Security

Reply
Occasional Contributor I

ClearPass Onboard OS X TLS Issue

I am hoping someone can shed some light on this issue.

 

I work for a secondary school that has just implemented BYOD for students. We have a mix of iOS, OS X and Windows. We have Onboarding set up with a network profile that connects to our WiFi using TLS. All iOS devices and Windows devices have onboarded successfuly. After Onboarding they can connect to the WiFi without issue. We have successfully Onboarded ~300 OS X devices. They can connect to the WiFi without issue. We have roughly half a dozen OS X devices that once they Onboard, when trying to connect to the WiFi a popup will appear asking to select a certificate. Even after selecting the correct certificate it still states it cannot connect. Looking at ClearPass Policy Manager Access Tracker there is an error that states

"EAP-TLS: warning alert by client - close_notify
TLS Handshake failed in SSL_read with error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
eap-tls: Error in establishing TLS session"

 

I am at a loss as it works for 99% of OS X devices and there doesn't appear to be a common link between the devices that don't.

Guru Elite

Re: ClearPass Onboard OS X TLS Issue

Does re-Onboarding the same device fix the issue?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: ClearPass Onboard OS X TLS Issue

No. I have tried re-Onboarding the same device, I have tried deleting all certificates, users and the device from ClearPass Onboarding and then re-Onboarded, but the problem persists.

Guru Elite

Re: ClearPass Onboard OS X TLS Issue

Is there any common factor between the devices (OS version, etc)?

Which version of ClearPass?


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: ClearPass Onboard OS X TLS Issue

On closer inspection and review I have found that the OS X version is 10.11.6. Our ClearPass version is 6.6.9.102777.

Contributor I

Re: ClearPass Onboard OS X TLS Issue

I am having a simmilar issue after upgrading from 6.6.9 to 6.7

 

Any update on this? Help? Recomendations?

 

 

Occasional Contributor I

Re: ClearPass Onboard OS X TLS Issue

Hi andresp,

 

The only solution I have found to date is to require all OS X device to be on version 10.12 or higher. Hopes this helps.

Contributor I

Re: ClearPass Onboard OS X TLS Issue

My devices are all above 11.0 and still having issues. This is an output from the alert tab. Any help is apreciated. I am still running 6.7.0 on all CPPM servers

 

Error Code:
215
Error Category:
Authentication failure
Error Message:
TLS session error
 Alerts for this Request 
RADIUSEAP-TLS: warning alert by client - close_notify
TLS Handshake failed in SSL_read with error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
eap-tls: Error in establishing TLS session
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: