Security

last person joined: 16 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM onboard 6.2.3 handshake_failure

This thread has been viewed 1 times

  • 1.  CPPM onboard 6.2.3 handshake_failure

    Posted Dec 19, 2013 03:21 AM
      |   view attached

    Hi,

     

    i have a CPPM server with onboard running. CPPM onboards client from EAP-PEAP to EAP-TLS. everything runs fine except sometime some of the clients have some trouble authenticating with error code 215 "fatal alert by server - handshake_failure". does anyone ever have same kind of problem?

     

    Error Code:
    215
    Error Category:
    Authentication failure
    Error Message:
    TLS session error
     Alerts for this Request  
    RADIUS

    EAP-TLS: fatal alert by server - handshake_failure

     

    i also exported and attached the error authentication from access tracker. i hope you can help me analyze this error. thanks

     

    R.L.

    Attachment(s)

    zip
    DashboardDetails (1).zip   7 KB 1 version


  • 2.  RE: CPPM onboard 6.2.3 handshake_failure

    EMPLOYEE
    Posted Dec 19, 2013 03:36 AM
    Is this a VM or hardware?
    Is it happening on the same type of devices? Apple iOS, android...etc
    Do any of those devices have any other client certs on them that they may try to present?
    What is the Size of CPPM. How many devices are there trying to auth to the network?

    The error you're seeing typically means the client didn't respond correctly. It's usually on the client or network side where the issue happens.

    Check the wireless equipment is there any large amount of packet loss.


  • 3.  RE: CPPM onboard 6.2.3 handshake_failure

    Posted Dec 19, 2013 04:16 AM

    Hi Troy,

     

    as always thanks for the super fast respone :D

     

    it's a hardware CP-HW-5K..

     

    5k capacity with 500 enterprise license installed.

     

    so far i only see Android devices experience the problem. though, the users are mostly android users, only few uses iOS. windows users are excluded from onboarding at the moment.

     

    the client only has onboard tls cert. nothing else.

     

    the uses 3400 series controller with OS version 6.3.0.2.

     

    i will try check the tech-support of the controller later. thanks

     

    R.L.



  • 4.  RE: CPPM onboard 6.2.3 handshake_failure
    Best Answer

    EMPLOYEE
    Posted Dec 19, 2013 04:27 AM
    I've seen some android device don't store the server cert correctly and you might have to manually select it. The issue usually is on older devices. I would check to see if its a certain model or firmware that they are using.


  • 5.  RE: CPPM onboard 6.2.3 handshake_failure

    Posted Dec 19, 2013 04:47 AM

    but this problem occur after the onboarding was successful and there were a few of successful authentication. i assume the cert storing you meant was happened at the first time profile creation?

     

    unrelated to the topic, is there a way to debug the server to find some info when a users are being deleted and created?

     

    R.L.



  • 6.  RE: CPPM onboard 6.2.3 handshake_failure

    EMPLOYEE
    Posted Dec 19, 2013 04:52 AM
    Then most likely the issue is in the network.

    The audit log will tell you when a cert or user is created. If you look in the endpoints under configuration--identity---endpoints it will show when the device is created and last seen.


  • 7.  RE: CPPM onboard 6.2.3 handshake_failure

    EMPLOYEE
    Posted Dec 19, 2013 04:29 PM

    endpointseen.png