Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

This thread has been viewed 4 times

  • 1.  iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

    Posted Jun 10, 2015 07:31 AM

    Hi,

     

    First iPhone with iOS9.0 and problems with ClearPass 6.5.1: client never success 4-way handshake. Always ends with "Ptk Challenge Failed"

    The same VAP config with Freeradius works fine.

     

    Before change to freeradius we have tested with ClearPass several combinations with OKC, PMKID, 802.11k, 802.11r without success.

     

    Our solution in aaa_profile "802.1X Authentication Server Group" disable ClearPass 6.5.1 and enable Freeradius.

     

    Authentication in ClearPass is accepted with enforcement controller role.

     

    May be a problem with PMK distribution?

    What parameter can be modified in ClearPass about it?

     

    Regards,

    Toni

     



  • 2.  RE: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

    EMPLOYEE
    Posted Jun 10, 2015 07:37 AM

    toni.perez,

     

    Again, IOS9 is prerelease software, which means it is not finished.  If you have a developer account you should report this issue with Apple.  If Aruba changed something in its code and Apple phones did not work, Aruba should have to fix it.  Please report this issue to Apple.



  • 3.  RE: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

    EMPLOYEE
    Posted Jun 10, 2015 08:53 AM
    Toni.Perez,

    Please open up a TAC case with us and we will attempt to replicate it using your information.


  • 4.  RE: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

    Posted Jun 11, 2015 11:14 AM

    Hi,

     

    Also problems with Mac OSX 10.11 "El Capitan" with error "MIC failed in WPA2 Key Message 2".

    As sperez told me, it seems TLS 1.2 problem in ClearPass 6.5.1

    While we wait ClearPass 6.5.2, any idea how to disable TLS 1.2 in ClearPass?

     

    Best regards,

    Toni Pérez



  • 5.  RE: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

    EMPLOYEE
    Posted Jun 11, 2015 11:23 AM
    We are looking into it. We are not sure if that is the problem.


  • 6.  RE: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed
    Best Answer

    EMPLOYEE
    Posted Jun 27, 2015 11:19 AM

    Please try to upgrade to ClearPass 6.5. cumulative upgrade patch 2 and see if it fixes your issue:  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Release-announcements-ClearPass-Cumulative-Patch/m-p/241216#M20871

     

     



  • 7.  RE: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

    Posted Jul 14, 2015 02:59 AM

    Hi,

     

    We have upgraded ClearPass and we have waited to iOS 9 public beta 1.

    Works fine ClearPass 6.5.2.73779 with TLS 1.2 enabled and iOS 9.0 (13A4293g).

     

    Thanks for the help!!

    Best regards,

    Toni



  • 8.  RE: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

    Posted Jul 12, 2015 09:20 PM
    With the apps Aruba via I have a similar problem with iOS 9 public beta release. I guess the final release will bug with Aruba product like it happen on the release of ios8. I can't use anymore Aruba via on my iPad but I agree with Aruba team it's a pre release version


  • 9.  RE: iOS9 with ClearPass 6.5.1: Ptk Challenge Failed

    EMPLOYEE
    Posted Jul 12, 2015 10:39 PM
    I've found that VPN clients are the most sensitive applications to beta software.


    Thanks,
    Tim