Security

I am hoping someone can shed some light on this issue.

I work for a secondary school that has just implemented BYOD for students. We have a mix of iOS, OS X and Windows. We have Onboarding set up with a network profile that connects to our WiFi using TLS. All iOS devices and Windows devices have onboarded successfuly. After Onboarding they can connect to the WiFi without issue. We have successfully Onboarded ~300 OS X devices. They can connect to the WiFi without issue. We have roughly half a dozen OS X devices that once they Onboard, when trying to connect to the WiFi a popup will appear asking to select a certificate. Even after selecting the correct certificate it still states it cannot connect. Looking at ClearPass Policy Manager Access Tracker there is an error that states

"EAP-TLS: warning alert by client - close_notify
TLS Handshake failed in SSL_read with error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
eap-tls: Error in establishing TLS session"

I am at a loss as it works for 99% of OS X devices and there doesn't appear to be a common link between the devices that don't.

No. I have tried re-Onboarding the same device, I have tried deleting all certificates, users and the device from ClearPass Onboarding and then re-Onboarded, but the problem persists.

Is there any common factor between the devices (OS version, etc)?

Which version of ClearPass?

On closer inspection and review I have found that the OS X version is 10.11.6. Our ClearPass version is 6.6.9.102777.

I am having a simmilar issue after upgrading from 6.6.9 to 6.7

Any update on this? Help? Recomendations?

Hi andresp,

The only solution I have found to date is to require all OS X device to be on version 10.12 or higher. Hopes this helps.

My devices are all above 11.0 and still having issues. This is an output from the alert tab. Any help is apreciated. I am still running 6.7.0 on all CPPM servers