Security

Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here
Reply
Highlighted
Occasional Contributor II

Clearpass TIMEOUT - Client did not complete EAP transaction

Hello,

I set corporate wireless network using personal certificates. The authentication works, but only on second login. The process is:

I connect PC with WIN10 to wireless network and enter the password for personal certificate stored in computer. In PC I get message: cannot connect to network. So when do it again - connect to wifi and than enter password, connection is allowed and everythink works fine. After disconnection it behaves the same way.

In access tracker in Clearpass for first connection I get message Time out and in detail for radius request is Client did not complete EAP transaction. The second request is autorized correctly. 

Any idea how to solve it, please?

 

We work with Aruba controler 7200 with AOS 8.3.0.7 and Clearpass 6.8

Highlighted
MVP Expert

Re: Clearpass TIMEOUT - Client did not complete EAP transaction

What do you mean by personal certificates?



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
Occasional Contributor II

Re: Clearpass TIMEOUT - Client did not complete EAP transaction

It is certificate stored in chip card, to access it I need enter own password. So when I connect the wifi network I'm prompted for this password. As I wrote earlier, it works, but always on second connection, the first one is dropped and in CPM I see timeout

Highlighted
Guru Elite

Re: Clearpass TIMEOUT - Client did not complete EAP transaction

KamiB,

 

Does the local machine Trust the CA that issued the ClearPass Radius Certificate?  If not, and even the first time, the user must click on "Accept" to accept the certificate while authenticating the first time.  If the user is not quick enough the first time, the authentication will be dropped and retried.  You might be able to avoid this by importing the CA that issued the Clearpass Certificate onto your clients.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: Clearpass TIMEOUT - Client did not complete EAP transaction

Clearpass certificate is already imported in local computer. There is no request for consent. I just see "check network requirements" and than "cannot connect to this network" during first connection. During second connection there is "check network requirements" and then "connected"

Highlighted
Guru Elite

Re: Clearpass TIMEOUT - Client did not complete EAP transaction

I would look into the full logs in the Access Tracker for a clue.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: Clearpass TIMEOUT - Client did not complete EAP transaction

Included.

Thanks,

Kami

Highlighted
Guru Elite

Re: Clearpass TIMEOUT - Client did not complete EAP transaction

It would seem that in the "Denied", the client does not respond to the access challenge in time, while in the "Accept" the client does respond with a certificate.  Does the client have "Validate Server Certificate" enabled?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: Clearpass TIMEOUT - Client did not complete EAP transaction

Yes, it is enabled. I tried to disable it or remove certificate from computer and than I'm asked to approve radius server certificate. So the problem is probably not in the certificate. 

I know, that during the first connection the data from certificate are not sent to CPM, but I don't know why. From user point of view both connections are the same, only diference is first is denied and second accepted

Highlighted
MVP Guru

Re: Clearpass TIMEOUT - Client did not complete EAP transaction

You mentioned before on the client certificate: "It is certificate stored in chip card, to access it I need enter own password.".

 

There should be no (significant) delays during the authentication. Could it be that the authentication times out on the waiting time to enter the password to unlock the client certificate in the chip card? Can you disable the PIN/password (temporarily) or get the certificate imported in your computer instead of in the chip card? 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: