Network Management

 View Only

  • 1.  iMC_UAM_7.1_E0302P06 changes/breaks computer authentication!!!??

    Posted Jan 12, 2015 01:08 PM

    I tested iMC_UAM_7.1_E0302P06 update. My windows machine authentication using PEAP/mschapV2 and the computer account does not work, giving this error:

     

    Account Name computer
    Login Name host/WS500X.domain.com
    Authentication Failure Cause E63121::receive no packet from mschapv2server.
    Failed at 2015-01-11 11:45:46
    User IP Address 
    User MAC Address B8:AC:6F:32:B3:46
    Device IP 10.10.100.133
    Device NAT IP 10.10.100.133
    Port 0
    Device SN 
    IMSI 
    Service Name PEAP_Computer_acc_svc
    VLAN ID/Inner VLAN ID 27
    Outer VLAN ID 
    User SSID 
    Computer Name 
    Windows Domain

     

    Not sure where the Inner VLAN ID of 27 is coming from as I don't specify one.

     

    The update changes how Domain Controller-Assisted PEAP Authentication is configured, moving it from a global configuration to a part of the LDAP server configuration.

     

    In the read me under features added:

     

    9. LDAP servers can use different domain controllers for MS-CHAPv2 authentication. This feature is configurable under User > User Access Policy > LDAP Service > LDAP Server .

     

    And modified:

     

    4.The LDAP parameters were moved from the system parameter settings page to the LDAP Service menu. This feature is configurable under User > User Access Policy > LDAP Service > LDAP Parameters.

     

    Under Other problems:

     

    PEAP-MSCHAPv2 is not supported by PCs using machine authentication.

     

    So how is the computer authentication now supposed to work??

     

    Is it temporarily broken and will be fixed, or is it eliminated?

     

    This is a big change without much documentation except as above. My authentication strategy has been using this for the last few years in PCM and now IMC - now its not supported anymore??? Not happy about this.

     

    I was not able to do extensive testing - I only have the production instance at this time - I snapshotted it fortunately before deploying and testing this update, so I rolled it back.

     

    Any insight on this would be appreciated. If you use computer authentication beware of this update!

     

    BTW the ability to use multiple DC's is handy but still....

     

     



  • 2.  RE: iMC_UAM_7.1_E0302P06 changes/breaks computer authentication!!!??

    Posted Jan 28, 2015 07:27 PM

    HI

     

    I have the same problem after installing patch 06

    Beside this one i have also

     

    E63120::Domain controller infomation error

     

    Have you got simiilar ?

     

    I have notice tonigh that P07 has beed released, I am trying to check it

     

    Besides I am still expiriencing instability: from time to time my server is unreachable from the switch

     

    can't reach radius server

     

    I have got also intsalled UAM subserver but it behave the same way

     

    best regards :)

     

    I would appriaciate any suggestions

     

    K



  • 3.  RE: iMC_UAM_7.1_E0302P06 changes/breaks computer authentication!!!??

    Posted Jan 29, 2015 07:43 PM

    I run IMC as VM, so I snapshot the VM before the upgrade. After I discovered/verfiied the issue I reverted to the original state, as my production system depends on machine authentication via PEAP- MSCHAP.  So I can't comment further on symptoms.

     

    Without that, new users cannot log into a machine unless a Domain controller is visible on a restricted network. Additionally if a different VLAN is assigned, the the IP address changes, making remote desktop break becuase the ip changes after login and the remote session can't follow that.

     

    UAM 7.1E0302P07 is posted. They put the wrong release notes on the web site, TAM instead of UAM, so you need to download the whole package. Fortunately the correct release notes are included. Lots of fixes and features, but still 

     

    Other Problems:

     

    • PEAP-MSCHAPv2 is not supported by PCs using machine authentication

    I've asked for clarification on this from HP but no answer yet: Broken forever or just for this release. Can't go further without it or else I have to redesign my whole authentication system



  • 4.  RE: iMC_UAM_7.1_E0302P06 changes/breaks computer authentication!!!??

    Posted Jan 30, 2015 06:58 AM

    Hi

     

    I have installed P07 but without impact on the issue with mschapv2, I have also sent question to OBP, must wait...

     

    I have seen this notice on PC machine and PEAP-MSCHAPv2, it is a little bit strange that HP has released software version that has limitation in comparison to earlier version

     

    Yestarday I have installed second test server HP IMC with UAM on Wondows Server (my first is on Linux RedHat) but withou patches and observing problem with radius availability from switch

     

    It seems i canot use patches in this moment and I am considering changing to EAP-TLS, because client want to add additional domains

     

    I have no snapshot of machine so I thinkd the only solution for me to return to IMC UAM prior patch 06 is reinstall HP IMC UAM but not shure if any changes in databases structure

     

    best regards

     

    Karol

     

     



  • 5.  RE: iMC_UAM_7.1_E0302P06 changes/breaks computer authentication!!!??

    Posted Jul 15, 2015 03:02 AM

    This issue is fixed with P14 release .



  • 6.  RE: iMC_UAM_7.1_E0302P06 changes/breaks computer authentication!!!??

    Posted Jul 15, 2015 02:13 PM

     I did deploy that update and noted the result in a separate post. It has been working fine so far


    • Computer auth FIXED in UAM E0302P14

    Should have updated this post as well. Thx for the reply



Related Content