In my opinion, if tou are using EAP-TLS certificates there is no reason to cache credentials because the certificate is already stored locally on the client..
Original Message:
Sent: Mar 12, 2024 03:52 AM
From: TomiCloud
Subject: Clearpass - Error 9002 Last EAP Packet Processing Time = 0 ms
I had opened case, but Aruba support also had problems with resolving this problem.
But, it looks like that disabling option to verify server certificate resolved that problem.
I know that decreases security level, but it's ok at the moment.
Original Message:
Sent: Mar 11, 2024 06:13 AM
From: Herman Robers
Subject: Clearpass - Error 9002 Last EAP Packet Processing Time = 0 ms
This issue may be hard to solve in a forum. It may be better to work with your Aruba partner or Aruba support to collect the required troubleshooting information.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Mar 07, 2024 02:39 AM
From: TomiCloud
Subject: Clearpass - Error 9002 Last EAP Packet Processing Time = 0 ms
We have only one ClearPass server, with certificate from our internal CA.
Original Message:
Sent: Mar 06, 2024 10:25 AM
From: jonas.hammarback
Subject: Clearpass - Error 9002 Last EAP Packet Processing Time = 0 ms
Do you have more than one ClearPass server and do they share the same certificate for Radius or do they have unique certificates?
If you have more than one server and they have unique certificates the clients will prompt the user to approve the "new" certificate if the authentication is taking place on another server than the last server authenticating the user/device.
You should enable the option "Do not prompt user to authorize..." to suppress the dialogue to the user.
There have been some changes in the EAP processing in Windows 11. See this Microsoft article for more information: https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/windows-11-changes
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Mar 06, 2024 08:53 AM
From: TomiCloud
Subject: Clearpass - Error 9002 Last EAP Packet Processing Time = 0 ms
I checked it, and all of clients which have problems are on Win10.
For testing, i disable option with veryfing server certificate.
Original Message:
Sent: Mar 06, 2024 07:26 AM
From: jonas.hammarback
Subject: Clearpass - Error 9002 Last EAP Packet Processing Time = 0 ms
Can you provide the GPO configuration for the clients?
Does this issue effect both Windows 10 and 11 machines or just one of the versions?
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Mar 04, 2024 06:24 AM
From: TomiCloud
Subject: Clearpass - Error 9002 Last EAP Packet Processing Time = 0 ms
Client is computer with Windows 10/11. OS and drivers are up to date. Supplicant is native, configured by GPO. EAP type is EAP-TLS. On computer i find an error that Authentication using 802.1x failed, that network stops responding to authentication request.
Original Message:
Sent: Feb 26, 2024 10:23 AM
From: ahollifield
Subject: Clearpass - Error 9002 Last EAP Packet Processing Time = 0 ms
This is a client issue. What is the client? Is it up date from an OS patching prospective? Drivers up to date? Native or 3rd party supplicant? What is the configured/expected EAP type?
Original Message:
Sent: Feb 26, 2024 05:10 AM
From: TomiCloud
Subject: Clearpass - Error 9002 Last EAP Packet Processing Time = 0 ms
Hi,
Usually after weekend, some of our workers, have problem with authentication. In Clearpass they are getting errors:
After few computer restarts, authentication starts to work. It happens for random users, after a longer break. I changed eap-tls-fragment parametr on switch to 1024 (same value as in clearpass) but it didn't help.
I'm using 6200F and 2530 Switches.
Is there a way to resolve this?