Security

last person joined: 11 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba Central - Cloud Guest - "Login error"

This thread has been viewed 26 times

  • 1.  Aruba Central - Cloud Guest - "Login error"

    Posted Sep 28, 2017 03:36 AM

    A customer of ours is receiving a "Login error. Please retry" message in their authenticated Cloud Guest portal.

     

    From what I can gather in the debug logs, there seems to be something amiss here:

     

    (IP is redacted with 1.1.1.1)

     

    Sep 28 09:25:33  stm[2376]: <199802> <ERRS> |AP STI-AP03@1.1.1.1 stm|  rc_rad_tls.c, radsec_start_connection_retry_timer:110: Failed to establish TLS connection to server AS2_#guest#_. Retry in 20 seconds

    Sep 28 09:25:33  stm[2376]: <199802> <ERRS> |AP STI-AP03@1.1.1.1 stm|  rc_rad_tls.c, RadsecTLSNegotiationHandler:514: Failed to open TLS socket error ASN no signer error to confirm failure

    Sep 28 09:25:33  stm[2376]: <199802> <ERRS> |AP STI-AP03@1.1.1.1 stm|  rc_rad_tls.c, RadsecTLSNegotiationHandler:516: calling cleanup for ad4c1234

     

    This error goes on and on in the debug logs.

     

    I can't find much info on these errors... I have tried rebooting the AP's and re-assigning Cloud Guest license for the AP's...

    Anyone experienced the same?

     

    We have several other customers in our Central MSP "umbrella", where Cloud Guest is working just fine.

     

    ---

    Oh how I long for the day when Cloud Guest will not sporadically stop working :)

     

     



  • 2.  RE: Aruba Central - Cloud Guest - "Login error"

    Posted Sep 28, 2017 03:40 AM

    Just to add a detail; I just attempted to switch from Authenticated Cloud Guest to anonymous, and the same happens upon "login";

    "Login error. Please Retry".



  • 3.  RE: Aruba Central - Cloud Guest - "Login error"

    Posted May 29, 2019 10:41 AM

    Screenshot_2019-05-29 Aruba Central.png

     

    I have same trouble too. when I change certificate Radsec to aruba_default , authentication to securelogin.hpe.com not working, and status of radius server is INIT

     

    Spoiler
    === Troubleshooting session started. === 


===================================
Output Time: 2019-05-29 14:31:01 UTC



RADIUS Servers
--------------
Name            IP Address                                    Port  Acctport  Key                                                                                                                               Timeout  Retry Count  NAS IP Address  NAS Identifier                        In Use  RFC3576  Airgroup RFC3576-ONLY  Airgroup RFC3576 port  Deadtime  DRP IP  DRP IP Mask  DRP VLAN  DRP Gateway  Radsec    Radsec port  RFC5997  RFC3576 Listen Port  Service-Type-Framed  CPPM credentials
----            ----------                                    ----  --------  ---                                                                                                                               -------  -----------  --------------  --------------                        ------  -------  ---------------------  ---------------------  --------  ------  -----------  --------  -----------  ------    -----------  -------  -------------------  -------------------  ----------------
InternalServer  127.0.0.1                                     1616  1813      728d6f8bdf92395ba46f7261b3d4abff7498fb43a04854b1f0520b7b1e54ccfce7d704b2e40faab6fe9107df5eba4712b165e6fddd20c8c24e73d8f3bbf19c13  5        3                                                                  Yes                                     0                      5                                                     Disabled  Disabled     n        3799                                      /
AS2_#guest#_    ap1-elb.cloudguest.central.arubanetworks.com  1812  1813                                                                                                                                        20       3                            3df3e1ac-b40b-4fc4-bb2d-e41be6361dfe  Yes     Y                               0                      5                                                     Enabled   443          n        3799                                      /
AS1_#guest#_    ap1.cloudguest.central.arubanetworks.com      1812  1813                                                                                                                                        20       3                            3df3e1ac-b40b-4fc4-bb2d-e41be6361dfe  Yes     Y                               0                      5                                                     Enabled   2083         n        3799                                      /

=== Troubleshooting session completed. ===

    Please advice all members in airheads



  • 4.  RE: Aruba Central - Cloud Guest - "Login error"

    Posted May 30, 2019 12:45 PM

    no one can help here ?

    pleasee



  • 5.  RE: Aruba Central - Cloud Guest - "Login error"

    Posted Sep 01, 2019 12:35 AM

    Hey Guys, 

     

    I am having the same issue :) any luck with anyone ?


    Cheers, 

    Aous



  • 6.  RE: Aruba Central - Cloud Guest - "Login error"

    Posted Oct 30, 2017 03:39 PM

    Hi, TekniskSOA,

     

    add a label to an accees point in the global settings in aruba central console.



  • 7.  RE: Aruba Central - Cloud Guest - "Login error"

    Posted Oct 30, 2017 10:52 PM

    It could be that network is blocking communication to Cloud guest RADIUS servers on TCP port 2083. Although TCP port 443 should be used in case 2083 is blocked.

     

    "show radius status" should show you "CONNECTED" in the "status" column of the output.

     

    Get the output of show tech as well, and share.