Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Windows 10 clients cannot authenticate, smartphone can!

This thread has been viewed 0 times

  • 1.  Windows 10 clients cannot authenticate, smartphone can!

    Posted Jun 01, 2018 07:38 AM

    Dear all,

     

    since some week nobody with a Windows 10 / 7 client cannot login to our GI_Wifi.

    Authentication with radius to NPS.

    Our Android and Iphone smartphones are able to authenticate.

     

    I see some errors or issues with roles.. but I'm not very much into Aurba controllers.

     

    Jun 1 12:14:06 stm[1229]: <501093> <NOTI> |AP AP-Erik@192.168.163.21 stm| Auth success: b0:35:9f:d4:4e:e1: AP 192.168.163.21-f0:5c:19:eb:5e:00-AP-Erik
    Jun 1 12:14:06 stm[1229]: <501095> <NOTI> |AP AP-Erik@192.168.163.21 stm| Assoc request @ 12:14:06.525040: b0:35:9f:d4:4e:e1 (SN 20): AP 192.168.163.21-f0:5c:19:eb:5e:00-AP-Erik
    Jun 1 12:14:06 stm[1229]: <501065> <DBUG> |AP AP-Erik@192.168.163.21 stm| handle_assoc_req: STA:b0:35:9f:d4:4e:e1 aid:9
    Jun 1 12:14:06 stm[1229]: <501065> <DBUG> |AP AP-Erik@192.168.163.21 stm| handle_assoc_req:7240 - sta b0:35:9f:d4:4e:e1 UAC updated 192.168.163.1, list 0x210354
    Jun 1 12:14:06 stm[1229]: <501065> <DBUG> |AP AP-Erik@192.168.163.21 stm| handle_assoc_req:7286 XXX mac=b0:35:9f:d4:4e:e1 reassoc(0), dot11r(0), ftie_present(0), auth_alg(0) SNR(26) max_neg_rate(144)
    Jun 1 12:14:06 stm[3809]: <501218> <3809> <NOTI> |stm| stm_sta_assign_vlan 19914: VLAN: sta b0:35:9f:d4:4e:e1, STM assigns MAC based vlan_id 164
    Jun 1 12:14:06 stm[3809]: <501100> <3809> <NOTI> |stm| Assoc success @ 12:14:06.556669: b0:35:9f:d4:4e:e1: AP 192.168.163.21-f0:5c:19:eb:5e:00-AP-Erik
    Jun 1 12:14:06 authmgr[3796]: <522295> <4857> <DBUG> |authmgr| Auth GSM : USER_STA event 0 for user b0:35:9f:d4:4e:e1
    Jun 1 12:14:06 stm[1229]: <501100> <NOTI> |AP AP-Erik@192.168.163.21 stm| Assoc success @ 12:14:06.554464: b0:35:9f:d4:4e:e1: AP 192.168.163.21-f0:5c:19:eb:5e:00-AP-Erik
    Jun 1 12:14:06 authmgr[3796]: <522035> <4857> <INFO> |authmgr| MAC=b0:35:9f:d4:4e:e1 Station UP: BSSID=f0:5c:19:eb:5e:00 ESSID=GI_WiFi VLAN=164 AP-name=AP-Erik
    Jun 1 12:14:06 authmgr[3796]: <522077> <4857> <DBUG> |authmgr| MAC=b0:35:9f:d4:4e:e1 ingress 0x1000c (tunnel 12), u_encr 64, m_encr 64, slotport 0x2100 , type: local, FW mode: 0, AP IP: 192.168.163.21 mdie 0 ft_complete 0
    Jun 1 12:14:06 ucm[4141]: <542000> <5136> <DBUG> |ucm| ucm_handle_sta_add_replay_channel_events: BSSID changed for staion mac b0:35:9f:d4:4e:e1:
    Jun 1 12:14:06 authmgr[3796]: <522264> <4857> <DBUG> |authmgr| "MAC:b0:35:9f:d4:4e:e1: Allocating UUID: 000b86bef7f8000000070740
    Jun 1 12:14:06 authmgr[3796]: <522258> <4857> <DBUG> |authmgr| "VDR - Add to history of user user b0:35:9f:d4:4e:e1 vlan 0 derivation_type Reset VLANs for Station up index 0.
    Jun 1 12:14:06 authmgr[3796]: <522255> <4857> <DBUG> |authmgr| "VDR - set vlan in user for b0:35:9f:d4:4e:e1 vlan 164 fwdmode 0 derivation_type Default VLAN.
    Jun 1 12:14:06 authmgr[3796]: <522258> <4857> <DBUG> |authmgr| "VDR - Add to history of user user b0:35:9f:d4:4e:e1 vlan 164 derivation_type Default VLAN index 1.
    Jun 1 12:14:06 authmgr[3796]: <522255> <4857> <DBUG> |authmgr| "VDR - set vlan in user for b0:35:9f:d4:4e:e1 vlan 164 fwdmode 0 derivation_type Current VLAN updated.
    Jun 1 12:14:06 authmgr[3796]: <522258> <4857> <DBUG> |authmgr| "VDR - Add to history of user user b0:35:9f:d4:4e:e1 vlan 164 derivation_type Current VLAN updated index 2.
    Jun 1 12:14:06 authmgr[3796]: <522158> <4857> <DBUG> |authmgr| Role Derivation for user N/A-b0:35:9f:d4:4e:e1- N/A Set AAA profile defaults.
    Jun 1 12:14:06 authmgr[3796]: <522142> <4857> <DBUG> |authmgr| Setting default role to authenticated for user b0:35:9f:d4:4e:e1".
    Jun 1 12:14:06 authmgr[3796]: <522127> <4857> <DBUG> |authmgr| {L2} Update role from logon to authenticated for IP=N/A, MAC=b0:35:9f:d4:4e:e1.
    Jun 1 12:14:06 authmgr[3796]: <522049> <4857> <INFO> |authmgr| MAC=b0:35:9f:d4:4e:e1,IP=N/A User role updated, existing Role=logon/none, new Role=authenticated/none, reason=Set AAA profile defaults
    Jun 1 12:14:06 authmgr[3796]: <522246> <4857> <DBUG> |authmgr| Idle timeout should be driven by STM for MAC b0:35:9f:d4:4e:e1.
    Jun 1 12:14:06 authmgr[3796]: <524141> <4857> <DBUG> |authmgr| clr_pmkcache_ft():1100: MAC:b0:35:9f:d4:4e:e1 BSS:f0:5c:19:eb:5e:00
    Jun 1 12:14:06 authmgr[3796]: <522254> <4857> <DBUG> |authmgr| VDR - mac b0:35:9f:d4:4e:e1 rolename authenticated fwdmode 0 derivation_type Initial Role Contained vp not present.
    Jun 1 12:14:06 authmgr[3796]: <522258> <4857> <DBUG> |authmgr| "VDR - Add to history of user user b0:35:9f:d4:4e:e1 vlan 0 derivation_type Reset Role Based VLANs index 3.
    Jun 1 12:14:06 authmgr[3796]: <522344> <4857> <DBUG> |authmgr| handle_sta_up_dn (3717): rtts user=b0:35:9f:d4:4e:e1 enabled=0 initial tput=49920
    Jun 1 12:14:06 authmgr[3796]: <524124> <4857> <DBUG> |authmgr| dot1x_supplicant_up(): MAC:b0:35:9f:d4:4e:e1, pmkid_present:False, pmkid:N/A
    Jun 1 12:14:06 authmgr[3796]: <522308> <4857> <DBUG> |authmgr| Device Type index derivation for b0:35:9f:d4:4e:e1 : dhcp (0,0,0) oui (0,0) ua (0,0,0) derived (0):
    Jun 1 12:14:06 authmgr[3796]: <522050> <4857> <INFO> |authmgr| MAC=b0:35:9f:d4:4e:e1,IP=N/A User data downloaded to datapath, new Role=authenticated/79, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=300
    Jun 1 12:14:06 authmgr[3796]: <522004> <4857> <DBUG> |authmgr| auth_gsm_publish_channels: mac b0:35:9f:d4:4e:e1 publish_list 3 user VALID macuser VALID ipuser NULL
    Jun 1 12:14:06 authmgr[3796]: <522301> <4857> <DBUG> |authmgr| Auth GSM : USER publish for uuid 000b86bef7f8000000070740 mac b0:35:9f:d4:4e:e1 name role authenticated devtype wired 0 authtype 0 subtype 0 encrypt-type 10 conn-port 8448 fwd-mode 0 roam 0 repkey -1
    Jun 1 12:14:06 authmgr[3796]: <522287> <4857> <DBUG> |authmgr| Auth GSM : MAC_USER publish for mac b0:35:9f:d4:4e:e1 bssid f0:5c:19:eb:5e:00 vlan 164 type 1 data-ready 0 HA-IP n.a
    Jun 1 12:14:06 authmgr[3796]: <522242> <4857> <DBUG> |authmgr| MAC=b0:35:9f:d4:4e:e1 Station Created Update MMS: BSSID=f0:5c:19:eb:5e:00 ESSID=GI_WiFi VLAN=164 AP-name=AP-Erik
    Jun 1 12:14:12 authmgr[3796]: <522275> <3796> <WARN> |authmgr| User Authentication failed. username=erik.boss userip=0.0.0.0 usermac=b0:35:9f:d4:4e:e1 authmethod=802.1x servername=KGGSRVMAN001 serverip=192.168.171.150 apname=AP-Erik bssid=f0:5c:19:eb:5e:00
    Jun 1 12:14:12 authmgr[3796]: <522175> <3796> <DBUG> |authmgr| skipping mac : b0:35:9f:d4:4e:e1, from AP : 192.168.163.21, with authtype : 802.1x.
    Jun 1 12:14:12 authmgr[3796]: <522258> <3796> <DBUG> |authmgr| "VDR - Add to history of user user b0:35:9f:d4:4e:e1 vlan 0 derivation_type Reset all Auth VLANs index 4.
    Jun 1 12:14:12 authmgr[3796]: <522255> <3796> <DBUG> |authmgr| "VDR - set vlan in user for b0:35:9f:d4:4e:e1 vlan 164 fwdmode 0 derivation_type Current VLAN updated.
    Jun 1 12:14:12 authmgr[3796]: <522258> <3796> <DBUG> |authmgr| "VDR - Add to history of user user b0:35:9f:d4:4e:e1 vlan 164 derivation_type Current VLAN updated index 5.
    Jun 1 12:14:12 authmgr[3796]: <522260> <3796> <DBUG> |authmgr| "VDR - Cur VLAN updated b0:35:9f:d4:4e:e1 mob 0 inform 1 remote 0 wired 0 defvlan 164 exportedvlan 0 curvlan 164.
    Jun 1 12:14:12 authmgr[3796]: <522030> <3796> <INFO> |authmgr| MAC=b0:35:9f:d4:4e:e1 Station deauthenticated: BSSID=f0:5c:19:eb:5e:00, ESSID=GI_WiFi
    Jun 1 12:14:12 authmgr[3796]: <522158> <3796> <DBUG> |authmgr| Role Derivation for user N/A-b0:35:9f:d4:4e:e1- N/A Station is L2 deauthenticated.
    Jun 1 12:14:12 authmgr[3796]: <522127> <3796> <DBUG> |authmgr| {L2} Update role from authenticated to authenticated for IP=N/A, MAC=b0:35:9f:d4:4e:e1.
    Jun 1 12:14:12 authmgr[3796]: <522049> <3796> <INFO> |authmgr| MAC=b0:35:9f:d4:4e:e1,IP=N/A User role updated, existing Role=authenticated/none, new Role=authenticated/none, reason=Station is L2 deauthenticated
    Jun 1 12:14:12 authmgr[3796]: <522050> <3796> <INFO> |authmgr| MAC=b0:35:9f:d4:4e:e1,IP=N/A User data downloaded to datapath, new Role=authenticated/79, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=300
    Jun 1 12:14:12 authmgr[3796]: <522004> <3796> <DBUG> |authmgr| auth_gsm_publish_channels: mac b0:35:9f:d4:4e:e1 publish_list 3 user VALID macuser VALID ipuser NULL
    Jun 1 12:14:12 authmgr[3796]: <522301> <3796> <DBUG> |authmgr| Auth GSM : USER publish for uuid 000b86bef7f8000000070740 mac b0:35:9f:d4:4e:e1 name role authenticated devtype wired 0 authtype 0 subtype 0 encrypt-type 10 conn-port 8448 fwd-mode 0 roam 0 repkey -1
    Jun 1 12:14:12 authmgr[3796]: <522287> <3796> <DBUG> |authmgr| Auth GSM : MAC_USER publish for mac b0:35:9f:d4:4e:e1 bssid f0:5c:19:eb:5e:00 vlan 164 type 1 data-ready 0 HA-IP n.a
    Jun 1 12:14:12 authmgr[3796]: <522142> <3796> <DBUG> |authmgr| Setting cached role to NULL for user b0:35:9f:d4:4e:e1".
    Jun 1 12:14:13 stm[1229]: <501105> <NOTI> |AP AP-Erik@192.168.163.21 stm| Deauth from sta: b0:35:9f:d4:4e:e1: AP 192.168.163.21-f0:5c:19:eb:5e:00-AP-Erik Reason Unspecified Failure
    Jun 1 12:14:13 authmgr[3796]: <522296> <4857> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user b0:35:9f:d4:4e:e1 age 0 deauth_reason 1
    Jun 1 12:14:13 authmgr[3796]: <522036> <4857> <INFO> |authmgr| MAC=b0:35:9f:d4:4e:e1 Station DN: BSSID=f0:5c:19:eb:5e:00 ESSID=GI_WiFi VLAN=164 AP-name=AP-Erik reason=1
    Jun 1 12:14:13 authmgr[3796]: <522234> <4857> <DBUG> |authmgr| Setting idle timer for user b0:35:9f:d4:4e:e1 to 300 seconds (idle timeout: 300 ageout: 0).
    Jun 1 12:14:13 stm[3809]: <501000> <3809> <DBUG> |stm| Station b0:35:9f:d4:4e:e1: Clearing state
    Jun 1 12:14:13 authmgr[3796]: <522152> <4857> <DBUG> |authmgr| station free: bssid=f0:5c:19:eb:5e:00, mac=b0:35:9f:d4:4e:e1.
    Jun 1 12:14:13 authmgr[3796]: <522244> <4857> <DBUG> |authmgr| MAC=b0:35:9f:d4:4e:e1 Station Deleted Update MMS
    Jun 1 12:14:13 authmgr[3796]: <522004> <4857> <DBUG> |authmgr| b0:35:9f:d4:4e:e1: station datapath entry deleted
    Jun 1 12:14:13 authmgr[3796]: <522004> <4857> <DBUG> |authmgr| mac_station_free: Sta->essid GI_WiFi mu_mac b0:35:9f:d4:4e:e1 macuser 0x0x23cf8e4
    Jun 1 12:14:13 authmgr[3796]: <522290> <4857> <DBUG> |authmgr| Auth GSM : MAC_USER delete for mac b0:35:9f:d4:4e:e1
    Jun 1 12:14:13 authmgr[3796]: <522303> <4857> <DBUG> |authmgr| Auth GSM : USER delete for mac b0:35:9f:d4:4e:e1 uuid 000b86bef7f8000000070740
    Jun 1 12:14:13 stm[1229]: <501000> <DBUG> |AP AP-Erik@192.168.163.21 stm| Station b0:35:9f:d4:4e:e1: Clearing state

     

    Could someone help me?

     

    Regards,

    Erik



  • 2.  RE: Windows 10 clients cannot authenticate, smartphone can!

    EMPLOYEE
    Posted Jun 01, 2018 09:11 AM

    Did the radius server certificate expire?



  • 3.  RE: Windows 10 clients cannot authenticate, smartphone can!

    Posted Jun 01, 2018 09:14 AM

    No certificate is valid till 2019.



  • 4.  RE: Windows 10 clients cannot authenticate, smartphone can!
    Best Answer

    Posted Jun 01, 2018 09:25 AM

    Problem solved by selecting the right certificate...