Wireless Access

Hello Folks,

Since last week, we encounter with "PTK Challenge Failed " in Airwave. 

We have Mobility Master with 2 controller (1 cluster + 158 APs)

also 

show auth-tracebuf mac A0:C5:89:E9:A9:F8 count 10  did not display any result,

Could you please share your experience in this regards? 

Best,

Ghasem 

PTK challenge failed typically means there is a passphrase mismatch. You will need to track down that client and investigate further.

For the auth-tracebuf on the controller, it will be empty if A0:C5:89:E9:A9:F8 hasn't recently attempted to associate and authenticate.

Hello Folks,

Since last week, we encounter with "PTK Challenge Failed " in Airwave. 

We have Mobility Master with 2 controller (1 cluster + 158 APs)

also 

show auth-tracebuf mac A0:C5:89:E9:A9:F8 count 10  did not display any result,

Could you please share your experience in this regards? 

Best,

Ghasem 

Hi,

Thanks for your replying.

I have already double checked the key with clients. it was ok for most of them, I can say more than 150 clients but for some of them this issue pop up.

I track also NPS and output is OK too, 

I checked this materials also:

Firewall polices,

NPS(Win server 2019) 

Laptop WIFI card driver, Update them 

Any other hints ? 

Best

Ghasem 

PTK challenge failed typically means there is a passphrase mismatch. You will need to track down that client and investigate further.

For the auth-tracebuf on the controller, it will be empty if A0:C5:89:E9:A9:F8 hasn't recently attempted to associate and authenticate.

Hello Folks,

Since last week, we encounter with "PTK Challenge Failed " in Airwave. 

We have Mobility Master with 2 controller (1 cluster + 158 APs)

also 

show auth-tracebuf mac A0:C5:89:E9:A9:F8 count 10  did not display any result,

Could you please share your experience in this regards? 

Best,

Ghasem 

We need more information to better guide you. It may be easier for you to open a TAC case and triage with them.

You mentioned this started happening recently. Did anything change recently? Configuration changes? Client changes?

How often are you seeing these errors in the logs? Do the logs always indicate the same client(s) or is it random client(s)?

Are you able to reproduce a failure when you track down a client from the AirWave logs?

It would also be helpful to know what version of AOS code? Which AP models? What does the relevant VAP/SSID configuration look like? What features are enabled (like 802.11r)? 

Here are some additional commands to run (along with the auth-tracebuf) that may give more clues on what is going on:

show ap remote debug mgmt-frames ap-name <ap client is connected> client-mac <mac>

show ap client trail-info <mac>

show log all | include <mac>

Hi,

Thanks for your replying.

I have already double checked the key with clients. it was ok for most of them, I can say more than 150 clients but for some of them this issue pop up.

I track also NPS and output is OK too, 

I checked this materials also:

Firewall polices,

NPS(Win server 2019) 

Laptop WIFI card driver, Update them 

Any other hints ? 

Best

Ghasem 

PTK challenge failed typically means there is a passphrase mismatch. You will need to track down that client and investigate further.

For the auth-tracebuf on the controller, it will be empty if A0:C5:89:E9:A9:F8 hasn't recently attempted to associate and authenticate.

Hello Folks,

Since last week, we encounter with "PTK Challenge Failed " in Airwave. 

We have Mobility Master with 2 controller (1 cluster + 158 APs)

also 

show auth-tracebuf mac A0:C5:89:E9:A9:F8 count 10  did not display any result,

Could you please share your experience in this regards? 

Best,

Ghasem 

Hello Josh,

Thanks for your answer:

I am going to answer all your questions:

Did anything change recently? Not at all 

Configuration changes? Not at all - Client changes? Not At all 

How often are you seeing these errors in the logs? Normally when we have some expo in our big salon which cover by 19 AP(model 345 and one single new 535) 

Do the logs always indicate the same client(s) or is it random client(s)? honestly is random clients

Are you able to reproduce a failure when you track down a client from the AirWave logs? I need to dig it again,but when I pick up a client randomly I can find this issue.

 would also be helpful to know what version of AOS code?  I dont understand this question.

 Which AP models? 345 and single 535 

What features are enabled (like 802.11r)?  802.11r and OKC are enable it for roaming.

Thank you so much 

We need more information to better guide you. It may be easier for you to open a TAC case and triage with them.

You mentioned this started happening recently. Did anything change recently? Configuration changes? Client changes?

How often are you seeing these errors in the logs? Do the logs always indicate the same client(s) or is it random client(s)?

Are you able to reproduce a failure when you track down a client from the AirWave logs?

It would also be helpful to know what version of AOS code? Which AP models? What does the relevant VAP/SSID configuration look like? What features are enabled (like 802.11r)? 

Here are some additional commands to run (along with the auth-tracebuf) that may give more clues on what is going on:

show ap remote debug mgmt-frames ap-name <ap client is connected> client-mac <mac>

show ap client trail-info <mac>

show log all | include <mac>

Hi,

Thanks for your replying.

I have already double checked the key with clients. it was ok for most of them, I can say more than 150 clients but for some of them this issue pop up.

I track also NPS and output is OK too, 

I checked this materials also:

Firewall polices,

NPS(Win server 2019) 

Laptop WIFI card driver, Update them 

Any other hints ? 

Best

Ghasem 

PTK challenge failed typically means there is a passphrase mismatch. You will need to track down that client and investigate further.

For the auth-tracebuf on the controller, it will be empty if A0:C5:89:E9:A9:F8 hasn't recently attempted to associate and authenticate.

Hello Folks,

Since last week, we encounter with "PTK Challenge Failed " in Airwave. 

We have Mobility Master with 2 controller (1 cluster + 158 APs)

also 

show auth-tracebuf mac A0:C5:89:E9:A9:F8 count 10  did not display any result,

Could you please share your experience in this regards? 

Best,

Ghasem 

Which ArubaOS version are you running? (Run show switches from the Mobility Conductor)

What security mode (opmode) is being used for the SSID clients are having issues with? Is this PSK/SAE/.1X?

Sorry, we didn't establish which clients and respective driver versions are having issues. Can you clarify client details?

Can you correlate if the error happens when the client roams? show ap client trail-info <mac> may be useful for that.

Enabling and analyzing ap-debug and user-debug logs once you've found a client with the issue may give clues.

Hello Josh,

Thanks for your answer:

I am going to answer all your questions:

Did anything change recently? Not at all 

Configuration changes? Not at all - Client changes? Not At all 

How often are you seeing these errors in the logs? Normally when we have some expo in our big salon which cover by 19 AP(model 345 and one single new 535) 

Do the logs always indicate the same client(s) or is it random client(s)? honestly is random clients

Are you able to reproduce a failure when you track down a client from the AirWave logs? I need to dig it again,but when I pick up a client randomly I can find this issue.

 would also be helpful to know what version of AOS code?  I dont understand this question.

 Which AP models? 345 and single 535 

What features are enabled (like 802.11r)?  802.11r and OKC are enable it for roaming.

Thank you so much 

We need more information to better guide you. It may be easier for you to open a TAC case and triage with them.

You mentioned this started happening recently. Did anything change recently? Configuration changes? Client changes?

How often are you seeing these errors in the logs? Do the logs always indicate the same client(s) or is it random client(s)?

Are you able to reproduce a failure when you track down a client from the AirWave logs?

It would also be helpful to know what version of AOS code? Which AP models? What does the relevant VAP/SSID configuration look like? What features are enabled (like 802.11r)? 

Here are some additional commands to run (along with the auth-tracebuf) that may give more clues on what is going on:

show ap remote debug mgmt-frames ap-name <ap client is connected> client-mac <mac>

show ap client trail-info <mac>

show log all | include <mac>

Hi,

Thanks for your replying.

I have already double checked the key with clients. it was ok for most of them, I can say more than 150 clients but for some of them this issue pop up.

I track also NPS and output is OK too, 

I checked this materials also:

Firewall polices,

NPS(Win server 2019) 

Laptop WIFI card driver, Update them 

Any other hints ? 

Best

Ghasem 

PTK challenge failed typically means there is a passphrase mismatch. You will need to track down that client and investigate further.

For the auth-tracebuf on the controller, it will be empty if A0:C5:89:E9:A9:F8 hasn't recently attempted to associate and authenticate.

Hello Folks,

Since last week, we encounter with "PTK Challenge Failed " in Airwave. 

We have Mobility Master with 2 controller (1 cluster + 158 APs)

also 

show auth-tracebuf mac A0:C5:89:E9:A9:F8 count 10  did not display any result,

Could you please share your experience in this regards? 

Best,

Ghasem 

Which ArubaOS version are you running? (Run show switches from the Mobility Conductor)

What security mode (opmode) is being used for the SSID clients are having issues with? Is this PSK/SAE/.1X?

Sorry, we didn't establish which clients and respective driver versions are having issues. Can you clarify client details?

Can you correlate if the error happens when the client roams? show ap client trail-info <mac> may be useful for that.

Enabling and analyzing ap-debug and user-debug logs once you've found a client with the issue may give clues.

Hello Josh,

Thanks for your answer:

I am going to answer all your questions:

Did anything change recently? Not at all 

Configuration changes? Not at all - Client changes? Not At all 

How often are you seeing these errors in the logs? Normally when we have some expo in our big salon which cover by 19 AP(model 345 and one single new 535) 

Do the logs always indicate the same client(s) or is it random client(s)? honestly is random clients

Are you able to reproduce a failure when you track down a client from the AirWave logs? I need to dig it again,but when I pick up a client randomly I can find this issue.

 would also be helpful to know what version of AOS code?  I dont understand this question.

 Which AP models? 345 and single 535 

What features are enabled (like 802.11r)?  802.11r and OKC are enable it for roaming.

Thank you so much 

We need more information to better guide you. It may be easier for you to open a TAC case and triage with them.

You mentioned this started happening recently. Did anything change recently? Configuration changes? Client changes?

How often are you seeing these errors in the logs? Do the logs always indicate the same client(s) or is it random client(s)?

Are you able to reproduce a failure when you track down a client from the AirWave logs?

It would also be helpful to know what version of AOS code? Which AP models? What does the relevant VAP/SSID configuration look like? What features are enabled (like 802.11r)? 

Here are some additional commands to run (along with the auth-tracebuf) that may give more clues on what is going on:

show ap remote debug mgmt-frames ap-name <ap client is connected> client-mac <mac>

show ap client trail-info <mac>

show log all | include <mac>

Hi,

Thanks for your replying.

I have already double checked the key with clients. it was ok for most of them, I can say more than 150 clients but for some of them this issue pop up.

I track also NPS and output is OK too, 

I checked this materials also:

Firewall polices,

NPS(Win server 2019) 

Laptop WIFI card driver, Update them 

Any other hints ? 

Best

Ghasem 

PTK challenge failed typically means there is a passphrase mismatch. You will need to track down that client and investigate further.

For the auth-tracebuf on the controller, it will be empty if A0:C5:89:E9:A9:F8 hasn't recently attempted to associate and authenticate.

Hello Folks,

Since last week, we encounter with "PTK Challenge Failed " in Airwave. 

We have Mobility Master with 2 controller (1 cluster + 158 APs)

also 

show auth-tracebuf mac A0:C5:89:E9:A9:F8 count 10  did not display any result,

Could you please share your experience in this regards? 

Best,

Ghasem 

Hi

Should I un-check Client Match under AP Gruop -->Radio- Client Control and also
under System--profiles-->all profiles--> Wireless LAN-->Virtual AP--SSID then un-check OKC ? or not ?
For info: Advertise 802.11d and 802.h were activated.

Jut for info:

Which ArubaOS version are you running? (Run show switches from the Mobility Conductor)

What security mode (opmode) is being used for the SSID clients are having issues with? Is this PSK/SAE/.1X?

Sorry, we didn't establish which clients and respective driver versions are having issues. Can you clarify client details?

Can you correlate if the error happens when the client roams? show ap client trail-info <mac> may be useful for that.

Enabling and analyzing ap-debug and user-debug logs once you've found a client with the issue may give clues.

Hello Josh,

Thanks for your answer:

I am going to answer all your questions:

Did anything change recently? Not at all 

Configuration changes? Not at all - Client changes? Not At all 

How often are you seeing these errors in the logs? Normally when we have some expo in our big salon which cover by 19 AP(model 345 and one single new 535) 

Do the logs always indicate the same client(s) or is it random client(s)? honestly is random clients

Are you able to reproduce a failure when you track down a client from the AirWave logs? I need to dig it again,but when I pick up a client randomly I can find this issue.

 would also be helpful to know what version of AOS code?  I dont understand this question.

 Which AP models? 345 and single 535 

What features are enabled (like 802.11r)?  802.11r and OKC are enable it for roaming.

Thank you so much 

We need more information to better guide you. It may be easier for you to open a TAC case and triage with them.

You mentioned this started happening recently. Did anything change recently? Configuration changes? Client changes?

How often are you seeing these errors in the logs? Do the logs always indicate the same client(s) or is it random client(s)?

Are you able to reproduce a failure when you track down a client from the AirWave logs?

It would also be helpful to know what version of AOS code? Which AP models? What does the relevant VAP/SSID configuration look like? What features are enabled (like 802.11r)? 

Here are some additional commands to run (along with the auth-tracebuf) that may give more clues on what is going on:

show ap remote debug mgmt-frames ap-name <ap client is connected> client-mac <mac>

show ap client trail-info <mac>

show log all | include <mac>

Hi,

Thanks for your replying.

I have already double checked the key with clients. it was ok for most of them, I can say more than 150 clients but for some of them this issue pop up.

I track also NPS and output is OK too, 

I checked this materials also:

Firewall polices,

NPS(Win server 2019) 

Laptop WIFI card driver, Update them 

Any other hints ? 

Best

Ghasem 

PTK challenge failed typically means there is a passphrase mismatch. You will need to track down that client and investigate further.

For the auth-tracebuf on the controller, it will be empty if A0:C5:89:E9:A9:F8 hasn't recently attempted to associate and authenticate.

Hello Folks,

Since last week, we encounter with "PTK Challenge Failed " in Airwave. 

We have Mobility Master with 2 controller (1 cluster + 158 APs)

also 

show auth-tracebuf mac A0:C5:89:E9:A9:F8 count 10  did not display any result,

Could you please share your experience in this regards? 

Best,

Ghasem 

I suggest upgrading your deployment to the latest 8.10 point release. 8.6.0.9 was released in April of 2021 and since there have been a number of bugfixes introduced.

You might consider disabling 802.11r and OKC on the affected WPA2-Personal SSID to see if that helps.

Hi

Should I un-check Client Match under AP Gruop -->Radio- Client Control and also
under System--profiles-->all profiles--> Wireless LAN-->Virtual AP--SSID then un-check OKC ? or not ?
For info: Advertise 802.11d and 802.h were activated.

Jut for info:

Which ArubaOS version are you running? (Run show switches from the Mobility Conductor)

What security mode (opmode) is being used for the SSID clients are having issues with? Is this PSK/SAE/.1X?

Sorry, we didn't establish which clients and respective driver versions are having issues. Can you clarify client details?

Can you correlate if the error happens when the client roams? show ap client trail-info <mac> may be useful for that.

Enabling and analyzing ap-debug and user-debug logs once you've found a client with the issue may give clues.

Hello Josh,

Thanks for your answer:

I am going to answer all your questions:

Did anything change recently? Not at all 

Configuration changes? Not at all - Client changes? Not At all 

How often are you seeing these errors in the logs? Normally when we have some expo in our big salon which cover by 19 AP(model 345 and one single new 535) 

Do the logs always indicate the same client(s) or is it random client(s)? honestly is random clients

Are you able to reproduce a failure when you track down a client from the AirWave logs? I need to dig it again,but when I pick up a client randomly I can find this issue.

 would also be helpful to know what version of AOS code?  I dont understand this question.

 Which AP models? 345 and single 535 

What features are enabled (like 802.11r)?  802.11r and OKC are enable it for roaming.

Thank you so much 

We need more information to better guide you. It may be easier for you to open a TAC case and triage with them.

You mentioned this started happening recently. Did anything change recently? Configuration changes? Client changes?

How often are you seeing these errors in the logs? Do the logs always indicate the same client(s) or is it random client(s)?

Are you able to reproduce a failure when you track down a client from the AirWave logs?

It would also be helpful to know what version of AOS code? Which AP models? What does the relevant VAP/SSID configuration look like? What features are enabled (like 802.11r)? 

Here are some additional commands to run (along with the auth-tracebuf) that may give more clues on what is going on:

show ap remote debug mgmt-frames ap-name <ap client is connected> client-mac <mac>

show ap client trail-info <mac>

show log all | include <mac>

Hi,

Thanks for your replying.

I have already double checked the key with clients. it was ok for most of them, I can say more than 150 clients but for some of them this issue pop up.

I track also NPS and output is OK too, 

I checked this materials also:

Firewall polices,

NPS(Win server 2019) 

Laptop WIFI card driver, Update them 

Any other hints ? 

Best

Ghasem 

PTK challenge failed typically means there is a passphrase mismatch. You will need to track down that client and investigate further.

For the auth-tracebuf on the controller, it will be empty if A0:C5:89:E9:A9:F8 hasn't recently attempted to associate and authenticate.

Hello Folks,

Since last week, we encounter with "PTK Challenge Failed " in Airwave. 

We have Mobility Master with 2 controller (1 cluster + 158 APs)

also 

show auth-tracebuf mac A0:C5:89:E9:A9:F8 count 10  did not display any result,

Could you please share your experience in this regards? 

Best,

Ghasem 

Hello, 

Thanks for your hint, Honestly, I do not know how can I convince my boss to update MM and 2 MC os. He say that try to find another solution for this issue, 

I talk with TAC and also they propose to update OS but he is not sure this action also solve this issue as well.  

Best,

Ghasem

I suggest upgrading your deployment to the latest 8.10 point release. 8.6.0.9 was released in April of 2021 and since there have been a number of bugfixes introduced.

You might consider disabling 802.11r and OKC on the affected WPA2-Personal SSID to see if that helps.

Hi

Should I un-check Client Match under AP Gruop -->Radio- Client Control and also
under System--profiles-->all profiles--> Wireless LAN-->Virtual AP--SSID then un-check OKC ? or not ?
For info: Advertise 802.11d and 802.h were activated.

Jut for info:

Which ArubaOS version are you running? (Run show switches from the Mobility Conductor)

What security mode (opmode) is being used for the SSID clients are having issues with? Is this PSK/SAE/.1X?

Sorry, we didn't establish which clients and respective driver versions are having issues. Can you clarify client details?

Can you correlate if the error happens when the client roams? show ap client trail-info <mac> may be useful for that.

Enabling and analyzing ap-debug and user-debug logs once you've found a client with the issue may give clues.

Hello Josh,

Thanks for your answer:

I am going to answer all your questions:

Did anything change recently? Not at all 

Configuration changes? Not at all - Client changes? Not At all 

How often are you seeing these errors in the logs? Normally when we have some expo in our big salon which cover by 19 AP(model 345 and one single new 535) 

Do the logs always indicate the same client(s) or is it random client(s)? honestly is random clients

Are you able to reproduce a failure when you track down a client from the AirWave logs? I need to dig it again,but when I pick up a client randomly I can find this issue.

 would also be helpful to know what version of AOS code?  I dont understand this question.

 Which AP models? 345 and single 535 

What features are enabled (like 802.11r)?  802.11r and OKC are enable it for roaming.

Thank you so much 

We need more information to better guide you. It may be easier for you to open a TAC case and triage with them.

You mentioned this started happening recently. Did anything change recently? Configuration changes? Client changes?

How often are you seeing these errors in the logs? Do the logs always indicate the same client(s) or is it random client(s)?

Are you able to reproduce a failure when you track down a client from the AirWave logs?

It would also be helpful to know what version of AOS code? Which AP models? What does the relevant VAP/SSID configuration look like? What features are enabled (like 802.11r)? 

Here are some additional commands to run (along with the auth-tracebuf) that may give more clues on what is going on:

show ap remote debug mgmt-frames ap-name <ap client is connected> client-mac <mac>

show ap client trail-info <mac>

show log all | include <mac>

Hi,

Thanks for your replying.

I have already double checked the key with clients. it was ok for most of them, I can say more than 150 clients but for some of them this issue pop up.

I track also NPS and output is OK too, 

I checked this materials also:

Firewall polices,

NPS(Win server 2019) 

Laptop WIFI card driver, Update them 

Any other hints ? 

Best

Ghasem 

PTK challenge failed typically means there is a passphrase mismatch. You will need to track down that client and investigate further.

For the auth-tracebuf on the controller, it will be empty if A0:C5:89:E9:A9:F8 hasn't recently attempted to associate and authenticate.

Hello Folks,

Since last week, we encounter with "PTK Challenge Failed " in Airwave. 

We have Mobility Master with 2 controller (1 cluster + 158 APs)

also 

show auth-tracebuf mac A0:C5:89:E9:A9:F8 count 10  did not display any result,

Could you please share your experience in this regards? 

Best,

Ghasem 

The solution IS to upgrade. Perhaps your boss does not understand the dangers to the company on running an old, unsupported Wi-Fi system.  There are likely security vulnerabilities, opening up your corporate network & proprietary data to outside attack. That can be devastating for a company.

Here is Aruba's end of life policy definitions https://www.arubanetworks.com/support-services/end-of-life-policy/

. 

Hello, 

Thanks for your hint, Honestly, I do not know how can I convince my boss to update MM and 2 MC os. He say that try to find another solution for this issue, 

I talk with TAC and also they propose to update OS but he is not sure this action also solve this issue as well.  

Best,

Ghasem

I suggest upgrading your deployment to the latest 8.10 point release. 8.6.0.9 was released in April of 2021 and since there have been a number of bugfixes introduced.

You might consider disabling 802.11r and OKC on the affected WPA2-Personal SSID to see if that helps.

Hi

Should I un-check Client Match under AP Gruop -->Radio- Client Control and also
under System--profiles-->all profiles--> Wireless LAN-->Virtual AP--SSID then un-check OKC ? or not ?
For info: Advertise 802.11d and 802.h were activated.

Jut for info:

Which ArubaOS version are you running? (Run show switches from the Mobility Conductor)

What security mode (opmode) is being used for the SSID clients are having issues with? Is this PSK/SAE/.1X?

Sorry, we didn't establish which clients and respective driver versions are having issues. Can you clarify client details?

Can you correlate if the error happens when the client roams? show ap client trail-info <mac> may be useful for that.

Enabling and analyzing ap-debug and user-debug logs once you've found a client with the issue may give clues.

Hello Josh,

Thanks for your answer:

I am going to answer all your questions:

Did anything change recently? Not at all 

Configuration changes? Not at all - Client changes? Not At all 

How often are you seeing these errors in the logs? Normally when we have some expo in our big salon which cover by 19 AP(model 345 and one single new 535) 

Do the logs always indicate the same client(s) or is it random client(s)? honestly is random clients

Are you able to reproduce a failure when you track down a client from the AirWave logs? I need to dig it again,but when I pick up a client randomly I can find this issue.

 would also be helpful to know what version of AOS code?  I dont understand this question.

 Which AP models? 345 and single 535 

What features are enabled (like 802.11r)?  802.11r and OKC are enable it for roaming.

Thank you so much 

We need more information to better guide you. It may be easier for you to open a TAC case and triage with them.

You mentioned this started happening recently. Did anything change recently? Configuration changes? Client changes?

How often are you seeing these errors in the logs? Do the logs always indicate the same client(s) or is it random client(s)?

Are you able to reproduce a failure when you track down a client from the AirWave logs?

It would also be helpful to know what version of AOS code? Which AP models? What does the relevant VAP/SSID configuration look like? What features are enabled (like 802.11r)? 

Here are some additional commands to run (along with the auth-tracebuf) that may give more clues on what is going on:

show ap remote debug mgmt-frames ap-name <ap client is connected> client-mac <mac>

show ap client trail-info <mac>

show log all | include <mac>

Hi,

Thanks for your replying.

I have already double checked the key with clients. it was ok for most of them, I can say more than 150 clients but for some of them this issue pop up.

I track also NPS and output is OK too, 

I checked this materials also:

Firewall polices,

NPS(Win server 2019) 

Laptop WIFI card driver, Update them 

Any other hints ? 

Best

Ghasem 

PTK challenge failed typically means there is a passphrase mismatch. You will need to track down that client and investigate further.

For the auth-tracebuf on the controller, it will be empty if A0:C5:89:E9:A9:F8 hasn't recently attempted to associate and authenticate.

Hello Folks,

Since last week, we encounter with "PTK Challenge Failed " in Airwave. 

We have Mobility Master with 2 controller (1 cluster + 158 APs)

also 

show auth-tracebuf mac A0:C5:89:E9:A9:F8 count 10  did not display any result,

Could you please share your experience in this regards? 

Best,

Ghasem