Wireless Access

last person joined: 20 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Machine auth failing

This thread has been viewed 2 times

  • 1.  Machine auth failing

    MVP
    Posted Oct 22, 2018 06:50 AM

     

     

     

    Running a basic 802.1X machine-only authentication setup at a customer without any issues for several years now.

     

    That is untill the customer bought some new Win10 HP Probooks.

    Now machine auth for those new clients is failing. 

    Previous Win10 HP Probooks are still working as expected.

    Both types of HP Probooks have the same intel ac-8265 chipset. Both types were tested with the same wlan drivers  and even with the same Win10 updates installed.

    If I reconfigure the 'faulty' client to do user-only auth he is able to get access.

     

    Eventlog on the client gives a warning: "6105 - deauth after EAPOL key exchange sequence".

     

    Eventlog on the auth server logs nothing for this failed authentication

    The radius auth server used is MS NPS with both connection and network policies as basic as possible. 

     

    Controller is an old 3600 running 6.4.4.16.

    User-debug gives a   "Deauth from sta:  Reason Unspecified Failure".

     

     

    show auth-tracebuf:

    Oct 22 11:55:21 station-down * 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 - -
    Oct 22 12:05:22 station-up * 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 - - wpa2 aes
    Oct 22 12:05:22 eap-id-req <- 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 1 5
    Oct 22 12:05:22 eap-start -> 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 - -
    Oct 22 12:05:22 eap-id-req <- 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 1 5
    Oct 22 12:05:22 eap-id-resp -> 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 1 31 host/pcname.domain.local
    Oct 22 12:05:22 rad-req -> 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 202 232
    Oct 22 12:05:22 eap-id-resp -> 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 1 31 host/pcname.domain.local
    Oct 22 12:05:22 rad-resp <- 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3/NPSSRV 202 90
    Oct 22 12:05:22 eap-req <- 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 2 6
    Oct 22 12:05:22 eap-resp -> 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 2 202
    Oct 22 12:05:22 rad-req -> 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3/NPSSRV 201 441
    Oct 22 12:05:22 rad-resp <- 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3/NPSSRV 201 239
    Oct 22 12:05:22 eap-req <- 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 3 155
    Oct 22 12:05:22 eap-resp -> 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 3 69
    Oct 22 12:05:22 rad-req -> 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3/NPSSRV 204 308
    Oct 22 12:05:22 rad-resp <- 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3/NPSSRV 204 127
    Oct 22 12:05:22 eap-req <- 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 5 43
    Oct 22 12:05:22 eap-resp -> 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 5 59
    Oct 22 12:05:22 rad-req -> 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3/NPSSRV 206 298
    Oct 22 12:05:22 rad-resp <- 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3/NPSSRV 206 143
    Oct 22 12:05:22 eap-req <- 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 6 59
    Oct 22 12:05:22 eap-resp -> 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 6 59
    Oct 22 12:05:22 rad-req -> 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3/NPSSRV 194 298
    Oct 22 12:05:22 rad-resp <- 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3/NPSSRV 194 159
    Oct 22 12:05:22 eap-req <- 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 7 75
    Oct 22 12:05:22 station-down * 3c:6a:a7:8c:47:90 34:fc:b9:49:14:b3 - -            -    -

     ....

     

    So, anyone got any ideas what could could these new clients to fail machine auth?



  • 2.  RE: Machine auth failing

    Posted Oct 22, 2018 07:41 AM
    Have you tried installing the latest windows update?



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: Machine auth failing

    MVP
    Posted Oct 22, 2018 07:43 AM

    Yes, tested with both a new Win10 install and an install with all the updates.