Wireless Access

last person joined: 22 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Windows 10 peap authentication failure secure of on

This thread has been viewed 3 times

  • 1.  Windows 10 peap authentication failure secure of on

    Posted Aug 24, 2016 12:00 PM
    Windows 10 is failing to authenticate too wireless only when secureboot is enabled.
    With secureboot off I'm able to connect so I believe it's related to certificate validation.
    WLAN logs in Windows 10 say peap authentication failure.
    Controller error is client did complete eap transaction.

    There is no cert on the controller but I have termination disabled. Clear pass cert is self signed.


  • 2.  RE: Windows 10 peap authentication failure secure of on

    EMPLOYEE
    Posted Aug 24, 2016 12:02 PM
    Do you have the ClearPass self-signed cert installed on the client?


  • 3.  RE: Windows 10 peap authentication failure secure of on

    Posted Aug 24, 2016 12:26 PM
    Which certificate store does it get stored into ?
    I have added it too enterprise and root certificate authority's.
    Still doesn't connect

    Thanks in advance


  • 4.  RE: Windows 10 peap authentication failure secure of on

    EMPLOYEE
    Posted Aug 24, 2016 12:27 PM
    What is the error on the alerts tab in ClearPass?



    The certificate should go in the personal store for Local Machine.


  • 5.  RE: Windows 10 peap authentication failure secure of on

    Posted Aug 24, 2016 12:32 PM
    Clearpass error is ,
    Time out
    Client did not complete eap transaction


  • 6.  RE: Windows 10 peap authentication failure secure of on

    Posted Aug 24, 2016 12:39 PM
    Added certificate too personal store, still wouldn't connect errors remain the same.


  • 7.  RE: Windows 10 peap authentication failure secure of on

    EMPLOYEE
    Posted Aug 24, 2016 12:40 PM
    Please open a TAC case.


  • 8.  RE: Windows 10 peap authentication failure secure of on

    Posted Aug 24, 2016 12:29 PM
    Also to add it works fine when secureboot is off on the Windows 10 hosts. Turn secureboot on and connecting to wireless stops working.


  • 9.  RE: Windows 10 peap authentication failure secure of on

    Posted Aug 24, 2016 07:18 PM

    Hi,

    were you able to run pcap on the controller for the client?  Is the Client and Clearpass using the sameTLS version during the Cert exchange?



  • 10.  RE: Windows 10 peap authentication failure secure of on

    Posted Aug 25, 2016 01:05 PM

    I was able too install the wireshark provided by aruba. But I was unable too see any information for the MAC address of the host having issues. 

    I'm currently working with TAC support. 

     

    the debug logs show Request logs for session: R000096e9-01-57bf1ceb

    TLS_accept: before/accept initialization
    2016-08-25 12:29:31,504[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - rlm_eap_tls: <<< TLS 1.0 Handshake length 0087], ClientHello
    2016-08-25 12:29:31,504[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - TLS_accept: SSLv3 read client hello A
    2016-08-25 12:29:31,504[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - rlm_eap_tls: >>> TLS 1.0 Handshake length 0054], ServerHello
    2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - TLS_accept: SSLv3 write server hello A
    2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec length 0001]
    2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - TLS_accept: SSLv3 write change cipher spec A
    2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - rlm_eap_tls: >>> TLS 1.0 Handshake length 0010], Finished
    2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - TLS_accept: SSLv3 write finished A
    2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - TLS_accept: SSLv3 flush data
    2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] INFO RadiusServer.Radius - TLS_accept:error in SSLv3 read finished A
    2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - In SSL Handshake Phase
    2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - In SSL Accept mode
    2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - eaptls_process returned 13
    2016-08-25 12:29:31,505[Th 23 Req 190677 SessId R000096e9-01-57bf1ceb] DEBUG RadiusServer.Radius - rlm_eap_peap: EAPTLS_HANDLED


  • 11.  RE: Windows 10 peap authentication failure secure of on

    Posted Aug 25, 2016 01:06 PM

    There is no issue connecting if I turn secureboot off. The only thing I can think of is secureboot is checking cert in someway and blocking or there is an OS/secureboot issue.



  • 12.  RE: Windows 10 peap authentication failure secure of on
    Best Answer

    Posted Aug 31, 2016 01:34 PM
    It was the host. Windows 10 enterprise.. Has a feature called credential guard. This does not allow mschapV2. I had to disable credential guard and device guard on the host to do the host authentication we are doing. Im going to have to change the way authenticate to the wifi so credential guard can be enabled.