Could it be that the certificate expired while the devices were dormant? Certificates are valid for one year after onboarding, and would need to be renewed/refreshed before they expire. What do the logs in Central show for those devices? Or don't they even connect, by lack of a client certificate?
Have not heard this, just some Samsung devices that require the Onboard app to be excluded from battery saving as the operating system will otherwise remove the certificate after some time. But have not heard similar for Windows Devices. Could it be that there is device management/security software that removes the client certificate or configuration?
Have you opened a TAC case for this?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Sep 21, 2024 09:36 AM
From: Michael Grady
Subject: Cloud Auth and "losing the certficate", having to re-onboard
We have a customer that has all Aruba wireless access points (recently upgraded to 6xx.) They were migrated to Aruba's cloud authentication for about two years. We have a majority of Windows 11 notebooks, with a smattering of W10s. The move to Cloud Auth was intentional and a part of reducing the local server footprint and using Microsoft's Entra ID for authentication. We are trying to identify a pattern causing the "loss" of the ability to log in via the Cloud-Auth credentials; specifically, the certificate is "disappearing." I say that because once we re-onboard the notebooks, they start working again. I associate that with the renewed certificate, but maybe incorrectly. Does anyone else see this in their wireless network? They are running AOS10.x. It appears to be a relatively "random" occurrence. One certainty, if a user has been dormant for a couple of weeks, we most likely have to re-onboard.
Thoughts?