Since last week, we encounter with "PTK Challenge Failed " in Airwave.
We have Mobility Master with 2 controller (1 cluster + 158 APs)
show auth-tracebuf mac A0:C5:89:E9:A9:F8 count 10 did not display any result,
Could you please share your experience in this regards?
PTK challenge failed typically means there is a passphrase mismatch. You will need to track down that client and investigate further.
For the auth-tracebuf on the controller, it will be empty if A0:C5:89:E9:A9:F8 hasn't recently attempted to associate and authenticate.
Thanks for your replying.
I have already double checked the key with clients. it was ok for most of them, I can say more than 150 clients but for some of them this issue pop up.
I track also NPS and output is OK too,
I checked this materials also:
NPS(Win server 2019)
Laptop WIFI card driver, Update them
Any other hints ?
We need more information to better guide you. It may be easier for you to open a TAC case and triage with them.
You mentioned this started happening recently. Did anything change recently? Configuration changes? Client changes?
How often are you seeing these errors in the logs? Do the logs always indicate the same client(s) or is it random client(s)?
Are you able to reproduce a failure when you track down a client from the AirWave logs?
It would also be helpful to know what version of AOS code? Which AP models? What does the relevant VAP/SSID configuration look like? What features are enabled (like 802.11r)?
Here are some additional commands to run (along with the auth-tracebuf) that may give more clues on what is going on:
show ap remote debug mgmt-frames ap-name <ap client is connected> client-mac <mac>
show ap client trail-info <mac>
show log all | include <mac>
Thanks for your answer:
I am going to answer all your questions:
Did anything change recently? Not at all
Configuration changes? Not at all - Client changes? Not At all
How often are you seeing these errors in the logs? Normally when we have some expo in our big salon which cover by 19 AP(model 345 and one single new 535)
Do the logs always indicate the same client(s) or is it random client(s)? honestly is random clients
Are you able to reproduce a failure when you track down a client from the AirWave logs? I need to dig it again,but when I pick up a client randomly I can find this issue.
would also be helpful to know what version of AOS code? I dont understand this question.
Which AP models? 345 and single 535
What features are enabled (like 802.11r)? 802.11r and OKC are enable it for roaming.
Thank you so much
Which ArubaOS version are you running? (Run show switches from the Mobility Conductor)
What security mode (opmode) is being used for the SSID clients are having issues with? Is this PSK/SAE/.1X?
Sorry, we didn't establish which clients and respective driver versions are having issues. Can you clarify client details?
Can you correlate if the error happens when the client roams? show ap client trail-info <mac> may be useful for that.
Enabling and analyzing ap-debug and user-debug logs once you've found a client with the issue may give clues.
Thanks again for your replying,
Our mobility Master running os version is ArubaMM-VA, 126.96.36.199
our 2 controller running os version is ArubaOS 188.8.131.52_79813 Model Aruba7205
security mode for SSID which has a issue is Key Management: WPA2-Personal - Use static Pre- Shared Key (PSK)
Nom : Wi-Fi Description : Killer(R) Wi-Fi 6 AX1650s 160MHz Wireless Network Adapter (201D2W) GUID : 3e2fbf9b-371f-43d9-aa7e-325120763e44 Adresse physique : 68:54:5a:95:1b:90 Type d'interface : Primaire État : connecté SSID : xxxxxxxxxxx BSSID : 48:4a:e9:f9:xx:xx Type de réseau : Infrastructure Type de radio : 802.11n Authentification : WPA2 - Entreprise Chiffrement : CCMP Mode de connexion : Profil Bande : 2,4 GHz Canal : 9 Réception (Mbits/s) : 144.4 Transmission (Mbits/s) : 144.4 Signal : 91% Profil : Partitio-xxxxxxxx
and for the rest I will keep up update
Should I un-check Client Match under AP Gruop -->Radio- Client Control and alsounder System--profiles-->all profiles--> Wireless LAN-->Virtual AP--SSID then un-check OKC ? or not ?For info: Advertise 802.11d and 802.h were activated.
Jut for info:
I suggest upgrading your deployment to the latest 8.10 point release. 184.108.40.206 was released in April of 2021 and since there have been a number of bugfixes introduced.
You might consider disabling 802.11r and OKC on the affected WPA2-Personal SSID to see if that helps.
Thanks for your hint, Honestly, I do not know how can I convince my boss to update MM and 2 MC os. He say that try to find another solution for this issue,
I talk with TAC and also they propose to update OS but he is not sure this action also solve this issue as well.
The solution IS to upgrade. Perhaps your boss does not understand the dangers to the company on running an old, unsupported Wi-Fi system. There are likely security vulnerabilities, opening up your corporate network & proprietary data to outside attack. That can be devastating for a company.
Here is Aruba's end of life policy definitions https://www.arubanetworks.com/support-services/end-of-life-policy/
Thanks for sharing your experience, the only thing that we are not sure is that is this action solve our issue or not?
anybody solves his PTK issue with updating os?
I try again to get green light from him.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.