Security

 View Only
last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Connection Denial due to "Incorrect Passphrase"

This thread has been viewed 12 times
  • 1.  Connection Denial due to "Incorrect Passphrase"

    Posted May 12, 2023 09:49 AM

    Hello Airheads,

        Had a weird issue the other day.  My users were kicked off of the SSID and then prompted to re-connect. When they attempted to re-connect they were denied due to "Incorrect Passphrase" but the passphrase hadn't been changed.  What might have caused this?



  • 2.  RE: Connection Denial due to "Incorrect Passphrase"

    MVP GURU
    Posted May 12, 2023 12:01 PM

    Is it still going on? Maybe check to see if there is a rogue detected on nearby APs?



    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 3.  RE: Connection Denial due to "Incorrect Passphrase"

    Posted May 13, 2023 01:06 AM

    No it's not going on anymore.  Changing the passphrase and using the new passphrase did the trick.  

    I checked the logs and there were a lot of "Interfering AP" messages during that time.  Do you think it was an attack?




  • 4.  RE: Connection Denial due to "Incorrect Passphrase"

    Posted May 14, 2023 03:33 AM

    I have a lot of detection of rogue APs.  I also have what appears to be logins and commands being executed.  

    May 9 12:03:53 2023 cli[17877]: USER: admin has logged in from X.X.X.X.

    May 9 12:03:53 2023 cli[17877]: USER: admin connected from X.X.X.X has logged out.

    May 9 12:03:53 2023 cli[17877]: USER:admin@X.X.X.X NODE:"/mm/mynode" COMMAND:<no paging > -- command executed successfully.

    May 9 12:03:53 2023 cli[17877]: USER:admin@X.X.X.X NODE:"/mm/mynode" COMMAND:<encrypt disable > -- command executed successfully.

    Im seeing this string of output all through my logs.  Any suggestions?

     

     









  • 5.  RE: Connection Denial due to "Incorrect Passphrase"

    EMPLOYEE
    Posted May 15, 2023 04:04 AM

    That looks like Airwave or another management system logging in to get your configuration.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 6.  RE: Connection Denial due to "Incorrect Passphrase"

    MVP GURU
    Posted May 15, 2023 09:41 AM

    Those look like airwave may be logging in to grab backups. You may have had someone deploy a 3rd party router/AP somewhere using the same SSID as your's, set with another PSK would be my guess.



    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 7.  RE: Connection Denial due to "Incorrect Passphrase"

    Posted May 15, 2023 09:59 AM

    Please check posture profile if you enter any user it will give you the reson so follow the steps and if posture is good try to check antivirus selection as well in systems.



    ------------------------------
    Rupesh Mishra
    ------------------------------