Wireless Access

Hi All

 

Not sure what happened but all of a sudden none of our devices are able to authenticate with our radius controlled SSID.

The NPS srver is running fine the Aruba 7210 is running fine I ahve not gotten any errors reports.

We Have 4 SSID.

 

one is Captured portal Guest. That works fine.

second is PSK Guest for internal user mobil devices. That works fine

Third is a very long and complicated PSK for our internal network which is used for our hand scanners. That works fine.

The forth and last is a Radius Authenticted Domain joined network nothing can authenticate for this now.

We use 802.1x machine and user authentications for the third network using AD groups for the authenticated users and Domain Computers group for the devices.

This way only domain joined devices and authenticted users on our domain cn connect to the network.

 

This was working fine but then I recently realised when i went to do a restart of the NPS server that there were no devices connected to this network. At first since a lot of the users that normally wirlessly connect to this network were away I figured there as nobody using it.

After the restart I noticed that  still no devices coudl connect to this network.

 

Any ideas on what could cause this?

 

Thanks

#7210

You should check the event logs on the NPS server.

Also, on the controller, run “show log security 50”. Please post that output.

Hey thanks for the response.

 

The only error I coudl find on the nps is this error

"A Radius messsage was received from the invalid Radius client ip address ""

The IP it was pointing to is for one of our servers which does not even have wireless not sure why that error came up.

 

As for the second one for some reason I can't rember the enable password I tried every password we would have used but none are accepted.

I just tried to go through the reset admin password process but get hit with access denied when I enter the forgetme! password.

 

Any ideas on how to reset the enable password?

 

Thanks

 

 

 

I was going to use the controller wizard again but even tho I haven't changed anything but the enable password it keeps telling me that the 0/0/0 uplink port has changed and requires a reboot.

I can go ahead with this but not sure if it is going to stuff up our configurations.

Everything looks correct just dont want to bring it all down as we had a contractor com in and do our original configuration.

 

Hi Here are the logs evntually I was able to get the enable password to work again.

 

 

 

Let me know if this helps.

 

Thanks

 

Sy

 

Check that the controller is configured as a NAS on the NPS server, as it looks like its receiving requests from a device (the controller) that it doesnt know about.

You have to see in the evenviewer in NPS why it is rejecting that user.  If you had the wrong nas-ip, the radius server would just not respond and the controller would say that the server timed out.

Hy guys thanks for the replies.

 

Going through all of the logs on the server, the controller and the client trying to connect.

 

These are the below errors that seem to realte to the failed connection.

 

ON the Client.

 

I am getting event 36888 "The following fatal alert was generated: 45. The internal error state is 552.

And

Event 36881 "The certificat received from teh remote server has either expird or is not yet valid. The SSL connection request has failed. The attached data contains the server crtificate.

 

The NPS server is giving me a warning tell me he Certificate for local system wih Thumbprint "" is about to expire or already expired.

 

I looks like the certificate on the nps server has expired although I am not sure.

It should not have expired aleady.

 

Hope that helps.

 

Cheers

 

Sy

 

If you want to check if the certificate expired

You can see that information though the NPS console here:

You can check the expiration date there.

 

 

 

I know its on spanish but its on network policies, and on constrains tab i think its in english.

 

Cheers

Carlos

Yeap I checked it and the certificate had expired on the 24/08/2014 so I am just waiting for our head office to renew it for me.

Thanks

Sy

You need to set some kind of notification, as this certification expire each year, or depending what did you bough or if your CA issued the certificate for one or 2 years etc.

 

I always tells my client that they should have a reminder for this, otherwise the Wifi will stop working when the certificate expire.

 

I was about to commend that it could be the certificate as i get a lot of it from our clients, but as you said that you rebooted and suddenly you had no wifi, i though it was something else so i didnt post it but it seems at the end it was that :O

 

Cheers

Carlos

Yeah the most annoying thing about thtis certificate issue is it only lasted 3 months and it was issued by our CA which is controlled by our Head office.

 

So I a now waiting for them to get back to me to renew it.

 

Thanks for the tips.

 

Cheers

 

Sy