Security

 View Only
last person joined: 3 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Client did not complete EAP transaction - Precision laptops

This thread has been viewed 20 times
  • 1.  Client did not complete EAP transaction - Precision laptops

    Posted Nov 14, 2023 04:51 PM

    I am beginning to see an issue with Dell Precision laptops (not all) have an issue with connecting to my corporate Wifi that is handled by clearpass.  They all are getting the RADIUS error "client did not complete EAP transaction".  We have tried re-domaining these machines, updated all drivers and ran diag tests but they continue to time out.  Has anyone seen this before and have any more suggestions on troubleshooting?

    UPDATE:

    I wanted to update this post with a fix I found for my situation.  It turned out all these laptops were new and running Win11.  When I disabled a feature called Credential Guard, which is enabled by default, then the machines were able to successfully authenticate to my wifi network.  I disabled this feature via the registry and may create a GPO to automate this.  I would like to use this feature in the future and if anyone has information to help with that, that would be appreciated.  Here is the documentation I used to disabled this feature;

    https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/configure?tabs=intune



  • 2.  RE: Client did not complete EAP transaction - Precision laptops

    MVP EXPERT
    Posted Nov 15, 2023 03:10 AM

    Usually see this message when the client cannot  validate the clearpass radius cert .Have you tried a show logs for a failed  auth attempt?

    A




  • 3.  RE: Client did not complete EAP transaction - Precision laptops

    Posted Nov 16, 2023 02:58 PM

    I constantly see the response that this is usually because the machine can not validate the radius cert.

    As the user says they are going to re-domain the machines.  This to me implies that the radius cert is configured correctly.  We have them configured on our machines but we often still get the same message (though not always)

    We have 11 clearpass servers with a very robust network and still see a large number of these (10-25% of overall attempts).  I realize some are due to the issue mentioned, but I think there is something happening here besides that.

    Walt




  • 4.  RE: Client did not complete EAP transaction - Precision laptops

    MVP EXPERT
    Posted Nov 17, 2023 04:55 AM
    Hi,
    Agree it could be something else but in our case it definitely was our clients not validating the ClearPass cert, although not due to a fault of the client. There was an MTU size issue (I believe) with a firewall that was in the way and the cppm cert was fragmented on its way to the client, so client didn’t receive a valid cert …

    A