cloud Auth SSID asking users to connect even after authentication process is completed
Have you configured Intune and Mosyle to provision the devices with a client certificate and SSID configuration?
The message displayed means that the client does not trust the (RADIUS/RadSec) server certificate, or that there is no configuration at all on the client. Central Cloud Authentication Onboarding should take care of that, but you should see as well 'Hotspot 2.0' and the (friendly) name of your network/organization on the SSID in Windows.
In most cases, either Intune/MDM is used to provision the SSID and client certificates for managed devices, then use ClearPass or another RADIUS service to authenticate the devices. Or for unmanaged devices, you use Central Cloud Authentication for the provisioning as well as for the authentication.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Oct 03, 2024 11:03 AM
From: BatmanDL44
Subject: Aruba Cloud Auth SSID asking users to connect even after authentication process is completed
This is exactly what we are experiencing as well and our machine are Entra ID joined / Intune Managed but this also happens on personal Windows machines and Macs managed by Mosyle MDM
Does it sometimes make you choose the certificate? See video attached
Original Message:
Sent: Sep 30, 2024 08:54 PM
From: garrymacg
Subject: Aruba Cloud Auth SSID asking users to connect even after authentication process is completed
Here is what I am seeing in screenshots.
Occurs to entra joined devices, but had other issues on hybrid devices.
Original Message:
Sent: Sep 26, 2024 03:21 PM
From: garrymacg
Subject: Aruba Cloud Auth SSID asking users to connect even after authentication process is completed
Yes, we are seeing the same thing!
TAC found an issue within the WLAN SSIDs, causing a certificate error which meant the client sometimes rejected the cert, needing the click on connect.
We needed to re-issue the onboarding link and reset as well as removing the old wifi config.
However, we are still seeing this behaviour after this fix.
APs running AOS10.6.
Original Message:
Sent: Sep 16, 2024 07:55 AM
From: BatmanDL44
Subject: Aruba Cloud Auth SSID asking users to connect even after authentication process is completed
Hello all, I'm relatively new to Aruba Central. We just installed our 67 535 APs 6 months ago. We are running an SSID using Cloud Auth to MS Entra ID. However, every time users connect to wifi they are being asked to physically click the network in settings and then click connect. They have the Aruba onboard app and profile installed in the app. I have opened a couple of tickets with Aruba TAC and they have no idea what is going on. To make matters more weird. We are seeing two of the same SSID even though there is only one in Aruba Central. When users click their wifi settings they can see Staff and Staff 2. We have never made a Staff 2 which confused Aruba TAC as well. Depending on the device type this shows up or does not. Its kinda random and inconsistent. But either way users still have to physically connect to Cloud Auth network by clicking a button.
Has anyone else see this happen?